brandonb927
/ osx-for-hackers.sh
Last active
May 9, 2025 18:09
OSX for Hackers: Yosemite/El Capitan Edition. This script tries not to be *too* opinionated and any major changes to your system require a prompt. You've been warned.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| ### | |
| # SOME COMMANDS WILL NOT WORK ON macOS (Sierra or newer) | |
| # For Sierra or newer, see https://github.com/mathiasbynens/dotfiles/blob/master/.macos | |
| ### | |
| # Alot of these configs have been taken from the various places | |
| # on the web, most from here | |
| # https://github.com/mathiasbynens/dotfiles/blob/5b3c8418ed42d93af2e647dc9d122f25cc034871/.osx |
mpdavis
/ heartbleed-altered.py
Created
April 8, 2014 18:58
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Connects to servers vulnerable to CVE-2014-0160 and looks for cookies, specifically user sessions. | |
| # Michael Davis ([email protected]) | |
| # Based almost entirely on the quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email protected]) | |
| # The author disclaims copyright to this source code. | |
| import select |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // What system are we connected to? | |
| systeminfo | findstr /B /C:"OS Name" /C:"OS Version" | |
| // Get the hostname and username (if available) | |
| hostname | |
| echo %username% | |
| // Get users | |
| net users | |
| net user [username] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Security log | |
| #============ | |
| #### | |
| #4624 - Logon & Logoff events successful | |
| #4625 - Logon unsucceful | |
| #### | |
| # Get usernames | |
| Get-WinEvent -path .\Security.evtx | Where {$_.id -eq "4624"} | Foreach {([xml]$_.ToXml()).GetElementsByTagName("Data").ItemOf(5)}| Select -ExpandProperty "#text" -Unique | |
| # Get domains |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Logparser | |
| ############### | |
| # Security Log | |
| ############### | |
| # Find Event id | |
| & 'C:\Program Files (x86)\Log Parser 2.2\LogParser.exe' -stats:OFF -i:EVT "SELECT * FROM 'Security.evtx' WHERE EventID = '5038'" |
- How to Build a Successful Information Security Career (Daniel Miessler)
- The First Steps to a Career in Information Security (Errata Security - Marisa Fagan)
- Hiring your first Security Professional (Peerlyst - Dawid Balut)
- How to Start a Career in Cyber security
- How to Get Into Information Security (ISC^2)
- https://www.isc2.org/how-to-get-into-information-security.aspx
ivanstan
/ file_get_contents without ssl
Created
March 9, 2017 09:54
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $context=array( | |
| "ssl"=>array( | |
| "allow_self_signed"=>true, | |
| "verify_peer"=>false, | |
| ), | |
| ); | |
| file_get_contents("https://example.com/", false, stream_context_create($context)); |
ropnop
/ kinit_brute.sh
Last active
June 6, 2021 18:23
A quick tool to bruteforce an AD user's password by requesting TGTs from the Domain Controller with 'kinit'
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Title: kinit_brute.sh | |
| # Author: @ropnop | |
| # Description: This is a PoC for bruteforcing passwords using 'kinit' to try to check out a TGT from a Domain Controller | |
| # The script configures the realm and KDC for you based on the domain provided and the domain controller | |
| # Since this configuration is only temporary though, if you want to actually *use* the TGT you should actually edit /etc/krb5.conf | |
| # Only tested with Heimdal kerberos (error messages might be different for MIT clients) | |
| # Note: this *will* lock out accounts if a domain lockout policy is set. Be careful |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo "Cloning $1" | |
| wget $1 -O index.html &> /dev/null | |
| TAG="<base href=\"$1\"/></head>" | |
| sed '/<\/head>/i\'"$TAG" index.html | tee index.html &> /dev/null | |
| echo "index.html was saved and modified" |
OlderNewer