- Recon
- Find vuln
- Exploit
- Document it
Unicornscans in cli, nmap in msfconsole to help store loot in database.
Thom Hastings thomhastings
thomhastings
/ how-to-oscp-final.md
Created
May 9, 2017 14:56
— forked from unfo/how-to-oscp-final.md
thomhastings
/ INSTALL.md
Last active
September 29, 2022 05:33
credit: @GossiTheDog: "If you want to setup FUZZBUNCH (the Equation exploit framework) you need Win7 VM + Python 2.6 + Pywin 2.6, then python fb.py for shell"
h/t @x0rz @DEYCrypt @hackerfantastic
context: https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation
writeup: https://www.trustedsec.com/blog/equation-group-dump-analysis-full-rce-win7-fully-patched-cobalt-strike/
decrypted files: https://github.com/x0rz/EQGRP_Lost_in_Translation
thomhastings
/ get-buuf.sh
Last active
March 31, 2017 15:30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #################################### | |
| # Get Buuf Icon Theme script | |
| # by Thom Hastings 2017 | |
| # BSD 3-clause License | |
| # tested Kali 2016.2 | |
| #################################### | |
| cd /tmp | |
| wget buuficontheme.free.fr -r -l1 --no-parent -A.tar.xz | |
| cd /usr/share/icons |
thomhastings
/ wedding.py
Last active
July 2, 2016 16:44
— forked from phreeza/wedding.py
A small terminal based animation I made for a friend's wedding
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This script is released 'as is' into the public domain | |
| from math import cos,sin | |
| import os | |
| from time import sleep | |
| def y(p): | |
| return (sin(p)**3) | |
| def x(p): | |
| return -(13*cos(p)-5*cos(2*p)-2*cos(3*p)-cos(4*t))/16 | |
| while True: | |
| for r in range(14): |
thomhastings
/ 0_reuse_code.js
Last active
August 29, 2015 14:13
Here are some things you can do with Gists in GistBox.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Use Gists to store code you would like to remember later on | |
| console.log(window); // log the "window" object to the console |
thomhastings
/ process-permissions.bat
Created
October 24, 2012 01:13
Batch Script for process permission analysis
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :: process-permissions.bat | |
| :: ======================= | |
| :: Batch Script for process permission analysis | |
| :: by Thom Hastings ©2012 New BSD License | |
| :: | |
| :: for reference- | |
| :: http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/ | |
| :: TODO: http://it-ovid.blogspot.com/2012/02/windows-privilege-escalation.html | |
| @echo off | |
| title %username%@%userdomain% on %logonserver%\%computername% via %comspec% ~c0nS0Le |