View DomainEnumeration.bat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
whoami & hostname & ipconfig /all & net user /domain 2>&1 & net group /domain 2>&1 & net group "domain admins" /domain 2>&1 & net group "Exchange Trusted Subsystem" /domain 2>&1 & net accounts /domain 2>&1 & net user 2>&1 & net localgroup administrators 2>&1 & netstat -an 2>&1 & tasklist 2>&1 & sc query 2>&1 & systeminfo 2>&1 & reg query "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" 2>&1 |
View WMIPersistence.mof
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
Author: Kyle Hanslovan | |
Contact: @KyleHanslovan | |
License: MIT | |
Date: 07/18/2014 | |
*/ | |
#PRAGMA NAMESPACE ("\\\\.\\root\\subscription") | |
instance of ActiveScriptEventConsumer as $Consumer |
View DeleteNullRegValue.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from ctypes import * | |
from ctypes.wintypes import * | |
import winreg | |
NTSTATUS = c_long | |
PVOID = c_void_p | |
PWSTR = c_wchar_p | |
OBJ_CASE_INSENSITIVE = 0x00000040 |
View CreateNullRegValue.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from ctypes import * | |
from ctypes.wintypes import * | |
import winreg | |
NTSTATUS = c_long | |
PVOID = c_void_p | |
PWSTR = c_wchar_p | |
OBJ_CASE_INSENSITIVE = 0x00000040 |