Justin Forbes justinforbes
justinforbes
/ windows_hardening.cmd
Created
November 21, 2022 15:34
— forked from mackwage/windows_hardening.cmd
Script to perform some hardening of Windows OS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :: Windows 10 Hardening Script | |
| :: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering. | |
| :: Obligatory 'views are my own'. :) | |
| :: Thank you @jaredhaight for the Win Firewall config recommendations! | |
| :: Thank you @ricardojba for the DLL Safe Order Search reg key! | |
| :: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings! | |
| :: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater | |
| : |
justinforbes
/ partial-profile.ps1
Created
February 7, 2022 15:07
— forked from skahwah/partial-profile.ps1
WSL Portforwarding
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Stick this in your ps profile c:/Users/you/Documents/WindowsPowerShell/profile.ps1 | |
| function wsl-add-port-forward { | |
| param ($param1) | |
| if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")){ | |
| echo "This function needs to be run as Administrator" | |
| break | |
| } | |
| $remoteport = bash.exe -c "ip -4 addr show eth0 | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -v .255" | |
| $found = $remoteport -match '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}'; |
justinforbes
/ binToUUIDs.py
Created
February 7, 2022 15:02
— forked from ajpc500/binToUUIDs.py
Convert shellcode file to UUIDs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from uuid import UUID | |
| import os | |
| import sys | |
| # Usage: python3 binToUUIDs.py shellcode.bin [--print] | |
| print(""" | |
| ____ _ _______ _ _ _ _ _____ _____ | |
| | _ \(_) |__ __| | | | | | | |_ _| __ \ | |
| | |_) |_ _ __ | | ___ | | | | | | | | | | | | |___ |
justinforbes
/ getnamedpipes.cs
Created
February 7, 2022 14:58
— forked from dmchell/getnamedpipes.cs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System.IO; | |
| using System; | |
| namespace GetNamedPipes | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) | |
| { | |
| Console.WriteLine("[*] Found the following pipes:"); |
justinforbes
/ AWS API calls that return credentials.md
Created
February 7, 2022 14:35
— forked from kmcquade/AWS API calls that return credentials.md
AWS API calls that return credentials
justinforbes
/ cluster.py
Created
February 7, 2022 14:23
— forked from defparam/cluster.py
Gist of the Day: Turbo Intruder Cluster Bomb with SmartFiltering
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Gist of the Day: Turbo Intruder Cluster Bomb with SmartFiltering | |
| # Author: Evan Custodio (@defparam) | |
| # | |
| # MIT License | |
| # Copyright 2021 Evan Custodio | |
| # | |
| # Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: | |
| # | |
| # The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. | |
| # |
justinforbes
/ whey-cewler.py
Created
February 4, 2022 15:34
— forked from lanmaster53/whey-cewler.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Based on the initial work of Digininja at https://github.com/digininja/CeWL. While CeWL is a script written | |
| in Ruby that requires an independent crawl of a website in order to build a custom wordlist, Whey CeWLer | |
| runs within Portswigger's Burp Suite and parses an already crawled sitemap to build a custom wordlist. It | |
| does not have the meta data parsing capabilities that CeWL does, but it more than makes up for it in | |
| convenience. | |
| The name gets its origins from the CeWLer portion of the CO2 Burp extension by Jason Gillam, which is written | |
| in Java and does something similar, but Whey CeWLer is a completely reimagined extension written in Python, | |
| making it "way cooler". |
justinforbes
/ Windows command line gui access.md
Created
February 3, 2022 20:23
— forked from scotgabriel/Windows command line gui access.md
Common windows functions via rundll user32 and control panel
justinforbes
/ Workstation-Takeover.md
Created
February 3, 2022 13:54
— forked from gladiatx0r/Workstation-Takeover.md
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure
In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;
- Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
- Relaying that machine authentication to LDAPS for configuring RBCD
- RBCD takeover
The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.
justinforbes
/ ClippyShellcodeInject.cs
Created
February 1, 2022 15:33
Clipboard Shellcode Injection
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Using the clipboard as your code cave. | |
| // Generate your shellcode with msfvenom or whatever | |
| // Example: msfvenom -p windows/x64/exec CMD=calc exitfunc=thread -f raw -o <outputfile.bin> | |
| // Compile: C:\windows\Microsoft.NET\Framework64\v3.5\csc.exe C:\Path\To\ClippyShellcodeInject.cs | |
| using System; | |
| using System.IO; | |
| using System.Runtime.InteropServices; | |
| namespace ClippySCInject |
NewerOlder