' or '1' ='1' --
Steve Stonebraker ssstonebraker
ssstonebraker
/ Active Directory Attacks.md
Last active
May 14, 2026 16:04
Active Directory Attacks #oscp
Note: I did not author this, i found it somehwere.
- Tools
- Most common paths to AD compromise
- [GPO - Pivoting with Local Admin
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Discovery | |
| ## masscan | |
| ### Top 100 ports TCP/UDP | |
| masscan -p7,9,13,21-23,25-26,37,53,79-81,88,106,110-111,113,119,135,139,143-144,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157,U:2-3,U:7,U:9,U:13,U:17,U:19-23,U:37-38,U:42,U:49,U:53,U:67-69,U:80,U:88,U:111-113,U:120,U:123,U:135-139,U:158,U:161-162,U:177,U:192,U:199,U:207,U:217,U:363,U:389,U:402,U:407,U:427,U:434,U:443,U:445,U:464,U:497,U:500,U:502,U:512-515,U:517-518,U:520,U:539,U:559,U:593,U:623,U:626,U:631,U:639,U:643,U:657,U:664,U:682-689,U:764,U:767,U:772-776,U:780-782,U:786,U:789,U:800,U:814,U:826,U:829,U:838,U:902-903,U:944,U:959,U:965,U:983,U:989-990,U:996-1001,U:1007-1008,U:1012-1014,U:1019-1051,U:1053-1060,U:1064-1070,U:1072,U:1080-1081,U:1087-1088,U:1090,U:1100-1101,U:1105, |
ssstonebraker
/ elasticsearch_5.6_cheatsheet.md
Last active
October 23, 2024 19:09
ElasticSearch 5.6 Cheatsheet
If you need to decomission a node the first thing you should do is transfer all shards from it to other nodes
This command will tell ElasticSearch to:
- Stop sending new shards to node 10.0.0.1
- Move all existing shards on node 10.0.0.1 to other nodes in the cluster
ssstonebraker
/ Case-Template__MISP-EVENT.json
Created
April 11, 2019 18:53
TheHive Case Template - MISP-EVENT
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"severity":2,"customFields":{},"description":"Case Created from a MISP event","tags":["misp","from-misp-event"],"name":"MISP-EVENT","tlp":2,"titlePrefix":"[MISP]","metrics":{},"pap":2,"tasks":[{"title":"Scratchpad","order":0,"group":"Scratchpad"},{"title":"Peers & Partners","order":1,"group":"Comms"},{"title":"Other","order":2,"group":"Comms"},{"title":"Detection && Identification","order":3,"group":"IR-Step2"},{"title":"Analysis && Digital Forensics","order":4,"group":"IR-Step2"},{"title":"Containment","order":5,"group":"IR-Step3"},{"title":"Eradication","order":6,"group":"IR-Step4"},{"title":"Recovery","order":7,"group":"IR-Step5"},{"title":"Lessons Learned","order":8,"group":"IR-Step6"}],"status":"Ok"} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Filename: showdupes.sh | |
| # source: http://brakertech.com/compare-two-files-and-print-lines-that-match/ | |
| # this file takes two text files as input | |
| # sorts them and outputs lines from | |
| # file 2 that match file 1 | |
| if [ -f "$1" ] && [ -f "$2" ] | |
| then | |
| awk 'NR==FNR{arr[$0];next} $0 in arr' $1.tmp $2.tmp; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://attack.mitre.org/wiki/ATT&CK_Matrix | |
| Convert pcapng to pcapng | |
| tshark -F pcap -r /Users/sstonebraker/Downloads/capture_ilch1dc02p.pcapng -w /Users/sstonebraker/Downloads/capture_ilch1dc02p.pcap | |
| recursively convert pcapng files to pcap | |
| find . -type f -name '*.pcapng' -print0 | while IFS= read -r -d '' f; do tshark -F pcap -r "$f" -w "${f%.pcapng}.pcap"; done |
ssstonebraker
/ Google_dorks
Created
May 4, 2018 01:29
— forked from zbetcheckin/Google_dorks
Some google dorks useful in footprinting
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Replace 'X' with the domain name of your choice | |
| # Back link | |
| link:X -site:X | |
| # Sub domain | |
| site:X -site:www.X | |
| # Url | |
| inurl:X -site:X |
ssstonebraker
/ ipinfo.sh
Created
April 26, 2018 06:14
Determine Country Code for a List of IP Addresses
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Usage: ./ipinfo.sh file_containing_one_ip_per_line | |
| filename=$1 | |
| ipAddresses=`cat $filename` | |
| `echo "" > out.txt` #To empty the file | |
| readonly ourPath="$(dirname $0)" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Add this to your bash profile | |
| ipextract () { | |
| # example: ipextract < filename | |
| egrep --only-matching -E '(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' | |
| } |