Skip to content

Instantly share code, notes, and snippets.

View MohitDabas's full-sized avatar
🎯
Focusing

Mohit Dabas MohitDabas

🎯
Focusing
  • Ground 0
View GitHub Profile
@MohitDabas
MohitDabas / lsass_dump.py
Created October 1, 2024 20:34
Windows Defender Bypass Dump LSASS Memory with Python
import win32api
import win32con
import win32process
import win32security
import win32file # For CreateFile
import ctypes
from ctypes import wintypes
import os
import psutil
@MohitDabas
MohitDabas / async_url_secretfinder.py
Created November 12, 2023 12:22
"🚀 Exploring URLs for Sensitive Data -Python Asyncio Scanner🕵️‍♂️"
import aiohttp
import asyncio
import re
_regex = {
'google_api': r'AIza[0-9A-Za-z-_]{35}',
'firebase': r'AAAA[A-Za-z0-9_-]{7}:[A-Za-z0-9_-]{140}',
'google_captcha': r'6L[0-9A-Za-z-_]{38}|^6[0-9a-zA-Z_-]{39}$',
'google_oauth': r'ya29\.[0-9A-Za-z\-_]+',
'amazon_aws_access_key_id': r'A[SK]IA[0-9A-Z]{16}',
@MohitDabas
MohitDabas / MacOS EDR RTR Persistence and Permission.md
Created November 10, 2023 11:27
You can use these one liner in any supported EDR Realtime response script runner.

MacOS EDR RTR Persistence and Permission

You can use these one liner in any supported EDR Realtime response script runner.

Persistence on Mac

python3 -c "import os; paths = ['/Library/LaunchAgents','/Library/LaunchDaemons','/System/Library/LaunchDaemons', os.path.expanduser('/users/<username>/Library/LaunchAgents'),os.path.expanduser('/Users/<username>/Library/Preferences'),'/Library/Preferences']; [print(f'File: {filename}\n{repr(open(os.path.join(path, filename), \"rb\").read())}') for path in paths if os.path.exists(path) for filename in os.listdir(path)]; print(f'Directory not found: {[path for path in paths if not os.path.exists(path)]}') if any(not os.path.exists(path) for path in paths) else None"
@MohitDabas
MohitDabas / windows-apis-via-powershell.md
Last active September 17, 2023 11:09
Calling Windows APIs via Powershell with Example code

Call WinAPI functions in PowerShell using delegate functions with Add-Type and Reflection types

Simplest Method

$code = @"
using System;
using System.Runtime.InteropServices;

public class User32Interop {
@MohitDabas
MohitDabas / Clipboard Saver.py
Last active April 29, 2023 05:46
Python based mac clipboard saver using Kivy Gui (Macos only).
#please install kivy by using command !pip install kivy
import subprocess
from kivy.app import App
from kivy.uix.boxlayout import BoxLayout
from kivy.uix.textinput import TextInput
from kivy.core.clipboard import Clipboard
from kivy.clock import Clock
@MohitDabas
MohitDabas / naso.html
Created November 23, 2022 17:09
HTML 5 Based Command Console with multiple autocomplete
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>HTML 5 Based Command Console with multiple autocomplete </title>
<link rel="stylesheet" href="https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css">
<style>
flex:1;
@MohitDabas
MohitDabas / inputparser.py
Created June 8, 2021 11:37
The following small code of python grabs all the inputs from the html page or templates in a project and gives you a clear picture to attack and fuzz.
from os import listdir
from os.path import isfile, join
import re
from os import walk
from bs4 import BeautifulSoup
def fileGetter():
fileNames = []
mypath='<folder_name>'
@MohitDabas
MohitDabas / collectfuncNstring.py
Created June 6, 2021 12:33
A python ghidra script that will parse the functions and the referenced strings by those function
from ghidra.program.util import DefinedDataIterator
from ghidra.app.util import XReferenceUtil
def getAddress(offset):
return currentProgram.getAddressFactory().getDefaultAddressSpace().getAddress(offset)
string_and_funcdata=[]
functionManager = currentProgram.getFunctionManager()
@MohitDabas
MohitDabas / autorunpermissionfinder.py
Last active March 6, 2021 12:37
The Following code snippets find permission on paths found in autoruns sysinternal utils
import re
import os
autoRunFileData=open('autorun.txt',encoding='utf-16').readlines()
count=1
for line in autoRunFileData:
matches=re.findall(r'[a-zA-Z]:\\[\\\S|*\S]?.*$',line)
try:
path=matches[0].split('"\t')[0]
print(path)
os.system('accesschk64.exe -wvu "'+path+'"')
@MohitDabas
MohitDabas / Jar Debugging
Created June 30, 2020 06:36
The following gist contain information regarding setting up environment for remote code debugging on docker.
#mvn run on a particular port
mvn jetty:run -D jetty.port=9229
#mvn debug
export MAVEN_OPTS="-Xdebug -Xnoagent -Xrunjdwp:transport=dt_socket,address=0.0.0.0:9090,server=y,suspend=n"
#visual studio debug config
{
"version": "0.2.0",