joshfinley
/ getdomainsid.sh
Created
May 21, 2025 14:56
Use ldapsearch to get the domain SID and convert to readable format
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Usage: ./get_domain_sid.sh <BASE_DN> [LDAP_HOST] [BIND_DN] [BIND_PW] | |
| # | |
| # Examples: | |
| # ./get_domain_sid.sh "DC=example,DC=com" ldap.example.com "cn=admin,dc=example,dc=com" "password" | |
| # ./get_domain_sid.sh "DC=example,DC=com" ldap.example.com | |
| # ./get_domain_sid.sh "DC=example,DC=com" | |
| BASEDN="$1" |
joshfinley
/ services_wordlist_microsoft.txt
Created
May 14, 2025 23:44
autogenerated list of possible microsoft related service accounts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| devops-sys | |
| scdpmsys | |
| sys-outlook | |
| kerberos_svc | |
| sys_teams | |
| scdpm_sys | |
| dfssys | |
| vssagentsys | |
| exedge-svc | |
| systeams |
joshfinley
/ services_wordlist_medium.txt
Created
May 14, 2025 23:39
big but less big wordlist of potential service names
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| terraform-checkpoint | |
| inventory-fsmo | |
| zscalerchart | |
| perforce_release | |
| fortinet_queue | |
| ci-adsync | |
| mailcow-chart | |
| platform-carbonblack | |
| opendns-staging | |
| wsus_repo |
joshfinley
/ services_wordlist_big.txt
Created
May 14, 2025 23:31
big list of possible service account names
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| vmhostbluegreen | |
| protonmailbridge-user | |
| tracking__opensishr | |
| mxtoolbox_datalake | |
| app_crowdstrike | |
| prophix-network | |
| ciscoasa_sso | |
| skoutaudit | |
| tp-link_partner | |
| pay__heimdalsecurity |
joshfinley
/ ldap-cheatsheet.md
Last active
May 15, 2025 00:17
joshfinley
/ Get-DomainPolicyPrivilegeRights.ps1
Created
May 13, 2025 22:37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Step 1: Locate the Default Domain Policy GPO and get the gPCFileSysPath | |
| $domainDN = ([ADSI]"LDAP://RootDSE").defaultNamingContext | |
| $ldapPath = "LDAP://CN=Policies,CN=System,$domainDN" | |
| $domain = [ADSI]$ldapPath | |
| $searcher = New-Object DirectoryServices.DirectorySearcher($domain) | |
| $searcher.Filter = "(&(objectClass=groupPolicyContainer)(displayName=Default Domain Policy))" | |
| $result = $searcher.FindOne() | |
| if (-not $result) { |
joshfinley
/ uacconv.py
Created
May 13, 2025 19:47
Convert AD UAC values to decimal or human readable forms
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| def set_user_account_control_value_table(): | |
| return { | |
| "SCRIPT": 1, | |
| "ACCOUNTDISABLE": 2, | |
| "HOMEDIR_REQUIRED": 8, | |
| "LOCKOUT": 16, | |
| "PASSWD_NOTREQD": 32, | |
| "ENCRYPTED_TEXT_PWD_ALLOWED": 128, |
joshfinley
/ inject-profile-2.txt
Created
April 10, 2025 17:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| '=== NtReadVirtualMemory Called ===' | |
| Debug session time: Thu Apr 10 10:06:12.945 2025 (UTC - 7:00) | |
| System Uptime: 1 days 8:32:56.971 | |
| Process Uptime: 0 days 0:07:16.466 | |
| Kernel time: 0 days 0:00:00.093 | |
| User time: 0 days 0:00:00.046 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 |
joshfinley
/ inject-profile.txt
Created
April 10, 2025 16:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| '=== NtOpenProcess Called ===' | |
| Debug session time: Thu Apr 10 09:37:34.366 2025 (UTC - 7:00) | |
| System Uptime: 1 days 8:04:18.392 | |
| Process Uptime: 0 days 1:14:12.282 | |
| Kernel time: 0 days 0:00:39.859 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 | |
| 'R9: ' + @r9 |
joshfinley
/ sleep-profile.txt
Created
April 10, 2025 16:28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0:007> g | |
| '=== NtTerminateThread Called ===' | |
| Debug session time: Thu Apr 10 09:27:43.839 2025 (UTC - 7:00) | |
| System Uptime: 1 days 7:54:27.865 | |
| Process Uptime: 0 days 1:04:21.754 | |
| Kernel time: 0 days 0:00:39.687 | |
| User time: 0 days 0:00:13.328 | |
| 'RCX: ' + @rcx | |
| 'RDX: ' + @rdx | |
| 'R8: ' + @r8 |
NewerOlder