| Original Letter | Look-Alike(s) |
|---|---|
| a | а ạ ą ä à á ą |
| c | с ƈ ċ |
| d | ԁ ɗ |
| e | е ẹ ė é è |
| g | ġ |
| h | һ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python2 | |
| """ | |
| Use scapy to modify packets going through your machine. | |
| Based on nfqueue to block packets in the kernel and pass them to scapy for validation | |
| """ | |
| import nfqueue | |
| from scapy.all import * | |
| import os |
nullbind
/ SQL Server UNC Path Injection Cheatsheet
Last active
March 1, 2025 19:51
SQL Server UNC Path Injection Cheatsheet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This is a list of SQL Server commands that support UNC path [injections] by default. | |
| The injections can be used to capture or replay the NetNTLM password hash of the | |
| Windows account used to run the SQL Server service. The SQL Server service account | |
| has sysadmin privileges by default in all versions of SQL Server. | |
| Note: This list is most likely not complete. | |
| ----------------------------------------------------------------------- | |
| -- UNC Path Injections Executable by the Public Fixed Server Role | |
| ----------------------------------------------------------------------- |
curi0usJack
/ .htaccess
Last active
September 23, 2025 22:00
FYI THIS IS NO LONGER AN .HTACCESS FILE. SEE COMMENTS BELOW. DON'T WORRY, IT'S STILL EASY.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__! | |
| # | |
| # Note this version requires Apache 2.4+ | |
| # | |
| # Save this file into something like /etc/apache2/redirect.rules. | |
| # Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom | |
| # | |
| # Include /etc/apache2/redirect.rules | |
| # |
bandrel
/ check_hashes.py
Last active
November 5, 2024 06:12
To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| #Purpose: To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller | |
| #Script requires a command line argument of a file containing usernames/hashes in the format of user:sid:LMHASH:NTLMHASH::: | |
| # ./check_hashes.py <hash_dump> | |
| import argparse | |
| import re | |
| parser = argparse.ArgumentParser(description="Check user hashes against each other to find users that share passwords") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # source:http://geocities.com/SiliconValley/heights/7052/opcode.txt | |
| From: [email protected] (Mark Hopkins) | |
| Newsgroups: alt.lang.asm | |
| Subject: A Summary of the 80486 Opcodes and Instructions | |
| (1) The 80x86 is an Octal Machine | |
| This is a follow-up and revision of an article posted in alt.lang.asm on | |
| 7-5-92 concerning the 80x86 instruction encoding. | |
| The only proper way to understand 80x86 coding is to realize that ALL 80x86 |
dumpmycode
/ MASM notes
Last active
April 9, 2023 19:51
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ============================================================================================== | |
| FLAGS - Visual Studio | |
| | Overflow | OV | 1 = Overflow | 0 = No Overflow | |
| | Direction | UP | 1 = Down | 0 = Up | |
| | Interrupt | EI | 1 = Enabled | 0 = Disabled | |
| | Sign | PL | 1 = Negative | 0 = Positive | |
| | Zero | ZR | 1 = Zero | 0 = Not Zero | |
| | Auxiliary | AC | | |
| | Parity | PE | 1 = Even | 0 = Odd | |
| | Carry | CY | 1 = Carry | 0 = No Carry |
NtRaiseHardError
/ imagine-needing-writeprocessmemory-and-createremotethread.c
Last active
November 8, 2024 23:03
Process injection without WriteProcessMemory or CreateRemoteThread/QueueUserApc
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| // example shellcode | |
| // make sure to have 8 reserved bytes for 64-bit ret | |
| // gadget to rop into the actual shellcode | |
| CHAR shellcode[] = { | |
| // 8 bytes here for jmp loop gadget | |
| 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, | |
| // actual shellcode starts here | |
| 0xEB, 0xFE, 0x01, 0x23, 0x45, 0x67, 0x89, 0xAA, |
gladiatx0r
/ Workstation-Takeover.md
Last active
August 25, 2025 14:06
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure
In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;
- Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
- Relaying that machine authentication to LDAPS for configuring RBCD
- RBCD takeover
The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #AntiVirus Query | |
| #Author: @r3dQu1nn | |
| #Queries the Registry for AV installed | |
| #Thanks to @i_am_excite and @merrillmatt011 for the help | |
| #Props to @zerosum0x0 for the wmic find! | |
| #Long ass one-liner :) | |
| $powershellcmd = "\$av_list = @(\"BitDefender\", \"Kaspersky\", \"McAfee\", \"Norton\", \"Avast\", \"WebRoot\", \"AVG\", \"ESET\", \"Malware\", \"Windows Defender\");\$av_install = Get-ItemProperty HKLM:\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*;\$av_install1 = Get-ItemProperty HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*;\$regkey = 'HKLM:\\SOFTWARE\\Microsoft\\Windows Defender\\Signature Updates\\';\$av_loop2 = foreach (\$av1 in \$av_list){foreach (\$key in \$av_install){if (\$key.DisplayName -match \$av1 -eq \$TRUE){% {\"{0}|{1}|{2}\" -f \$key.DisplayName.ToString(), \$key.DisplayVersion.ToString(), \$key.InstallDate.ToString()}}}};\$proc_temp = Get-Process;\$av_loop = foreach (\$av in \$av_list){foreach (\$zz in \$proc_temp){if (\$zz.path -match \$av -eq \$TRUE) |
OlderNewer