Skip to content

Instantly share code, notes, and snippets.

View swtornio's full-sized avatar

Steve Tornio swtornio

44 followers · 60 following
View GitHub Profile
@rvrsh3ll
rvrsh3ll / gadget2jscriptQueueAPCInject.cs
Last active July 21, 2023 13:07
using System;
using System.IO;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Net;
using System.IO.Compression;
public class Payload
{
@AndrewKvalheim
AndrewKvalheim / mastodon-notes.md
Last active February 9, 2024 18:30
Notes on running a personal Mastodon instance

Personal Mastodon instance

Effective total cost: $3–5/mo

Setup

Decide on an EC2 instance type:

  1. At AWS Console → EC2 → Instance Types, filter for ≥1 GB RAM and sort by price.
  • t4g.micro is lowest.
@daddycocoaman
daddycocoaman / pydefendercheck.py
Last active July 2, 2023 22:13
PyDefenderCheck
##################################################
## PyDefenderCheck - Python implementation of DefenderCheck
##################################################
## Author: daddycocoaman
## Based on: https://github.com/matterpreter/DefenderCheck
##################################################
import argparse
import enum
@dmchell
dmchell / getnamedpipes.cs
Created January 31, 2021 18:43
using System.IO;
using System;
namespace GetNamedPipes
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("[*] Found the following pipes:");
@byt3bl33d3r
byt3bl33d3r / log4j_rce_check.py
Created December 10, 2021 06:02
Python script to detect if an HTTP server is potentially vulnerable to the log4j 0day RCE (https://www.lunasec.io/docs/blog/log4j-zero-day/)
#! /usr/bin/env python3
'''
Needs Requests (pip3 install requests)
Author: Marcello Salvati, Twitter: @byt3bl33d3r
License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License)
This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021.
@tothi
tothi / nmap-http-url.py
Last active September 9, 2024 17:39
Generate HTTP URLs from Nmap XML (and optionally use VirtualHosts)
#!/usr/bin/env python3
#
# inputs: nmap.xml (nmap scan xml output), subdomains.csv (optional virtualhost info, hostname + ip address csv file)
# output: url listing (useful for tools like EyeWitness)
#
# sample usage: ./nmap-http-url.py nmap.xml subdomains.csv | sort -u | gowitness file -f -
#
description = '''
Generate HTTP URLs from Nmap XML (and optionally additional VirtualHost listing, taken from e.g. subdomain enumeration).
@tothi
tothi / krbrelay_privesc_howto.md
Last active April 23, 2025 01:59
Privilege Escalation using KrbRelay and RBCD

KrbRelay with RBCD Privilege Escalation HOWTO

Short HOWTO about one use case of the work from Cube0x0 (KrbRelay) and others.

TL;DR

No-Fix Local Privilege Escalation from low-priviliged domain user to local system on domain-joined computers.

Prerequisites:

  • LDAP signing not required on Domain Controller (default!)
@tothi
tothi / ms-msdt.MD
Last active February 7, 2025 12:01
The MS-MSDT 0-day Office RCE Proof-of-Concept Payload Building Process

MS-MSDT 0-day Office RCE

MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).

The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).

Here are the steps to build a Proof-of-Concept docx:

  1. Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.