##Domain
We need some records on our domain (mydomain.com) DNS for connections. Add these records:
t1 IN NS t1ns.mydomain.com. ; note final the dot!
t1ns IN A OUR_SERVER_IP
##Server
skelsec
/ dementor.py
Created
October 7, 2018 17:48
— forked from 3xocyte/dementor.py
rough PoC to connect to spoolss to elicit machine account authentication
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # abuse cases and better implementation from the original discoverer: https://github.com/leechristensen/SpoolSample | |
| # some code from https://www.exploit-db.com/exploits/2879/ | |
| import os | |
| import sys | |
| import argparse | |
| import binascii | |
| import ConfigParser |
skelsec
/ gist:70ffc8d854c34c7dfae5b237158824d1
Last active
February 17, 2020 22:35
Python3.7 install from source under Ubuntu 18.04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # following script will comiple and install Python3.7.1 for Ubuntu 18.04 | |
| # the new python version will appear as "python3.7" and "pip3.7" | |
| # | |
| sudo apt-get install libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev libffi-dev | |
| cd /usr/src | |
| wget https://www.python.org/ftp/python/3.7.1/Python-3.7.1.tgz | |
| tar xvf Python-3.7.1.tgz | |
| cd Python-3.7.1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import traceback | |
| class MasscanJsonFile: | |
| def __init__(self, filename, in_memory = True): | |
| self.filename = filename | |
| self.in_memory = in_memory | |
| self.hosts_port = {} | |
| self.port_hosts = {} |
skelsec
/ DNS tunneling with iodine.md
Created
July 31, 2019 11:42
— forked from nukeador/DNS tunneling with iodine.md
How to install and use iodine for DNS tunneling.
skelsec
/ popshellslikeitsasaturday.py
Created
August 7, 2019 17:58
— forked from makelariss/popshellslikeitsasaturday.py
NT AUTHORITY\SYSTEM through Token Impersonation using Python
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: UTF-8 -*- | |
| # All credits go to: https://github.com/joren485/PyWinPrivEsc/blob/master/RunAsSystem.py | |
| from ctypes.wintypes import * | |
| from ctypes import * | |
| from enum import IntEnum | |
| # These libraries have the APIs we need | |
| kernel32 = WinDLL('kernel32', use_last_error=True) | |
| advapi32 = WinDLL('advapi32', use_last_error=True) | |
| psapi = WinDLL('psapi.dll', use_last_error=True) |
skelsec
/ gist:617abdc40a29a60edd337177f5dce85a
Created
December 19, 2019 01:15
Command line registry parser / secrets extractor for MemProcFS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Command-line interface to extract well-known secrets from registry hives | |
| # using MemProcFS's registry API | |
| # | |
| # | |
| # IMPORTANT: use the !latest! AIOWinreg version (0.0.2) from pip or github | |
| # | |
| # Author: Tamas Jos @skelsec |
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CmZ1bmN0aW9uIEludm9rZS1CbG9vZEhvdW5kewogICAgPCMKICAgIC5TWU5PUFNJUwoKICAgICAgICBSdW5zIHRoZSBCbG9vZEhvdW5kIEMjIEluZ2VzdG9yIHVzaW5nIHJlZmxlY3Rpb24uIFRoZSBhc3NlbWJseSBpcyBzdG9yZWQgaW4gdGhpcyBmaWxlLgoKICAgIC5ERVNDUklQVElPTgoKICAgICAgICBVc2luZyByZWZsZWN0aW9uIGFuZCBhc3NlbWJseS5sb2FkLCBsb2FkIHRoZSBjb21waWxlZCBCbG9vZEhvdW5kIEMjIGluZ2VzdG9yIGludG8gbWVtb3J5CiAgICAgICAgYW5kIHJ1biBpdCB3aXRob3V0IHRvdWNoaW5nIGRpc2suIFBhcmFtZXRlcnMgYXJlIGNvbnZlcnRlZCB0byB0aGUgZXF1aXZhbGVudCBDTEkgYXJndW1lbnRzCiAgICAgICAgZm9yIHRoZSBTaGFycEhvdW5kIGV4ZWN1dGFibGUgYW5kIHBhc3NlZCBpbiB2aWEgcmVmbGVjdGlvbi4gVGhlIGFwcHJvcHJpYXRlIGZ1bmN0aW9uCiAgICAgICAgY2FsbHMgYXJlIG1hZGUgaW4gb3JkZXIgdG8gZW5zdXJlIHRoYXQgYXNzZW1ibHkgZGVwZW5kZW5jaWVzIGFyZSBsb2FkZWQgcHJvcGVybHkuCgogICAgLlBBUkFNRVRFUiBDb2xsZWN0aW9uTWV0aG9kCgogICAgICAgIFNwZWNpZmllcyB0aGUgQ29sbGVjdGlvbk1ldGhvZCBiZWluZyB1c2VkLiBQb3NzaWJsZSB2YWx1ZSBhcmU6CiAgICAgICAgICAgIEdyb3VwIC0gQ29sbGVjdCBncm91cCBtZW1iZXJzaGlwIGluZm9ybWF0aW9uCiAgICAgICAgICAgIExvY2FsR3JvdXAgLSBDb2xsZWN0IGxvY2FsIGdyb3VwIGluZm9ybWF0aW9uIGZvciBj |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # this file was created using data from multiple different sources including: | |
| # https://github.com/ckuethe/usbarmory/wiki/USB-Gadgets | |
| # https://github.com/RoganDawes/P4wnP1_aloa | |
| # https://github.com/RoganDawes/P4wnP1 | |
| # https://git.gir.st/sendHID.git | |
| # https://git.gir.st/hardpass.git/blob/HEAD:/init_usb.sh | |
| # http://www.isticktoit.net/?p=1383 | |
| # |
skelsec
/ gist:bb1bc369a558ce1197610d52be253def
Created
January 17, 2022 00:39
compiling libcrypto for pyodide
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # this will onyl work with pyodide version 0.19 (and probably above) | |
| #you'll need emscripten environment set up | |
| #get openssl-1.1.1m (this is the latest as of writing) | |
| # run configure with these flags | |
| emconfigure ./Configure -no-asm no-comp no-hw no-engine no-deprecated shared no-dso no-threads linux-generic64 | |
| # now remove the cross compil bin path from the makefile because it gets duplicated for some reason | |
| sed -i 's|^CROSS_COMPILE.*$|CROSS_COMPILE=|g' Makefile | |
| # make it, it will crash when compiling the tests | |
| emmake make | |
| # ignore errors, no test will be done, remove libcrypto and libssl files |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from Cryptodome.Cipher import AES | |
| from Cryptodome.Random import get_random_bytes | |
| from pypykatz.commons.common import hexdump | |
| data = b"secret" | |
| key = b'\xAA'*16 | |
| iv = b'\xAA'*16 | |
| cipher = AES.new(key, AES.MODE_CFB, iv=iv) | |
| ct_bytes = cipher.encrypt(data) |
OlderNewer