This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| b1345e1ab70983888c72a3ffb7143fd7cdee9c03502247c3ab50d5e9245f90b8 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 666d81257cca145b1853660f38d05347364b2e31b072deb59180746ca3f5f099 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 77ac40da30d6940147b34b9454949b3fdbc9e780cdfd8ea62ad78ff972592cad |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 5e19673782c2e334d8cc4b36299b0a054d2bec5827b8efe6da8917fbb40b7e1e |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| dc7e3c839ad9ce5194a2d6977c12cbd590a59e68788d20f17566ac860ec163dd |
Dliv3
/ 2024_03_10_gist.txt
Created
March 10, 2024 15:07
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bdacb3823320a5c7a630f513dfa981a7f5abacf6bdffc990a90615d37da0101c |
Dliv3
/ Source.cpp
Created
December 7, 2023 10:35
— forked from mgeeky/Source.cpp
Thread Execution via NtCreateWorkerFactory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <winternl.h> | |
| #include <stdio.h> | |
| #define WORKER_FACTORY_FULL_ACCESS 0xf00ff | |
| // https://github.com/winsiderss/systeminformer/blob/17fb2e0048f062a04394c4ccd615b611e6ffd45d/phnt/include/ntexapi.h#LL1096C1-L1115C52 | |
| typedef enum _WORKERFACTORYINFOCLASS | |
| { | |
| WorkerFactoryTimeout, // LARGE_INTEGER |
Dliv3
/ decryptKerbTicket.py
Created
July 30, 2023 05:47
— forked from tothi/decryptKerbTicket.py
Decrypt kerberos tickets and parse out authorization data
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # NOTE: this script was created for educational purposes to assist learning about kerberos tickets. | |
| # Likely to have a few bugs that cause it to fail to decrypt some TGT or Service tickets. | |
| # | |
| # Recommended Instructions: | |
| # Obtain valid kerberos tickets using Rubeus or mimikatz "sekurlsa::tickets /export" | |
| # Optionally convert tickets to ccache format using kekeo "misc::convert ccache <ticketName.kirbi>" | |
| # Obtain appropriate aes256 key using dcsync (krbtgt for TGT or usually target computer account for Service Ticket) | |
| # Run this script to decrypt: | |
| # ./decryptKerbTicket.py -k 5c7ee0b8f0ffeedbeefdeadbeeff1eefc7d313620feedbeefdeadbeefafd601e -t ./[email protected][email protected] |
Dliv3
/ unwxapkg.py
Created
April 13, 2023 10:44
— forked from Integ/unwxapkg.py
A useful tool for unpack wxapkg file with python3 surport.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # coding: utf-8 | |
| # py2 origin author lrdcq | |
| # usage python3 unwxapkg.py filename | |
| __author__ = 'Integ: https://github.com./integ' | |
| import sys, os | |
| import struct | |
| class WxapkgFile(object): |
Dliv3
/ esc1.ps1
Created
February 23, 2023 04:47
— forked from b4cktr4ck2/esc1.ps1
PowerShell script to exploit ESC1/retrieve your own NTLM password hash.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Thank you @NotMedic for troubleshooting/validating stuff! | |
| $password = Read-Host -Prompt "Enter Password" | |
| #^^ Feel free to hardcode this for running in a beacon/not retyping it all the time! | |
| $server = "admin" #This will just decide the name of the cert request files that are created. I didn't want to change the var name so it's server for now. | |
| $CERTPATH = "C:\Users\lowpriv\Desktop\" #Where do you want the cert requests to be stored? | |
| $CAFQDN = "dc01.alexlab.local" #hostname of underlying CA box. | |
| $CASERVER = "alexlab-dc01-ca" #CA name. | |
| $CA = $CAFQDN + "\" + $CASERVER |
NewerOlder