heartburn-dev Goto Github PK

adfsdump

aspx-rev-shell-w-impersonation

ASPX reverse shell that supports impersonation with valid credentials.

centreon-v19.04-brute-forcer-rce

A tool that will allow the brute forcing of the Centreon 19.04 administration panel, and then also allow for RCE after credentials have been obtained.

cloudlabsad

Terraform + Ansible deployment scripts for an Active Directory lab environment.

csharpinjector

Process injection executable using low level API's such as NT_CREATE_SECTION rather than the traditional VirtualAlloc.

easy_as_lfi

Local File Inclusion automation tool that can either scan from a string, or read from a wordlist, to determine the availability of files on the system. Just edit the url and follow the instructions.

freaky-forward-shell

Forward shell inspired by Ippsecs and 0xdf's example. Useful for bypassing strict firewalls.

ipfire-2.15-shellshock-exploit

RCE (Remote Code Execution) for IPFire V2.15 Core Update 82 and below. Requires authentication and takes advantage of a ShellShock vulnerability within bash.

linux-command-quiz

A small python script that tests whether a user knows basic linux commands.

maraca

D/Invoke Process Hollower. Ported over from P/Invoke as part of learning done during the CRTOII course from Rastamouse. Maracas are also hollow.

masters_bits_n_bobs

Just a couple scripty bits chucked together for the masters I'm doing.

pki-escalate

Quick and dirty PowerShell script to abuse the overly permissive capabilities of the SYSTEM user in a child domain on the Public Key Services and Enrollment Services ADCS containers to obtain Enterprise Administrator from Domain Administrator. Works by enabling a user to perform ESC1 (Enrolee supplying the SAN).

resource-program-for-cyber-students

A small program that is designed to provide resources and learning materials to beginner level Cyber Security students and also to check they know basic Linux commands.

streamlined

terms

TERMS is part of my personal dissertation project at the University of South Wales and aims to improve a users ability to enumerate a target.

vulnerable-ad-terraform

Learning a little bit of DevOps and using Infrastructure-as-a-Code tools to automate the creation of the AD lab in TCM Security's course.

xamppwn-webdav-file-upload-exploit

XAMPP WebDav File Upload Exploitation. Creates a payload that gets stored on the server and then executed to call back and start a reverse shell against the target.

yetanotherpentestingnotespage

My collection of notes and commands that I've used over the last year in various certifications, capture the flag platforms and general studying.