Skip to content

Instantly share code, notes, and snippets.

View seajaysec's full-sized avatar

Chris Farrell seajaysec

90 followers · 24 following
View GitHub Profile
@dstreefkerk
dstreefkerk / Get-MachineAccountQuotaUsers.ps1
Created January 29, 2020 04:38
Gets a list of AD computers that were created by regular users exercising their default right to create up to 10 computer accounts in an AD domain
$machineAccountQuotaComputers = Get-ADComputer -filter {ms-DS-CreatorSID -ne "$null"} -Properties ms-DS-CreatorSID,Created
foreach ($machine in $machineAccountQuotaComputers) {
$creator = $null
try {
$creator = [System.Security.Principal.SecurityIdentifier]::new($machine.'ms-DS-CreatorSID').Translate([System.Security.Principal.NTAccount]).Value
}
catch {
$creator = $machine.'ms-DS-CreatorSID'
}
@fm
fm / PFPT URL Defense Decoder.html
Last active December 6, 2019 00:05
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>TAP URL Decoder</title>
</head>
<style type="text/css">
pre {
display: block;
padding: 9.5px;
@mpgn
mpgn / areadme.md
Last active December 6, 2019 17:50
Procdump CME module that dump LSASS process and extract the result with pypykatz
  1. install pypykatz pip install pypykatz outisde your pipenv
  2. Add this file to cme/module/procdump.py
  3. compile python setup.py install
  4. run cme smb 172.16.60.152 -u Administrator -p P@ssword -M procdump

image

@shelld0n
shelld0n / wmiexec_server_mode.py
Created September 20, 2019 15:25
Impacket wmiexec.py implementation supporting SERVER mode
#!/usr/bin/env python
# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
#
# This software is provided under under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# A similar approach to smbexec but executing commands through WMI.
# Main advantage here is it runs under the user (has to be Admin)
# account, not SYSTEM, plus, it doesn't generate noisy messages
@daddycocoaman
daddycocoaman / stickynoteparser.py
Created September 14, 2019 02:34
Parses sticky note files in .snt/.sqlite formats. Sqlite files may require the WAL and SHM files of the same name as well. Once run, WAL/SHM files will be merged into .sqlite file.
import json
import sqlite3
import olefile
import argparse
def parse_snt_file(file):
# https://www.tutorialspoint.com/python_digital_forensics/python_digital_forensics_important_artifacts_in_windows
if not olefile.isOleFile(file):
return "Invalid OLE file"
@leechristensen
leechristensen / FindingComputersWithLocalAdmin.md
Created August 30, 2019 22:51
Useful cypher queries to find computers that are local admin on other computers, or to find groups containing bother users/computers.

Computer accounts added to local admins on machines via a group in the local admins

MATCH p1 = (c1:Computer)-[r:MemberOf*1..]->(g1:Group)
WITH c1,g1
MATCH p2 = (g1:Group)-[r:AdminTo]->(c2:Computer)
RETURN c1.name As Principal,c2.name AS Target,g1.name AS ViaGroup

Computer accounts added to local admins on machines explicitly

@eresonance
eresonance / pull_from_thinkware.sh
Created July 14, 2019 17:52
Script to pull videos from a thinkware wifi camera via ftp
#!/bin/sh
set -e
#set -x
usage () {
cat <<EOF
Usage: $0 [-v|--verbose] [-h|--help] [-f|--from "dirs on camera"] [-t|--to "backup location"] camera_ip
EOF
}
@swtornio
swtornio / tmux.conf
Last active August 6, 2022 03:09
tmux config
#############################################
## DEFAULT GENERAL SETTINGS (tmux show -g) ##
#############################################
set-option -g activity-action other
set-option -g assume-paste-time 1
set-option -g base-index 0
set-option -g bell-action any
set-option -g default-command ""
set-option -g default-shell "/bin/bash"
@sminez
sminez / get_ippsec_details.py
Last active June 5, 2024 12:10
Find examples of pen testing methods and tools in videos by Ippsec (as of 22nd January 2020)
#!/usr/bin/env python3
"""
Script used to pull down the current video descriptions from ippsec's youtube channel.
The raw output still has a few HTML tags that need to be manually removed and there
also seem to be multiple duplicates of videos that have been removed in the output
saved as ippsec-details.txt
"""
import re
import sys
@TarlogicSecurity
TarlogicSecurity / kerberos_attacks_cheatsheet.md
Created May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module: