Skip to content

Instantly share code, notes, and snippets.

View raystyle's full-sized avatar

ray raystyle

48 followers · 23 following
  • beijing
View GitHub Profile
@raystyle
raystyle / external_controller.py
Created October 19, 2018 03:45 — forked from xpn/external_controller.py
import socket
import struct
import time
class ExternalC2Controller:
def __init__(self, port):
self.port = port
def encodeFrame(self, data):
return struct.pack("<I", len(data)) + data
@raystyle
raystyle / Simple_Rev_Shell.cs
Created October 19, 2018 10:26
C# Simple Reverse Shell Code
using System;
using System.Text;
using System.IO;
using System.Diagnostics;
using System.ComponentModel;
using System.Linq;
using System.Net;
using System.Net.Sockets;
@raystyle
raystyle / Simple_Rev_Shell.cs
Created October 19, 2018 10:26
C# Simple Reverse Shell Code
using System;
using System.Text;
using System.IO;
using System.Diagnostics;
using System.ComponentModel;
using System.Linq;
using System.Net;
using System.Net.Sockets;
@raystyle
raystyle / rpc_dump_august.txt
Created October 24, 2018 08:17 — forked from masthoon/rpc_dump_rs4.txt
RPC interfaces dump August 2018
--------------------------------------------------------------------------------
<WinProcess "smss.exe" pid 520 at 0x5db0c50L>
64
[!!] Invalid rpcrt4 base: 0x0 vs 0x7ff868230000
--------------------------------------------------------------------------------
<WinProcess "csrss.exe" pid 776 at 0x5db0908L>
64
Interfaces :
Endpoints :
@raystyle
raystyle / abandonedInprocServer32.cs
Created October 31, 2018 06:41 — forked from matterpreter/abandonedInprocServer32.cs
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Management;
namespace ComAbandonment
{
public class ComAbandonment
{
@raystyle
raystyle / gist:f3a5c645f6622b54490130ddcedf8ead
Created November 5, 2018 07:30 — forked from jeffmcjunkin/gist:7b4a67bb7dd0cfbfbd83768f3aa6eb12
Useful Cypher queries for BloodHound
---------------
MATCH (u:User)-[r:AdminTo|MemberOf*1..]->(c:Computer
RETURN u.name
That’ll return a list of users who have admin rights on at least one system either explicitly or through group membership
---------------
MATCH
(U:User)-[r:MemberOf|:AdminTo*1..]->(C:Computer)
@raystyle
raystyle / kerberoast_pws.xz
Last active November 19, 2018 06:35 — forked from edermi/kerberoast_pws.xz
edermi Kerberoast PW list (XZ format)
This file has been truncated, but you can view the full file.
View raw
@raystyle
raystyle / pdf_flatedecode.py
Created December 13, 2018 02:40 — forked from averagesecurityguy/pdf_flatedecode.py
Decompress FlateDecode Objects in PDF
#!/bin/bash
import re
import zlib
pdf = open("some_doc.pdf", "rb").read()
stream = re.compile(r'.*?FlateDecode.*?stream(.*?)endstream', re.S)
for s in stream.findall(pdf):
s = s.strip('\r\n')
try:
@raystyle
raystyle / windows-toolkit.md
Created December 27, 2018 03:26 — forked from jthuraisamy/windows-toolkit.md
Windows Toolkit

Windows Toolkit

Binary

Native Binaries

IDA Plugins Preferred Neutral Unreviewed
@raystyle
raystyle / markvulnerable.py
Created January 18, 2019 03:11 — forked from NotMedic/markvulnerable.py
Script to mark hosts as vulnerable in Bloodhound.
#!/usr/bin/python
import sys, json, urllib, urllib2
#Define the Bloodhound Database
url = 'http://bloodhound-server:7474/db/data/cypher/'
#Define the Bloodhound Credentials
#echo neo4j:bloodhound | base64
base64auth = 'bmVvNGo6Ymxvb2Rob3VuZA=='
request = urllib2.Request(url)