Skip to content

Instantly share code, notes, and snippets.


Block or report user

Report or block SadProcessor

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View TriggerAV.ps1
iex $(([Convert]::FromBase64String("FHJ+YHoTZ1ZARxNgUl5DX1YJEwRWBAFQAFBWHgsFAlEeBwAACh4LBAcDHgNSUAIHCwdQAgALBRQ=") | % { [char] ($_ -bxor 0x33) })-join'')
SadProcessor / Test-IntelMEStuff.ps1
Created May 2, 2017
Quick Cmdlet to check this Intel ME Stuff - Uses WMI - Can be run against multiple targets
View Test-IntelMEStuff.ps1
Check For Intel Stuff (via WMI)
Check if vulnerable to Intel Active Management Technology,
Intel Small Business Technology, and Intel Standard Manageability
Escalation of Privilege. [INTEL-SA-00075 - May 1st 2017]
Uses WMI. Can be run against multiple computers.
Returns a risk indication, check links in notes for more info and remediation options
View OneLineCheese.txt
Function Invoke-CheeseOnToast{[CmdletBinding(DefaultParameterSetname='Dirty')][Alias('CheeseOnToast')]Param([ValidateSet('MS10015','MS10092','MS13053','MS13081','MS14058','MS15051','MS15078','MS16016','MS16032')][Parameter(Position=0,Mandatory=$false)][String[]]$Vuln,[Parameter(Mandatory=$false,ValueFromPipeline=$true)][Alias('Target','T')][String[]]$ComputerName=$env:COMPUTERNAME,[Parameter(Mandatory=$false,ParameterSetname='Dirty')][Alias('U')][String]$User=$env:USERNAME,[Parameter(Mandatory=$false,ParameterSetname='Dirty')][Alias('P')][String]$Pass,[Parameter(Mandatory=$true,ParameterSetname='Clean')][Alias('C')][Switch]$CredBox,[Parameter(Mandatory=$false)][Alias('All','A')][Switch]$ShowAll);Begin{$Result=@();$Creds=@{};if($PSCmdlet.ParameterSetName -eq 'Clean'){$Creds=Get-Credential -U $env:USERNAME -M 'Please Enter Creds'}else{if($Pass){$Creds['Credential']=New-Object System.Management.Automation.PSCredential -A $User,$(ConvertTo-SecureString $Pass -A -F)}};switch($Vuln){'MS10015'{$MS10015=$true};'MS10
SadProcessor /
Last active Apr 6, 2017
Empire Module file for Invoke-CheeseOnToast
from lib.common import helpers
class Module:
def __init__(self, mainMenu, params=[]): = {
'Name': 'Invoke-CheeseOnToast',
'Author': ['SadProcessor'],
'Description': ('Priv Esc Vuln Finder'),
'Background' : True,
'OutputExtension' : None,
'NeedsAdmin' : True,
SadProcessor / TimeStamp.ps1
Last active May 16, 2017
TimeStamp Object
View TimeStamp.ps1
Function Get-Stamp{$Props = @{'Box'=$env:COMPUTERNAME;'MAC'= (Get-NetAdapter -Physical)[0].macaddress;'Stamp'=(Get-Date).DateTime};$Obj = New-Object PSCustomObject -Prop $Props | select MAC,Stamp,Box;Return $Obj};Get-Stamp
View Walk.ps1
function Walk{
[ValidateSet('About Windows dialog','Add Hardware Wizard','Adding a new Device','Advanced User Accounts','Advanced User Accounts msc','Backup and Restore','Bluetooth File Transfer','Calculator','Certificates','Change Computer Performance Settings','Change Data Execution Prevention','Change Data Execution Prevention Settings','Character Map','ClearType Tuner','Color Management','Command Prompt','Component Services','Component Services DCOM','Computer Management','Computer Management launcher','Connect to a Projector','Control Panel','Create A Shared Folder Wizard','Create a System Repair Disc','Data Execution Prevention','Date and Time','Default Location','Device Manager','Device Manager msc','Device Pairing Wizard','Diagnostics Troubleshooting Wizard','Digitizer Calibration Tool','DirectX Diagnostic Tool','Disk Cleanup','Disk Defragmenter','Disk Management','Display','Display Color Calibration','Display Switch','DPAPI Key Migration Wizard','Driver Verifier
SadProcessor / Encodedcalc.txt
Created Mar 11, 2017
Calc encoded > test with
SadProcessor / Get-Qwiki.ps1
Last active Sep 18, 2017
Quick Wikipedia Search Utility (MultiLang) - TIP: add to Posh Profile
View Get-Qwiki.ps1
Quick Wiki Search
Get Wikipedia Search. Summary in Console or Full pages Online.
Qwiki -Search PowerShell
SadProcessor / MultiDynParams.ps1
Last active Mar 20, 2017
Multiple Dynamic Param Template - Because Tab-Completion & Intellisense
View MultiDynParams.ps1
Test Dynamic Params
Multiple Dynamic Param Template
Because Tab-Completion & Intellisense
Try me...
You can’t perform that action at this time.