Skip to content

Instantly share code, notes, and snippets.

View Sw1tchWolf's full-sized avatar

Sw1tchWolf

17 followers · 20 following
View GitHub Profile
@hkamran80
hkamran80 / SmartTV2.txt
Last active April 19, 2025 21:53
Pi-hole Blocklist for Smart TVs
# THIS FILE IS NO LONGER BEING MAINTAINED. FOR A MAINTAINED VERSION, PLEASE USE THE VERSION IN THE NEW REPOSITORY.
# Repository: https://github.com/hkamran80/blocklists
# New link for this file: https://raw.githubusercontent.com/hkamran80/blocklists/main/smart-tv
# ------
# This is a blocklist to block Smart TVs sending data home.
# Please help to collect domains!
# It could be that the TV does not receive any more updates or other services no longer work. Please report such an incident.
@mccabe615
mccabe615 / phpdangerousfuncs.md
Last active April 24, 2025 06:09
Dangerous PHP Functions

Command Execution

exec           - Returns last line of commands output
passthru       - Passes commands output directly to the browser
system         - Passes commands output directly to the browser and returns last line
shell_exec     - Returns commands output
\`\` (backticks) - Same as shell_exec()
popen          - Opens read or write pipe to process of a command
proc_open      - Similar to popen() but greater degree of control
pcntl_exec - Executes a program
@seajaysec
seajaysec / customqueries.json
Last active February 12, 2025 16:58
bloodhound custom queries
{
"queries": [{
"name": "List all owned users",
"queryList": [{
"final": true,
"query": "MATCH (m:User) WHERE m.owned=TRUE RETURN m"
}]
},
{
"name": "List all owned computers",
@TarlogicSecurity
TarlogicSecurity / kerberos_attacks_cheatsheet.md
Created May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@gladiatx0r
gladiatx0r / Workstation-Takeover.md
Last active March 17, 2025 03:05
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure

Overview

In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;

  • Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
  • Relaying that machine authentication to LDAPS for configuring RBCD
  • RBCD takeover

The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.