Skip to content

Instantly share code, notes, and snippets.

@swtornio
swtornio / .htaccess
Created July 13, 2026 14:01 — forked from curi0usJack/.htaccess
FYI THIS IS NO LONGER AN .HTACCESS FILE. SEE COMMENTS BELOW. DON'T WORRY, IT'S STILL EASY.
#
# TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__!
#
# Note this version requires Apache 2.4+
#
# Save this file into something like /etc/apache2/redirect.rules.
# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom
#
# Include /etc/apache2/redirect.rules
#
@swtornio
swtornio / CRTO LDAP Search Commands Cheatsheet 1.0.md
Created May 14, 2026 22:47 — forked from GregDurys/CRTO LDAP Search Commands Cheatsheet 1.0.md
LDAP queries for CRTO exam prep - TrustedSec BOF ldapsearch format, anonymised

All queries use the TrustedSec CS-Situational-Awareness BOF ldapsearch, not OpenLDAP ldapsearch. Syntax: ldapsearch <filter> [--attributes] [--count] [--scope] [--hostname] [--dn] [--ldaps]. Default scope is subtree, --dn sets the search base, --hostname targets a specific DC.

Domains

Generic Role
megacorp.com Local domain
foreign.com Foreign domain

Machines

using System;
using System.IO;
using System.Security.Cryptography;
using System.Runtime.Serialization.Formatters.Binary;
namespace hawktracewsus
{
class Program
{
static void Main()
@swtornio
swtornio / install.sh
Created October 14, 2024 14:01 — forked from ikr4-m/install.sh
Hyper-V Enhanced Session for Debian
#!/bin/sh
# This script based on linux-vm-tools for Ubuntu 22.02.
# Thanks to https://github.com/Hinara/linux-vm-tools/ to script
# This script is for Ubuntu 22.04 Jammy Jellyfish to download and install XRDP+XORGXRDP via
# source.
#
# Major thanks to: http://c-nergy.be/blog/?p=11336 for the tips.
#
@swtornio
swtornio / DInjectQueuerAPC.cs
Created September 13, 2024 15:24 — forked from jfmaes/DInjectQueuerAPC.cs
.NET Process injection in a new process with QueueUserAPC using D/invoke - compatible with gadgettojscript
using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
namespace DinjectorWithQUserAPC
{
public class Program
@swtornio
swtornio / 2serv.py
Created February 15, 2023 19:29 — forked from phrawzty/2serv.py
simple python http server to dump request headers
#!/usr/bin/env python2
import SimpleHTTPServer
import SocketServer
import logging
PORT = 8000
class GetHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
_ _ _ ____ _ _
| | | | __ _ ___| | __ | __ ) __ _ ___| | _| |
| |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / |
| _ | (_| | (__| < | |_) | (_| | (__| <|_|
|_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_)
A DIY Guide
@swtornio
swtornio / ms-msdt.MD
Created May 31, 2022 12:04 — forked from tothi/ms-msdt.MD
The MS-MSDT 0-day Office RCE Proof-of-Concept Payload Building Process

MS-MSDT 0-day Office RCE

MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).

The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).

Here are the steps to build a Proof-of-Concept docx:

  1. Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.
@swtornio
swtornio / boilerplate.py
Created May 13, 2022 11:47 — forked from notareverser/boilerplate.py
Boilerplate Python script
#!/usr/bin/env python3
import argparse
import sys
import json
import logging
@swtornio
swtornio / nmap-http-url.py
Created April 28, 2022 23:29 — forked from tothi/nmap-http-url.py
Generate HTTP URLs from Nmap XML (and optionally use VirtualHosts)
#!/usr/bin/env python3
#
# inputs: nmap.xml (nmap scan xml output), subdomains.csv (optional virtualhost info, hostname + ip address csv file)
# output: url listing (useful for tools like EyeWitness)
#
# sample usage: ./nmap-http-url.py nmap.xml subdomains.csv | sort -u | gowitness file -f -
#
description = '''
Generate HTTP URLs from Nmap XML (and optionally additional VirtualHost listing, taken from e.g. subdomain enumeration).