Skip to content

Instantly share code, notes, and snippets.

View Retoxx2's full-sized avatar

Brandon (Retoxx) Woods Retoxx2

1 follower · 6 following
  • Bay Area, California
  • 23:46 (UTC -07:00)
View GitHub Profile
@gladiatx0r
gladiatx0r / Workstation-Takeover.md
Last active March 17, 2025 03:05
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure

Overview

In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;

  • Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
  • Relaying that machine authentication to LDAPS for configuring RBCD
  • RBCD takeover

The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.

@mark05e
mark05e / Remove-HPbloatware.ps1
Last active April 16, 2025 21:06
Remove HP bloatware. Maintenance Note - https://gist.github.com/mark05e/0a04a54c1e8489c770bd91e4910d7df9
# ██████╗ ███████╗███╗ ███╗ ██████╗ ██╗ ██╗███████╗ ██╗ ██╗██████╗
# ██╔══██╗██╔════╝████╗ ████║██╔═══██╗██║ ██║██╔════╝ ██║ ██║██╔══██╗
# ██████╔╝█████╗ ██╔████╔██║██║ ██║██║ ██║█████╗ ███████║██████╔╝
# ██╔══██╗██╔══╝ ██║╚██╔╝██║██║ ██║╚██╗ ██╔╝██╔══╝ ██╔══██║██╔═══╝
# ██║ ██║███████╗██║ ╚═╝ ██║╚██████╔╝ ╚████╔╝ ███████╗ ██║ ██║██║
# ╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚═══╝ ╚══════╝ ╚═╝ ╚═╝╚═╝
#
# ██████╗ ██╗ ██████╗ █████╗ ████████╗██╗ ██╗ █████╗ ██████╗ ███████╗
# ██╔══██╗██║ ██╔═══██╗██╔══██╗╚══██╔══╝██║ ██║██╔══██╗██╔══██╗██╔════╝
# ██████╔╝██║ ██║ ██║███████║ ██║ ██║ █╗ ██║███████║██████╔╝█████╗
@coltenkrauter
coltenkrauter / fix-wsl2-dns-resolution
Last active May 2, 2025 20:37
Fix DNS resolution in WSL2
More recent resolution:
1. cd ~/../../etc (go to etc folder in WSL).
2. echo "[network]" | sudo tee wsl.conf (Create wsl.conf file and add the first line).
3. echo "generateResolvConf = false" | sudo tee -a wsl.conf (Append wsl.conf the next line).
4. wsl --terminate Debian (Terminate WSL in Windows cmd, in case is Ubuntu not Debian).
5. cd ~/../../etc (go to etc folder in WSL).
6. sudo rm -Rf resolv.conf (Delete the resolv.conf file).
7. In windows cmd, ps or terminal with the vpn connected do: Get-NetIPInterface or ipconfig /all for get the dns primary and
secondary.
@gianpaolof
gianpaolof / gist:bae3ec809c1bff32c7361a617c577710
Last active March 16, 2025 06:36
Turn on/off Fast boot on windows 10 via powershell
Turn on
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /V HiberbootEnabled /T REG_dWORD /D 1 /F
Turn off
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /V HiberbootEnabled /T REG_dWORD /D 0 /F
https://www.tenforums.com/tutorials/4189-turn-off-fast-startup-windows-10-a.html