Skip to content

Instantly share code, notes, and snippets.

View icheernoom's full-sized avatar
😆
Focusing

ICheer_No0M icheernoom

😆
Focusing
29 followers · 33 following
View GitHub Profile
@ThePirateWhoSmellsOfSunflowers
ThePirateWhoSmellsOfSunflowers / atexec_rpc.py
Last active April 24, 2025 15:30
#!/usr/bin/env python
# Impacket - Collection of Python classes for working with network protocols.
#
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
@nullenc0de
nullenc0de / task_explorer
Created November 8, 2024 17:18
netexec smb TARGET -u ADMIN -p PASS -M task_explorer -o EXPORT_XML=True OUTPUT_DIR=./tasks SCAN_CREDS=True
from datetime import datetime
import xml.etree.ElementTree as ET
from typing import List, Dict, Optional
import os
import re
from impacket.dcerpc.v5.dcom.wmi import WBEMSTATUS
from nxc.helpers.logger import highlight
class TaskVulnerability:
def __init__(self, name: str, path: str, command: str, author: str,
@nullenc0de
nullenc0de / sensitive_search
Created November 8, 2024 17:16
netexec smb TARGET -u USER -p PASS -M sensitive_search -o MAX_DEPTH=5 EXTENSIONS=.txt,.log,.config OUTPUT_FILE=findings.json
@mpgn
mpgn / jab-vs-netexec.md
Last active July 8, 2024 17:49
@zhsh9
zhsh9 / configure_krb5.py
Created February 22, 2024 22:22 — forked from opabravo/configure_krb5.py
This script can easily configure /etc/krb5.conf for evil-winrm, by providing a domain fqdn and domain controller name
"""
This script can easily configure /etc/krb5.conf for evil-winrm, by providing a domain fqdn and domain controller name
So that evil-winrm can be used with kerberos authentication
Evil-winrm Example:
```bash
export KRB5CCNAME=Administrator.ccache
evil-winrm -i forest.htb.local -r htb.local
```
@testanull
testanull / SharePwn_public.py
Created December 15, 2023 07:31
SharePoint Pre-Auth Code Injection RCE chain CVE-2023-29357 & CVE-2023-24955 PoC
# -*- coding: utf-8 -*-
import hashlib
import base64
import requests, string, struct, uuid, random, re
import sys
from collections import OrderedDict
from sys import version
from urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
# too lazy to deal with string <-> bytes confusion in python3 so forget it ¯\_(ツ)_/¯
@jsecurity101
jsecurity101 / LDAPQueries.md
Created October 25, 2023 15:05
List of known LDAP queries used by attackers

List was compiled by Jonathan Johnson (@jsecurity101) and Carlos Perez (@Carlos_Perez)

Queries are not complete and are meant to be a reference. If you are using them for hunting use a contains within the query language.

  • Kerberoasting
    • (&(samAccountType=805306368)(servicePrincipalName=*)(!samAccountName=krbtgt)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))
    • (&(samAccountType=805306368)(servicePrincipalName=*)(!samAccountName=krbtgt)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(!msds-supportedencryptiontypes:1.2.840.113556.1.4.804:=24))
    • (&(samAccountType=805306368)(servicePrincipalName=*)(!samAccountName=krbtgt)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(msds-supportedencryptiontypes:1.2.840.113556.1.4.804:=24))
  • Attributes with passwords
  • (userpassword=*)
@aconite33
aconite33 / bloodhoundce_import.py
Created August 15, 2023 23:04
Import large files into BloodHound CE Edition
import requests
import json
import time
import argparse
import getpass
import os
import sys
def main():
@antonioCoco
antonioCoco / TcbElevation.cpp
Last active March 26, 2025 07:53
// TcbElevation - Authors: @splinter_code and @decoder_it
#define SECURITY_WIN32
#include <windows.h>
#include <sspi.h>
#include <stdio.h>
#pragma comment(lib, "Secur32.lib")
void EnableTcbPrivilege(BOOL enforceCheck);
@vinhjaxt
vinhjaxt / Windows server officials ISO file.md
Created May 14, 2022 19:15
Windows server officials ISO file