gavz’s gists

gavz / vb-ref.md

Created March 7, 2018 19:18 — forked from williballenthin/vb-ref.md

references:

gavz / escalate.py

Created March 17, 2018 13:34 — forked from flabbergastedbd/escalate.py

Troopers18 Packetwars Part 2 - Exploiatation

	# On a linux box, inside the home of a privileged user were some files.
	#
	# - run_exploit_server (had setuid bit set, executable by all and was compiled with PIC flag).
	# - run_exploit_server.c
	# - shellcode.bin with permissions (644).
	#
	# The task was to escalate privileges somehow using these three things
	#
	# * The server reads from a relative file i.e ./shellcode.bin and echos it to
	# the clients connecting to it.

gavz / ADC2.ps1

Created March 17, 2018 20:26 — forked from HarmJ0y/ADC2.ps1

Command and Control channel through Active Directory Object Properties

	#Requires -Version 2

	function New-ADPayload {
	<#
	.SYNOPSIS

	Stores PowerShell logic in the mSMQSignCertificates of the specified -TriggerAccount and generates
	a one-line launcher.

	Author: @harmj0y

gavz / script.py

Created April 16, 2018 21:33 — forked from Geluchat/script.py

gavz / lookupadmins.py

Created May 2, 2018 00:35 — forked from ropnop/lookupadmins.py

Python script using Impacket to enumerate local administrators over SAMR

	#!/usr/bin/env python
	#
	# Title: lookupadmins.py
	# Author: @ropnop
	# Description: Python script using Impacket to query members of the builtin Administrators group through SAMR
	# Similar in function to Get-NetLocalGroup from Powerview
	# Won't work against Windows 10 Anniversary Edition unless you already have local admin
	# See: http://www.securityweek.com/microsoft-experts-launch-anti-recon-tool-windows-10-server-2016
	#
	# Heavily based on original Impacket example scripts written by @agsolino and available here: https://github.com/CoreSecurity/impacket

gavz / 0README.md

Created May 2, 2018 21:33 — forked from shamrin/0README.md

Install OsmoNITB with SMPP

Quick Osmocom OpenBSC installation

Ubuntu Trusty (previous LTS and in between versions should work too)
sudo apt-get install gcc make git autoconf libtool pkg-config build-essential automake libortp-dev python libsqlite3-dev

gavz / converter.sh

Created May 28, 2018 00:13 — forked from xdavidhu/converter.sh

Converter.sh, a bash script to convert domain lists to resolved IP lists without duplicates

	# Converter.sh by @xdavidhu
	# This is a script inspired by the Bug Hunter's Methodology 3 by @Jhaddix
	# With this script, you can convert domain lists to resolved IP lists without duplicates.
	# Usage: ./converter.sh [domain-list-file] [output-file]

	echo -e "[+] Converter.sh by @xdavidhu\n"
	if [ -z "$1" ] \|\| [ -z "$2" ]; then
	echo "[!] Usage: ./converter.sh [domain-list-file] [output-file]"
	exit 1
	fi

gavz / find_nt_imagebase_x64.py

Created June 7, 2018 03:57 — forked from nmulasmajic/find_nt_imagebase_x64.py

Discovers the base address of ntoskrnl when IDA's GDB stub is loaded by leveraging the IDT.

	'''
	Module Name:
	find_nt_imagebase_x64.py

	Abstract:
	Discovers the base address of ntoskrnl when IDA's GDB stub is
	loaded by leveraging the IDT.

	NOTE: This is only compatible for 64-bit editions of Windows.

gavz / gist:3a444ca9ddc2a38537089bf1f0eabc70

Created June 7, 2018 04:07 — forked from hfiref0x/gist:59c689a14f1fc2302d858ae0aa3f6b86

CIA Stinger UAC bypass (likely)

	DWORD Error, bytesIO;
	NTSTATUS Status;
	HANDLE hProcessToken = NULL, hNewToken = NULL, hTest;
	BOOL bCond = FALSE;
	SHELLEXECUTEINFO shinfo;
	SID_IDENTIFIER_AUTHORITY MLAuthority = SECURITY_MANDATORY_LABEL_AUTHORITY;
	TOKEN_MANDATORY_LABEL tml, *ptml;
	PSID pIntegritySid = NULL;
	STARTUPINFO si;
	PROCESS_INFORMATION pi;

gavz / scapy_bridge.py

Created June 8, 2018 15:04 — forked from eXenon/scapy_bridge.py

Use scapy as a modifying proxy

	#!/usr/bin/python2

	"""
	Use scapy to modify packets going through your machine.
	Based on nfqueue to block packets in the kernel and pass them to scapy for validation
	"""

	import nfqueue
	from scapy.all import *
	import os