LucaBongiorni

## CIPolicyParser.ps1
# Ensure System.Security assembly is loaded.
Add-Type -AssemblyName System.Security

function ConvertTo-CIPolicy {
<#
.SYNOPSIS

Converts a binary file that contains a Code Integrity policy into XML format.

Author: Matthew Graeber (@mattifestation)

## mubix-lock.sh
#!/bin/bash
#
# Attack created by Mubix.  For more information see:
# https://room362.com/post/2016/snagging-creds-from-locked-machines
# Modified for Nethunter by Binkybear
#

# ================== #
# Check for root
# ================== #

## UACBypass.ps1
function Invoke-UACBypass {
<#
.SYNOPSIS

Bypasses UAC on Windows 10 by abusing the SilentCleanup task to win a race condition, allowing for a DLL hijack without a privileged file copy.

Author: Matthew Graeber (@mattifestation), Matt Nelson (@enigma0x3)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None

## MS16-032.ps1
function Invoke-MS16-032 {
<#
.SYNOPSIS

    PowerShell implementation of MS16-032. The exploit targets all vulnerable
    operating systems that support PowerShell v2+. Credit for the discovery of
    the bug and the logic to exploit it go to James Forshaw (@tiraniddo) and @Fuzzysec for the original PS script.
    Modifications by Mike Benich (@benichmt1).

    Targets:

## Find-KeePassconfig.ps1
function Find-KeePassconfig {
<#
    .SYNOPSIS

        Finds and parses any KeePass.config.xml (2.X) and KeePass.ini (1.X) files.

        Author: @harmj0y
        License: BSD 3-Clause
        Required Dependencies: None
        Optional Dependencies: None

## ADC2.ps1
#Requires -Version 2

function New-ADPayload {
<#
    .SYNOPSIS

        Stores PowerShell logic in the mSMQSignCertificates of the specified -TriggerAccount and generates
        a one-line launcher.

        Author: @harmj0y

## warberrypi2.sh
#!/bin/bash

# This is the Raspberry Pi2 Kali ARM build script - http://www.kali.org/downloads
# A trusted Kali Linux image created by Offensive Security - http://www.offensive-security.com

if [[ $# -eq 0 ]] ; then
    echo "Please pass version number, e.g. $0 2.0"
    exit 0
fi
	# Ensure System.Security assembly is loaded.
	Add-Type -AssemblyName System.Security

	function ConvertTo-CIPolicy {
	<#
	.SYNOPSIS

	Converts a binary file that contains a Code Integrity policy into XML format.

	Author: Matthew Graeber (@mattifestation)
	#!/bin/bash
	#
	# Attack created by Mubix. For more information see:
	# https://room362.com/post/2016/snagging-creds-from-locked-machines
	# Modified for Nethunter by Binkybear
	#

	# ================== #
	# Check for root
	# ================== #
	function Invoke-UACBypass {
	<#
	.SYNOPSIS

	Bypasses UAC on Windows 10 by abusing the SilentCleanup task to win a race condition, allowing for a DLL hijack without a privileged file copy.

	Author: Matthew Graeber (@mattifestation), Matt Nelson (@enigma0x3)
	License: BSD 3-Clause
	Required Dependencies: None
	Optional Dependencies: None
	function Invoke-MS16-032 {
	<#
	.SYNOPSIS

	PowerShell implementation of MS16-032. The exploit targets all vulnerable
	operating systems that support PowerShell v2+. Credit for the discovery of
	the bug and the logic to exploit it go to James Forshaw (@tiraniddo) and @Fuzzysec for the original PS script.
	Modifications by Mike Benich (@benichmt1).

	Targets:
	function Find-KeePassconfig {
	<#
	.SYNOPSIS

	Finds and parses any KeePass.config.xml (2.X) and KeePass.ini (1.X) files.

	Author: @harmj0y
	License: BSD 3-Clause
	Required Dependencies: None
	Optional Dependencies: None
	#Requires -Version 2

	function New-ADPayload {
	<#
	.SYNOPSIS

	Stores PowerShell logic in the mSMQSignCertificates of the specified -TriggerAccount and generates
	a one-line launcher.

	Author: @harmj0y
	#!/bin/bash

	# This is the Raspberry Pi2 Kali ARM build script - http://www.kali.org/downloads
	# A trusted Kali Linux image created by Offensive Security - http://www.offensive-security.com

	if [[ $# -eq 0 ]] ; then
	echo "Please pass version number, e.g. $0 2.0"
	exit 0
	fi