Note: I did not author this, i found it somehwere.
- Tools
- Most common paths to AD compromise
- [GPO - Pivoting with Local Admin
MrRunt1me affilares
affilares
/ azuread_decrypt_msol_v2.ps1
Created
June 10, 2023 16:01
— forked from xpn/azuread_decrypt_msol_v2.ps1
Updated method of dumping the MSOL service account (which allows a DCSync) used by Azure AD Connect Sync
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Write-Host "AD Connect Sync Credential Extract v2 (@_xpn_)" | |
| Write-Host "`t[ Updated to support new cryptokey storage method ]`n" | |
| $client = new-object System.Data.SqlClient.SqlConnection -ArgumentList "Data Source=(localdb)\.\ADSync;Initial Catalog=ADSync" | |
| try { | |
| $client.Open() | |
| } catch { | |
| Write-Host "[!] Could not connect to localdb..." | |
| return |
affilares
/ Active Directory Attacks.md
Created
March 3, 2023 09:12
— forked from cyberheartmi9/Active Directory Attacks.md
Active Directory Attacks #oscp
affilares
/ Red-Team-notes
Created
March 3, 2023 09:07
— forked from cyberheartmi9/Red-Team-notes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Enumeration | |
| # Credential Injection | |
| runas.exe /netonly /user:<domain>\<username> cmd.exe | |
| # enumeration users | |
| users | |
| net user /domain |
affilares
/ 🔥Complete Bug Bounty Cheat Sheet🔥
Created
March 3, 2023 05:33
— forked from cyberheartmi9/🔥Complete Bug Bounty Cheat Sheet🔥
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 🔥Complete Bug Bounty Cheat Sheet🔥 | |
| XSS | |
| https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xss.md | |
| https://github.com/ismailtasdelen/xss-payload-list | |
| SQLi | |
| https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/sqli.md |
affilares
/ consoleColors.js
Created
February 5, 2023 08:05
— forked from abritinthebay/consoleColors.js
The various escape codes you can use to color output to StdOut from Node JS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Colors reference | |
| // You can use the following as so: | |
| // console.log(colorCode, data); | |
| // console.log(`${colorCode}some colorful text string${resetCode} rest of string in normal color`); | |
| // | |
| // ... and so on. | |
| export const reset = "\x1b[0m" | |
| export const bright = "\x1b[1m" | |
| export const dim = "\x1b[2m" |
affilares
/ pwntools-cheatsheet.md
Created
January 11, 2023 07:30
— forked from anvbis/pwntools-cheatsheet.md
pwntools-cheatsheet.md
affilares
/ mixunpin.js
Created
December 14, 2022 16:25
— forked from incogbyte/mixunpin.js
Frida script to bypass common methods of sslpining Android
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| console.log("[*] SSL Pinning Bypasses"); | |
| console.log(`[*] Your frida version: ${Frida.version}`); | |
| console.log(`[*] Your script runtime: ${Script.runtime}`); | |
| /** | |
| * by incogbyte | |
| * Common functions | |
| * thx apkunpacker, NVISOsecurity, TheDauntless | |
| * Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that. | |
| * !!! THIS SCRIPT IS NOT A SILVER BULLET !! |
affilares
/ server.py
Created
September 18, 2022 17:46
— forked from mdonkers/server.py
Simple Python 3 HTTP server for logging all GET and POST requests
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Very simple HTTP server in python for logging requests | |
| Usage:: | |
| ./server.py [<port>] | |
| """ | |
| from http.server import BaseHTTPRequestHandler, HTTPServer | |
| import logging | |
| class S(BaseHTTPRequestHandler): |
affilares
/ Exploitation.md
Created
July 24, 2022 16:06
— forked from yezz123/Exploitation.md
Pentesting-Exploitation
Pentesting-Exploitation Programs and Commands , Protocols Network / Ports
affilares
/ Bug Bounty payloads.md
Last active
July 30, 2022 07:00
— forked from OTaKuHP/Bug Bounty payloads.md
checklist n payloads
PayloadsAllTheThings - https://lnkd.in/gjTPbtz
cujanovic - https://lnkd.in/gSTJQN4
Payload Box (cmdi , sqli , xss , lfi , rfi etc) - https://lnkd.in/g6B28dU
SecLists - https://lnkd.in/g6ucAZQ