Skip to content

Instantly share code, notes, and snippets.

View zwned's full-sized avatar

zwned

58 followers · 373 following
View GitHub Profile
@ropnop
ropnop / lookupadmins.py
Last active February 10, 2025 16:53
Python script using Impacket to enumerate local administrators over SAMR
#!/usr/bin/env python
#
# Title: lookupadmins.py
# Author: @ropnop
# Description: Python script using Impacket to query members of the builtin Administrators group through SAMR
# Similar in function to Get-NetLocalGroup from Powerview
# Won't work against Windows 10 Anniversary Edition unless you already have local admin
# See: http://www.securityweek.com/microsoft-experts-launch-anti-recon-tool-windows-10-server-2016
#
# Heavily based on original Impacket example scripts written by @agsolino and available here: https://github.com/CoreSecurity/impacket
@curi0usJack
curi0usJack / .htaccess
Last active April 9, 2025 16:33
FYI THIS IS NO LONGER AN .HTACCESS FILE. SEE COMMENTS BELOW. DON'T WORRY, IT'S STILL EASY.
#
# TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__!
#
# Note this version requires Apache 2.4+
#
# Save this file into something like /etc/apache2/redirect.rules.
# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom
#
# Include /etc/apache2/redirect.rules
#
@bohops
bohops / RDP_Eavesdropping_Hijacking
Last active April 14, 2025 16:22
RDP Eavesdropping and Hijacking
*******************************
I spent some time this evening looking at ways to eavesdrop and hijack RDP sessions. Here is a gist of (semi) interesting findings
that is not very new...
===========
Inspiration
===========
As you may already know...
@maldevel
maldevel / decryptWinSCPCreds.cpp
Created August 26, 2018 10:41
PassCat Decrypt WinSCP passwords snippet
//https://github.com/twelvesec/passcat
//GNU General Public License v3.0
//@maldevel
//...
int libwinscp::decrypt_char(char *hash, char **newhash, size_t *size) {
unsigned char hex_flag = 0xA3;
char charset[17] = "0123456789ABCDEF";
int unpack1, unpack2, result = 0;
@dirkjanm
dirkjanm / getloggedon.py
Created September 15, 2018 19:27
Simple script that uses impacket to enumerate logged on users as admin using NetrWkstaUserEnum and impacket
#!/usr/bin/env python
# Copyright (c) 2012-2018 CORE Security Technologies
#
# This software is provided under under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# Gets logged on users via NetrWkstaUserEnum (requires admin on targets).
# Mostly adapted from netview.py and lookupsid.py
#
@lxe
lxe / goes16-rtlsdr.md
Last active April 9, 2025 14:33
Receive GOES-16 and GOES-17 Images with a Raspberry Pi and RTL-SDR dongle
@0xhexmex
0xhexmex / Get-KerberosKeytab.ps1
Created February 14, 2019 21:50 — forked from raandree/Get-KerberosKeytab.ps1
Parses Kerberos Keytab files
param(
[Parameter(Mandatory)]
[string]$Path
)
#Created by [email protected]
#
#Got keytab structure from http://www.ioplex.com/utilities/keytab.txt
#
# keytab {
@TarlogicSecurity
TarlogicSecurity / kerberos_attacks_cheatsheet.md
Created May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@darconeous
darconeous / tesla-key-card-protocol.md
Last active April 8, 2025 23:28
Tesla Key Card Protocol

Tesla Key Card Protocol

Researched by Robert Quattlebaum [email protected].

Last updated 2020-02-03.

Image of Tesla Key Card Image of Tesla Model 3 Key Fob

@0xtornado
0xtornado / 0_CyberChef_CobaltStrike_Shellcode_Decoder_Recipe
Created April 30, 2020 14:11
CyberChef recipe to extract and decode Shellcode from a Cobalt Strike beacon
[{"op":"Conditional Jump","args":["bxor",false,"Decode_Shellcode",10]},{"op":"Label","args":["Decode_beacon"]},{"op":"From Base64","args":["A-Za-z0-9+/=",true]},{"op":"Decode text","args":["UTF-16LE (1200)"]},{"op":"Regular expression","args":["User defined","[a-zA-Z0-9+/=]{30,}",true,true,false,false,false,false,"List matches"]},{"op":"From Base64","args":["A-Za-z0-9+/=",true]},{"op":"Gunzip","args":[]},{"op":"Label","args":["Decode_Shellcode"]},{"op":"Regular expression","args":["User defined","[a-zA-Z0-9+/=]{30,}",true,true,false,false,false,false,"List matches"]},{"op":"Conditional Jump","args":["",false,"",10]},{"op":"From Base64","args":["A-Za-z0-9+/=",true]},{"op":"XOR","args":[{"option":"Decimal","string":"35"},"Standard",false]}]