Skip to content

Instantly share code, notes, and snippets.

View clod81's full-sized avatar
🔐

clod clod81

🔐
65 followers · 226 following
  • Tier Zero Security
View GitHub Profile
@clod81
clod81 / krbrelay_privesc_howto.md
Created April 27, 2022 20:39 — forked from tothi/krbrelay_privesc_howto.md
Privilege Escalation using KrbRelay and RBCD

KrbRelay with RBCD Privilege Escalation HOWTO

Short HOWTO about one use case of the work from Cube0x0 (KrbRelay) and others.

TL;DR

No-Fix Local Privilege Escalation from low-priviliged domain user to local system on domain-joined computers.

Prerequisites:

  • LDAP signing not required on Domain Controller (default!)
@clod81
clod81 / gist:ffe1240f106cf061a1bd2248938b0d1e
Created November 4, 2021 19:22
Install and run Nessus 10 on a Raspberry PI witi Kali x64
sudo dpkg --add-architecture armhf
sudo apt update
sudo apt-get install libc6:armhf libncurses5:armhf libstdc++6:armhf
sudo dpkg -i --force-architecture Nessus-10.x-raspberrypios_armhf.deb
@clod81
clod81 / PKI_Abuse_cheatsheet.md
Created September 20, 2021 02:41 — forked from Flangvik/PKI_Abuse_cheatsheet.md
PKI Abuse CheatSheet
@clod81
clod81 / azuread_decrypt_msol_v2.ps1
Last active September 1, 2021 03:51 — forked from xpn/azuread_decrypt_msol_v2.ps1
Updated method of dumping the MSOL service account (which allows a DCSync) used by Azure AD Connect Sync
Write-Host "AD Connect Sync Credential Extract v2 (@_xpn_)"
Write-Host "`t[ Updated to support new cryptokey storage method ]`n"
$client = new-object System.Data.SqlClient.SqlConnection -ArgumentList "Data Source=(localdb)\.\ADSync2019;Initial Catalog=ADSync"
try {
$client.Open()
} catch {
Write-Host "[!] Could not connect to localdb..."
return
@clod81
clod81 / PowerView-3.0-tricks.ps1
Created September 8, 2020 00:49 — forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@clod81
clod81 / mruby.c
Created November 3, 2017 00:50
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <mruby.h>
#include <mruby/array.h>
#include <mruby/compile.h>
#include <mruby/dump.h>
#include <mruby/variable.h>
int main(int argc, char *argv[])
@clod81
clod81 / ruby.c
Created October 23, 2017 22:59
Ruby 2.4.2 AFL_INIT
/**********************************************************************
ruby.c -
$Author: usa $
created at: Tue Aug 10 12:47:31 JST 1993
Copyright (C) 1993-2007 Yukihiro Matsumoto
Copyright (C) 2000 Network Applied Communication Laboratory, Inc.
Copyright (C) 2000 Information-technology Promotion Agency, Japan
@clod81
clod81 / main.c
Created October 9, 2017 19:49
Ruby source main.c for AFL perf improvement
#undef RUBY_EXPORT
#include "ruby.h"
#include "vm_debug.h"
#ifdef HAVE_LOCALE_H
#include <locale.h>
#endif
#ifdef RUBY_DEBUG_ENV
#include <stdlib.h>
#endif