Skip to content

Instantly share code, notes, and snippets.

View blacklabssecurity's full-sized avatar

m4l3n1c3 blacklabssecurity

7 followers · 4 following
View GitHub Profile
@srugano
srugano / noroot_tcpdump.sh
Created October 9, 2021 12:23
Enable tcpdump for non-root users on Debian/Ubuntu.
#!/usr/bin/env bash
# NOTE: This will let anyone who belongs to the 'pcap' group
# execute 'tcpdump'
# NOTE2: User running the script MUST be a sudoer. It is
# convenient to be able to sudo without a password.
sudo groupadd pcap
sudo usermod -a -G pcap $USER
@nikallass
nikallass / check-smb-v3.11.sh
Created March 11, 2020 04:57
CVE-2020-0796. Scan HOST/CIDR with nmap script smb-protocols.nse and grep SMB version 3.11.
#!/bin/bash
if [ $# -eq 0 ]
then
echo $'Usage:\n\tcheck-smb-v3.11.sh TARGET_IP_or_CIDR'
exit 1
fi
echo "Checking if there's SMB v3.11 in" $1 "..."
nmap -p445 --script smb-protocols -Pn -n $1 | grep -P '\d+\.\d+\.\d+\.\d+|^\|.\s+3.11' | tr '\n' ' ' | replace 'Nmap scan report for' '@' | tr "@" "\n" | grep 3.11 | tr '|' ' ' | tr '_' ' ' | grep -oP '\d+\.\d+\.\d+\.\d+'
@MarkBaggett
MarkBaggett / 1 - pythons_sinister_secrets.md
Last active April 16, 2023 21:37
Come To The Darkside - Pythons Sinister Secrets
@HarmJ0y
HarmJ0y / cobaltstrike_sa.txt
Created September 28, 2018 22:22
Cobalt Strike Situational Awareness Commands
Windows version:
reg query x64 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Users who have authed to the system:
ls C:\Users\
System env variables:
reg query x64 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
Saved outbound RDP connections:
@MSAdministrator
MSAdministrator / SNAPSHOT.BAT
Created February 23, 2017 01:19
SNAPSHOT.BAT
@ECHO OFF
REM **********************************************************************
REM Name: SNAPSHOT.BAT
REM Version: 3.3
REM Date: 2.Apr.2013
REM Author: Jason Fossen (http://www.sans.org/windows-security/)
REM Purpose: Dumps a vast amount of configuration data for the sake
REM of auditing and forensics analysis. Compare snapshot
REM files created at different times to extract differences.
REM Usage: Place the script into a directory where it is safe to
@teocci
teocci / UsingOSQLCommandLineTool.md
Last active October 9, 2024 08:40
Using the OSQL Command Line Tool to Perform SQL Server Operations

Using the OSQL Command Line Tool to Perform SQL Server Operations

Applies To: Express Software Manager version 7.x and above

Summary

If you do not have a version of Microsoft SQL Server that includes an interactive management application such as SQL Enterprise Manager or SQL Studio, you can still perform maintenance tasks such as backup and restore, on your Express database using OSQL, the command line SQL tool. This technical note describes how to perform such tasks using OSQL.

Using OSQL with the Express Database

@dayreiner
dayreiner / log-all-zsh-bash-commands-syslog.md
Last active June 2, 2025 06:51
Log all users zsh / bash commands via syslog without 3rd-party tools or auditd

Sending Bash and ZSH Commands to Syslog

Also posted here: http://18pct.com/sending-bash-and-zsh-commands-to-syslog/

Your bash/zsh history is great if its complete, but it doesn't capture commands across all users, sudo's, root commands etc. In particular with test environments, someone may perform a "one-off" procedure and then months later it needs to be repeated. It would be nice to be able to look up what the user did at the time, and searching through multiple, possibly truncated history files is a pain.

Tools like typescript are great if you're actively documenting, but not something you would use all the time in practice and capture more than just a history of your commands. There are third-party tools like rootsh and Snoopy that can accomplish this, but third-party tools can be overkill if all you want is a quick reference in a re