| # NOTE: the most updated version of PowerView (http://www.harmj0y.net/blog/powershell/make-powerview-great-again/) | |
| # has an updated tricks Gist at https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993 | |
| # get all the groups a user is effectively a member of, 'recursing up' | |
| Get-NetGroup -UserName <USER> | |
| # get all the effective members of a group, 'recursing down' | |
| Get-NetGroupMember -GoupName <GROUP> -Recurse | |
| # get the effective set of users who can administer a server |
| function Invoke-UACBypass { | |
| <# | |
| .SYNOPSIS | |
| Bypasses UAC on Windows 10 by abusing the SilentCleanup task to win a race condition, allowing for a DLL hijack without a privileged file copy. | |
| Author: Matthew Graeber (@mattifestation), Matt Nelson (@enigma0x3) | |
| License: BSD 3-Clause | |
| Required Dependencies: None | |
| Optional Dependencies: None |
UPD 2: Official standalone Signal Desktop is released!
Install official Signal Desktop, old version and this guide using it should now be considered deprecated.
UPD 1: There is now an easier way with automatic Signal Desktop installer, which also keeps Signal updated.
| Windows.10.and.Office.2016.gVLK | |
| ##################################################################### | |
| # Install/Uninstall keys # | |
| ##################################################################### | |
| 1.) Uninstall the current product by entering the “uninstall product key” extension: | |
| slmgr.vbs /upk | |
| 2.) Install the key that you obtained above for “Windows Srv 2012R2 DataCtr/Std KMS for Windows 10” |
| // start with: | |
| // frida -U -l pinning.js -f [APP_ID] --no-pause | |
| Java.perform(function () { | |
| console.log('') | |
| console.log('===') | |
| console.log('* Injecting hooks into common certificate pinning methods *') | |
| console.log('===') | |
| var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager'); |
| from datetime import datetime | |
| import time | |
| import threading | |
| ########################### | |
| from multiprocessing import Process | |
| import random | |
| ########################### | |
| import dns.resolver | |
| import dns.reversename | |
| import ftplib |
Researched by Robert Quattlebaum darco@deepdarc.com.
Last updated 2020-02-03.
| As always, only for use on networks you own or have permission to test against. | |
| Similar functionality to SpiderLabs SCShell (https://github.com/SpiderLabs/SCShell) but from the command line using WMIC to run commands on other systems remotely. | |
| If attempting to run multiple commands, SCShell will probably be move convenient as it automates the below steps. However, for one-offs this works fine as well. | |
| The process involves a total of four commands, three of which can be combined on the command line to form one large block. | |
| Step 1: Get the current pathName of your target service so we can restore it once we've ran our command (in our case XblAuthManager) | |
| wmic /user:DOMAIN\USERNAME /password:PASSWORD /node:TARGET_IP service where name='XblAuthManager' get pathName |
I want to disable monitor mode for the interal wlan0 card of the pi. If you want to do that too and use wlan1 as mon0 do:
sed -i 's/phy0/phy1/g' /usr/bin/pwnlibIf you want wlan0 and wlan1 in monitor mode and want to use wlan1 as pwnagotchi device, use this ps did didn't work for me but above example
sudo su
rm /etc/network/interfaces.d/wlan1-cfg
sudo apt install winbind)