Tijl Deneut tijldeneut
tijldeneut
/ azuread_decrypt_msol.ps1
Last active
July 26, 2021 18:45
Decrypting local MSOL account password from a local, embedded SQL Server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Write-Host "AD Connect Sync Credential Extract v3 (@_xpn_ & @tijldeneut)" | |
| Write-Host "`t[ Updated to support new cryptokey storage method ]" | |
| Write-Host "`t[ Updated to support Server 2019's new instance name ]`n" | |
| $client = new-object System.Data.SqlClient.SqlConnection -ArgumentList "Data Source=(localdb)\.\ADSync;Initial Catalog=ADSync" | |
| try { | |
| $client.Open() | |
| } catch { | |
| Write-Host "[!] Could not connect to localdb with ADSync, trying ADSync2019..." |
tijldeneut
/ mp3convert.sh
Last active
August 8, 2021 19:01
MP4/MKV/WEBM to MP3 conversion of a folder with ffmpeg & lame
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # My bash Script to convert mp4 to mp3 | |
| # By NerdJK23 & Photubias | |
| # web: www.computingforgeeks.com | |
| # email: [email protected] | |
| # Requires | |
| # ffmpeg installed | |
| # lame installed |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Written by Photubias, based on https://dirkjanm.io/abusing-azure-ad-sso-with-the-primary-refresh-token/ | |
| ## Example: powershell -ep bypass .\RequestPRTToken.ps1 | |
| [CmdletBinding()] | |
| Param ( | |
| [Parameter(Mandatory=$True,Position=1)]$Nonce | |
| ) | |
| ## Example of a nonce: AQABAAAAAABeStGSRwwnTq2vHplZ9KL4zgnsAt1Vyqx2sMVQVwgmP4MYzWWJfjDXR9L2Jhc2lMCpYpyuFvqYQfHUwEMbVpk1woEIESAbkX-EdIr2ZpDtWiAA | |
| #$nonce = 'AQABAAAAAABeStGSRwwnTq2vHplZ9KL4zgnsAt1Vyqx2sMVQVwgmP4MYzWWJfjDXR9L2Jhc2lMCpYpyuFvqYQfHUwEMbVpk1woEIESAbkX-EdIr2ZpDtWiAA' | |
| #$query = '{"method": "GetCookies", "sender": "https://login.microsoftonline.com", "uri": "https://login.microsoftonline.com/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201d503&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties%3dhiUgyLP6LnqNTRRyNpT0W1WGjOO_9hNAUjayiM5WJb0wwdAK0fwF635Dw5XStDKDP9EV_AeGIuWqN_rtyrl8m9t6pUGiXHhG3GMSSpW-AWcpfxW9D6bmWECYrN36_9zw&nonce=636957966885511040.YmI2MDIxNmItZDA0Yy00MjZlLThlYjAtYjNk |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Created by Korey McKinley, Senior Security Consulant at LMG Security | |
| # https://lmgsecurity.com | |
| # July 12, 2019 | |
| # Converted to Python3 by Tijl Deneut | |
| # August 8, 2021 |
tijldeneut
/ GetWindowsInfo.py
Last active
September 18, 2021 15:43
Decrypting and parsing some interesting and General Windows Information.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| # -*- coding: utf-8 -*- | |
| # | |
| # Copyright 2020, Photubias <[email protected]> | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| # -*- coding: utf-8 -*- | |
| # | |
| # Copyright 2020, Photubias <[email protected]> | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #+-------------------------------------------------------------------+ | |
| #| = : = : = : = : = : = : = : = : = : = : = : = : = : = : = : = : = | | |
| #|{>/-------------------------------------------------------------\<}| | |
| #|: | Author: Aman Dhally | |
| #| :| Email: [email protected] | |
| #| :| Web: www.amandhally.net/blog | |
| #| :| blog: http://newdelhipowershellusergroup.blogspot.com/ | |
| #| :| | |
| #|: | Purpose: | |
| #| :| Clean lapopt using removing un-wantede files |
tijldeneut
/ AzureAD_Generate_Context.exe
Last active
January 7, 2022 14:07
AzureAD Generate Context
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <sys/types.h> | |
| #include <unistd.h> | |
| int main(void){ | |
| setreuid(geteuid(),-1); | |
| setregid(getegid(),-1); | |
| char *args[] = {"/bin/bash",0}; | |
| execve(args[0],args,0); | |
| return 0; | |
| } | |
| /* gcc uidswap.c -o uidswap && ./uidswap */ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| # -*- coding: utf-8 -*- | |
| # | |
| # Copyright 2024, Photubias(c) <[email protected]> | |
| # | |
| ## C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\CloudAPCache\MicrosoftAccount\<id>\Cache | |
| ## Relation between ID and account: HKLM\SOFTWARE\Microsoft\IdentityStore\LogonCache\D7F9888F-E3FC-49b0-9EA6-A85B5F392A4F\Name2Sid | |
| ## #> This ID is a 32byte (64 char) cloud key: it is the same on each machine, maybe this is the unique MS Live ID? | |
| ## #> Also the DPAPI user key is probably derived from the cleartext password because the DPAPI key is the same on multiple machines until password changes | |
| # |
OlderNewer