Dave Hardy davehardy20

Download Cradles

0) Extra goodies

Obfuscated FromBase64String with -bxor nice for dynamic strings deobfuscation:

$t=([type]('{1}{0}'-f'vert','Con'));($t::(($t.GetMethods()|?{$_.Name-clike'F*g'}).Name).Invoke('Yk9CA05CA0hMV0I=')|%{$_-bxor35}|%{[char]$_})-join''

The same as above but for UTF-16 base64 encoded strings:

install log

cd prl_fs/SharedFolders/Guest/Linux/prl_fs && make CC=cc
make[1]: Entering directory '/usr/lib/parallels-tools/kmods/prl_fs/SharedFolders/Guest/Linux/prl_fs'
make -C /lib/modules/5.0.0-25-generic/build M=/usr/lib/parallels-tools/kmods/prl_fs/SharedFolders/Guest/Linux/prl_fs CC=cc
make[2]: Entering directory '/usr/src/linux-headers-5.0.0-25-generic'
  CC [M]  /usr/lib/parallels-tools/kmods/prl_fs/SharedFolders/Guest/Linux/prl_fs/super.o
/usr/lib/parallels-tools/kmods/prl_fs/SharedFolders/Guest/Linux/prl_fs/super.c: In function 'prlfs_remount':
/usr/lib/parallels-tools/kmods/prl_fs/SharedFolders/Guest/Linux/prl_fs/super.c:119:21: error: 'MS_RDONLY' undeclared (first use in this function); did you mean 'IS_RDONLY'?
  if ( (!((*flags) & MS_RDONLY) && PRLFS_SB(sb)->readonly) ||

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

Tcpdump

Tcpdump is a commandline tool that is used to dump traffic on a network. This tool comes in hand when you want to analyse network captures within the command line. Basically it can do most of the wireshark job.

NOTE This guide might not be complete it just serve as a reference to me.

Additional Note & Reference

58 bytes of CSS to look great nearly everywhere

When making this website, i wanted a simple, reasonable way to make it look good on most displays. Not counting any minimization techniques, the following 58 bytes worked well for me:

main {
  max-width: 38rem;
  padding: 2rem;
  margin: auto;
}

	server:
	###########################################################################
	# LOGGING
	###########################################################################
	# Do not print log lines to inform about local zone actions
	log-local-actions: no
	# Do not print one line per query to the log
	log-queries: no
	# Do not print one line per reply to the log
	log-replies: no

	' Need to add project references to C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscoree.tlb and mscorlib.tlb

	Private Declare PtrSafe Function DispCallFunc Lib "oleaut32.dll" (ByVal pv As LongPtr, ByVal ov As LongPtr, ByVal cc As Integer, ByVal vr As Integer, ByVal ca As Long, ByRef pr As Integer, ByRef pg As LongPtr, ByRef par As Variant) As Long
	Private Declare PtrSafe Sub RtlMoveMemory Lib "kernel32" (Dst As Any, Src As Any, ByVal BLen As LongPtr)
	Private Declare PtrSafe Function VarPtrArray Lib "VBE7" Alias "VarPtr" (ByRef Var() As Any) As LongPtr

	#If Win64 Then
	Const LS As LongPtr = 8&
	#Else
	Const LS As LongPtr = 4&

	# -- mode: ruby --
	# vi: set ft=ruby :

	# After loading this
	# Install a pod network
	# $ kubectl apply -f https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version \| base64 \| tr -d '\n')

	# Allow pods to run on the master node
	# $ kubectl taint nodes --all node-role.kubernetes.io/master-

	{
	"queries": [{
	"name": "List all owned users",
	"queryList": [{
	"final": true,
	"query": "MATCH (m:User) WHERE m.owned=TRUE RETURN m"
	}]
	},
	{
	"name": "List all owned computers",