Skip to content

Instantly share code, notes, and snippets.

View mgeeky's full-sized avatar
💭
Wanna sip a sencha?

Mariusz Banach mgeeky

💭
Wanna sip a sencha?
2.7k followers · 104 following
  • Binary-Offensive.com
  • Poland
  • X @mariuszbit
View GitHub Profile
@klezVirus
klezVirus / EtwStartWebClient.cs
Last active June 26, 2025 00:09
A PoC in C# to enable WebClient Programmatically
using System.Runtime.InteropServices;
using System;
/*
* Simple C# PoC to enable WebClient Service Programmatically
* Based on the C++ version from @tirannido (James Forshaw)
* Twitter: https://twitter.com/tiraniddo
* URL: https://www.tiraniddo.dev/2015/03/starting-webclient-service.html
*
* Compile with:
@gladiatx0r
gladiatx0r / Workstation-Takeover.md
Last active March 17, 2025 03:05
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure

Overview

In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;

  • Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
  • Relaying that machine authentication to LDAPS for configuring RBCD
  • RBCD takeover

The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.

@TetteDev
TetteDev / PEB.cs
Created July 4, 2021 07:31
Unlinking Module from PEB with c# (64bit tested only)
public unsafe static bool UnlinkModuleFromPeb(IntPtr hModule)
{
if (hModule == IntPtr.Zero) return false;
PEB* peb = Get_PEB();
if (peb == null) return false;
LIST_ENTRY* CurrentEntry = peb->Ldr->InLoadOrderModuleList.Flink;
Debug.Assert(CurrentEntry != null);
@ychaouche
ychaouche / Spamassassin rules description
Last active June 26, 2025 18:26
Spamassassin rules description
Note:
to keep this list automatically updated,
I turned it into a repo which is automatically updated via cron.
see https://github.com/ychaouche/spamassassin-rules-description
AC_BR_BONANZA Too many newlines in a row... spammy template
ACCESSDB Bericht zou gevangen zijn door accessdb
ACCESSDB Ce message aurait �t� bloqu� par accessdb
ACCESSDB Mensagem teria sido pega pela accessdb
ACCESSDB Message would have been caught by accessdb
@Acebond
Acebond / bh_split2.py
Last active October 3, 2023 17:39
Split large SharpHound datasets (JSON files) into smaller files that can more easily be imported into BloodHound. Especially useful due to the Electron memory limitations.
#!/usr/bin/python3
# Based on https://gist.github.com/deltronzero/7c23bacf97b4b61c7a2f2950ef6f35d8
# pip install simplejson
import simplejson
import sys
def splitfile(file_name, object_limit):
print(f"[*] Loading {file_name}")
with open(file_name) as f:
data = simplejson.load(f)
@knavesec
knavesec / poc.html
Last active October 6, 2024 10:25
External Email Warning Bypass
<!DOCTYPE html>
<html>
<head>
<title></title>
<style type="text/css">
body {
display: none !important;
background:#FFFFFF !important;
}
@deltronzero
deltronzero / bh_split.py
Last active September 14, 2023 10:06
split one large bloodhound file into multiple smaller files to work around memory limitations
import json
file_name = "20210312152708_computers.json"
type = "computers"
object_limit = 10000
print(f"[*] loading {file_name}")
data = json.loads(open(file_name,'r').read().encode().decode('utf-8-sig'))
total_objects = data['meta']['count']
@ChoiSG
ChoiSG / execute_assembly_bin.nim
Last active February 4, 2022 16:13
testnim for Invoke-ReflectivePEInjection
#[
Author: Marcello Salvati, Twitter: @byt3bl33d3r
License: BSD 3-Clause
I still can't believe this was added directly in the Winim library. Huge props to the author of Winim for this (khchen), really great stuff.
Make sure you have Winim >=3.6.0 installed. If in doubt do a `nimble install winim`
Also see https://github.com/khchen/winim/issues/63 for an amazing pro-tip from the author of Winim in order to determine the marshalling type of .NET objects.
References:
- https://github.com/khchen/winim/blob/master/examples/clr/usage_demo2.nim
]#
@ajpc500
ajpc500 / binToUUIDs.py
Created January 24, 2021 18:00
Convert shellcode file to UUIDs
from uuid import UUID
import os
import sys
# Usage: python3 binToUUIDs.py shellcode.bin [--print]
print("""
____ _ _______ _ _ _ _ _____ _____
| _ \(_) |__ __| | | | | | | |_ _| __ \
| |_) |_ _ __ | | ___ | | | | | | | | | | | | |___
@harrypatrick442
harrypatrick442 / SimpleHTTPServer.cs
Last active September 26, 2021 11:05 — forked from aksakalli/SimpleHTTPServer.cs
SimpleHTTPServer in C#
// MIT License - Copyright (c) 2016 Can Güney Aksakalli
// https://aksakalli.github.io/2014/02/24/simple-http-server-with-csparp.html
using System;
using System.Collections.Generic;
using System.Net.Sockets;
using System.Net;
using System.IO;
using System.Threading;
using System.Threading.Tasks;