/
mlcsec.com
Cyber bits and bobs
2023-01-03T21:52:02+00:00
mlc
/
Jekyll
© 2023 mlc
/assets/img/favicons/favicon.ico
/assets/img/favicons/favicon-96x96.png
Python AWAE Prep
2022-05-29T00:00:00+00:00
2022-05-29T00:00:00+00:00
/posts/Python-AWAE-Prep/
mlc
Collection of code snippets/templates I’ve either developed or used on some occasion that may become useful during AWAE.
Extract CSRF Token
import requests
import re
import sys
def login(target):
ps = requests.session() # create persistant session
url = "http://{}/login".format(target)
req = ps.get(url)
reg = re.search(r'([a-z,0-9]){96}', req.text) # edit to match pattern
...
JS AWAE Prep
2022-05-29T00:00:00+00:00
2022-05-29T00:00:00+00:00
/posts/JS-AWAE-Prep/
mlc
Post mainly revolves around going beyond basic XSS payloads and utilising external Js to further our attack. XMLHttpRequest examples will likely come in handy during the course.
Executing External JS
create new script element pointing to external script, add new element to head of HTML doc so it executes
var script = document.createElement("script");
script.type = "text/javascript";
scri...
Tmux Snippets
2021-07-06T00:00:00+00:00
2021-07-06T00:00:00+00:00
/posts/Tmux-Snippets/
mlc
Collection of simple/handy commands and my .tmux.conf.
.tmux.conf
# global
set-option -g history-limit 10000
set -g prefix M-b
bind '%' split-window -h -c '#{pane_current_path}'
bind '"' split-window -v -c '#{pane_current_path}'
bind c new-window -c '#{pane_current_path}'
# Ensure window index numbers get reordered on delete.
set-option -g renumber-windows on
# Start windows and panes ind...
Vim Snippets
2020-06-30T00:00:00+00:00
2020-06-30T00:00:00+00:00
/posts/Vim-Snippets/
mlc
Collection of random snippets including my .vimrc and commands for file/string manipulation in Vim.
.vimrc
syntax on
colo peachpuff
filetype plugin indent on
set tabstop=4
set shiftwidth=4
set expandtab
Commands
Command
Description
%le
move everything left - remove white space at start of each line
1,$join
join ...
Active Directory Domain Enumeration Part 2
2020-06-08T00:00:00+00:00
2020-06-08T00:00:00+00:00
/posts/Active-Directory-Domain-Enumeration-Part-2/
mlc
Active Directory domain enumeration without leveraging PowerView or the Active Directory PowerShell module, will be continuously adding to this.
adsisearcher
[adsisearcher] is a Windows PowerShell type accelerator for seaching Active Directory Domain Services, allowing PowerShell to access the system.directoryservices.directorysearcher .NET class with ease.
The DirectorySearcher class as des...