Carlos Perez darkoperator

## dnspsv2srv.ps1
# Embed a DLL so as to add the library necessary to perform DNS Queries.
$EncodedCompressedFile = @'
xL0HfBzFFT8+t3u3ezpJlk6y91Rs3xkwnLWybFmUc8GWAZseTC8GXGkGfCBBKLbAIZQALhgcijHNYNMhgMH0HgIhhC5AxCSQ3hNCQiiWf+/7pu1JMuT3//w+n79hdbtv+sybN2/ee/Nm/6OuEK4QIk7Pli1CPCrkv3bx7f+W0DMo+/ggsaHstRGPxvZ7bcQhJ57UmTuto3hCx5xTc/PmLFxYPCM397hcx5kLcyctzO1xwMG5U4vzj2uprExtp/KYMU2I/WKuaDvvj/vofH8lnBHlsaQQVztCVEhYy8P0nqOXZx1ZO7w7st5C2F+B1hD81t879NN+kRDV/L/9NT/8750NjjhcyHyvKBugkb9ydBX+7/5R/ZKRzyR97xX5bjnjuLPPoN8df6jahbY6/bKY3dLR2TGP3rluaHuKfq8tjdhO/7d0HHdKcZ7qrl+pvNb2i7db32pWPyzjoG6OSIgnt8TE7A1C6K4YSv0DnJiRk+P9bf/afrBH7vXvvbs83He3rmHZd148ouvUeTuuX/vn9tXrH/NXPDH8pZqGKZN3Gvl4256fbHNC0/3VH6869MV1N8/e8tCEc34/7Sfzrnrwxrpbe04/PplcuumVp098KFPc/8Lph15zUv77Fb/Z944J178xZt8/LTtu8sh7/j706Os/XjbnzmOPez299z1PuBcce87snjn31NeOjQlf1cXJf4/6q0nUjnXEIA0byUC3K0Y40yRESfxFEliaxwSVRxRWYWCegnV86IvTOL+EwS+nYfDgwXkaMC9fTn+aSsLcbwqL9wlzxVCqGv2fDkf1VsTENKDWMfTsS09Iz7P03ETPqfScT0+ank7Cay+VQ617B8VE+JLjLV5ADczkf+AIb3Qu5+iQe0IRxmIdOyXFaR1H0p/OemrfubmYDl/qNrTslhPqs3D

## runcalc.js
function RunCalc() {
  var shell = WScript.CreateObject("WScript.Shell");
  shell.Run("calc.exe");
}

## Get-PsgProcess.ps1
function Get-PsgProcess {
    <#
    .SYNOPSIS
        Query the CIM Object database for a list of processes on a target host.
    .DESCRIPTION
        Query the CIM Object database for a list of processes on a target host. The function allows for
        filtering so as to better target the desired processes.
    .EXAMPLE
        PS C:\> Get-PsgProcess -CimSession (Get-CimSession -Id 2) -ExecutablePath "C:\\User"

## iphelper.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Management.Automation;
using System.Net;

namespace IPHelper
{

## instposhsshdev
$webclient = New-Object System.Net.WebClient
$url = "https://github.com/darkoperator/Posh-SSH/archive/master.zip"
Write-Host "Downloading latest version of Posh-SSH from $url" -ForegroundColor Cyan
$file = "$($env:TEMP)\Posh-SSH.zip"
$webclient.DownloadFile($url,$file)
Write-Host "File saved to $file" -ForegroundColor Green
$targetondisk = "$($env:USERPROFILE)\Documents\WindowsPowerShell\Modules"
New-Item -ItemType Directory -Force -Path $targetondisk | out-null
$shell_app=new-object -com shell.application
$zip_file = $shell_app.namespace($file)

## JSON .Net
[void][System.Reflection.Assembly]::LoadWithPartialName("System.Web.Extensions")
$Serializer = New-Object System.Web.Script.Serialization.JavaScriptSerializer
$json = $server_reply.Content
$Deserialized = $Serializer.DeserializeObject($json)

## bad.hta
<Html>
<Head>
<Title>Support Information</Title>

<HTA:Application
Caption = Yes
Border = Thick
ShowInTaskBar = Yes
SingleInstance = Yes
MaximizeButton = No

## Invoke-VyOSCommand.ps1
<#
.Synopsis
   Execute commands against VyOS.
.DESCRIPTION
   Execute commands against VyOS using a SSHShellStream.
#>
function Invoke-VyOSCommand
{
    [CmdletBinding()]
    [Alias()]

## dg.ps1
$s1 = (gwmi -List Win32_ShadowCopy).Create("C:\", "ClientAccessible")
$s2 = gwmi Win32_ShadowCopy | ? { $_.ID -eq $s1.ShadowID }
$d  = $s2.DeviceObject + "\"
cmd /c mklink /d C:\scpy "$d"
New-CIPolicy -Level RootCertificate -FilePath C:\BasePolicy.xml -ScanPath C:\scpy -UserPEs
$s2.Delete()
Remove-Item -Path C:\scpy -Force
Set-RuleOption –option 3 –FilePath C:\BasePolicy.xml
ConvertFrom-CIPolicy C:\BasePolicy.xml C:\BasePolicy.bin
Move-Item C:\BasePolicy.bin c:\Windows\System32\CodeIntegrity\SIPolicy.p7b -force

## PoshVTInstall.ps1
# Make sure the module is not loaded
Remove-Module Posh-VirusTotal -ErrorAction SilentlyContinue
# Download latest version
$webclient = New-Object System.Net.WebClient
$url = "https://github.com/darkoperator/Posh-VirusTotal/archive/master.zip"
Write-Host "Downloading latest version of Posh-VirusTotal from $url" -ForegroundColor Cyan
$file = "$($env:TEMP)\Posh-VirusTotal.zip"
$webclient.DownloadFile($url,$file)
Write-Host "File saved to $file" -ForegroundColor Green
# Unblock and Decompress
	# Embed a DLL so as to add the library necessary to perform DNS Queries.
	$EncodedCompressedFile = @'
	xL0HfBzFFT8+t3u3ezpJlk6y91Rs3xkwnLWybFmUc8GWAZseTC8GXGkGfCBBKLbAIZQALhgcijHNYNMhgMH0HgIhhC5AxCSQ3hNCQiiWf+/7pu1JMuT3//w+n79hdbtv+sybN2/ee/Nm/6OuEK4QIk7Pli1CPCrkv3bx7f+W0DMo+/ggsaHstRGPxvZ7bcQhJ57UmTuto3hCx5xTc/PmLFxYPCM397hcx5kLcyctzO1xwMG5U4vzj2uprExtp/KYMU2I/WKuaDvvj/vofH8lnBHlsaQQVztCVEhYy8P0nqOXZx1ZO7w7st5C2F+B1hD81t879NN+kRDV/L/9NT/8750NjjhcyHyvKBugkb9ydBX+7/5R/ZKRzyR97xX5bjnjuLPPoN8df6jahbY6/bKY3dLR2TGP3rluaHuKfq8tjdhO/7d0HHdKcZ7qrl+pvNb2i7db32pWPyzjoG6OSIgnt8TE7A1C6K4YSv0DnJiRk+P9bf/afrBH7vXvvbs83He3rmHZd148ouvUeTuuX/vn9tXrH/NXPDH8pZqGKZN3Gvl4256fbHNC0/3VH6869MV1N8/e8tCEc34/7Sfzrnrwxrpbe04/PplcuumVp098KFPc/8Lph15zUv77Fb/Z944J178xZt8/LTtu8sh7/j706Os/XjbnzmOPez299z1PuBcce87snjn31NeOjQlf1cXJf4/6q0nUjnXEIA0byUC3K0Y40yRESfxFEliaxwSVRxRWYWCegnV86IvTOL+EwS+nYfDgwXkaMC9fTn+aSsLcbwqL9wlzxVCqGv2fDkf1VsTENKDWMfTsS09Iz7P03ETPqfScT0+ank7Cay+VQ617B8VE+JLjLV5ADczkf+AIb3Qu5+iQe0IRxmIdOyXFaR1H0p/OemrfubmYDl/qNrTslhPqs3D
	function RunCalc() {
	var shell = WScript.CreateObject("WScript.Shell");
	shell.Run("calc.exe");
	}
	function Get-PsgProcess {
	<#
	.SYNOPSIS
	Query the CIM Object database for a list of processes on a target host.
	.DESCRIPTION
	Query the CIM Object database for a list of processes on a target host. The function allows for
	filtering so as to better target the desired processes.
	.EXAMPLE
	PS C:\> Get-PsgProcess -CimSession (Get-CimSession -Id 2) -ExecutablePath "C:\\User"
	using System;
	using System.Collections.Generic;
	using System.Linq;
	using System.Text;
	using System.Threading.Tasks;
	using System.Management.Automation;
	using System.Net;

	namespace IPHelper
	{
	$webclient = New-Object System.Net.WebClient
	$url = "https://github.com/darkoperator/Posh-SSH/archive/master.zip"
	Write-Host "Downloading latest version of Posh-SSH from $url" -ForegroundColor Cyan
	$file = "$($env:TEMP)\Posh-SSH.zip"
	$webclient.DownloadFile($url,$file)
	Write-Host "File saved to $file" -ForegroundColor Green
	$targetondisk = "$($env:USERPROFILE)\Documents\WindowsPowerShell\Modules"
	New-Item -ItemType Directory -Force -Path $targetondisk \| out-null
	$shell_app=new-object -com shell.application
	$zip_file = $shell_app.namespace($file)
	[void][System.Reflection.Assembly]::LoadWithPartialName("System.Web.Extensions")
	$Serializer = New-Object System.Web.Script.Serialization.JavaScriptSerializer
	$json = $server_reply.Content
	$Deserialized = $Serializer.DeserializeObject($json)
	<Html>
	<Head>
	<Title>Support Information</Title>

	<HTA:Application
	Caption = Yes
	Border = Thick
	ShowInTaskBar = Yes
	SingleInstance = Yes
	MaximizeButton = No
	<#
	.Synopsis
	Execute commands against VyOS.
	.DESCRIPTION
	Execute commands against VyOS using a SSHShellStream.
	#>
	function Invoke-VyOSCommand
	{
	[CmdletBinding()]
	[Alias()]
	$s1 = (gwmi -List Win32_ShadowCopy).Create("C:\", "ClientAccessible")
	$s2 = gwmi Win32_ShadowCopy \| ? { $_.ID -eq $s1.ShadowID }
	$d = $s2.DeviceObject + "\"
	cmd /c mklink /d C:\scpy "$d"
	New-CIPolicy -Level RootCertificate -FilePath C:\BasePolicy.xml -ScanPath C:\scpy -UserPEs
	$s2.Delete()
	Remove-Item -Path C:\scpy -Force
	Set-RuleOption –option 3 –FilePath C:\BasePolicy.xml
	ConvertFrom-CIPolicy C:\BasePolicy.xml C:\BasePolicy.bin
	Move-Item C:\BasePolicy.bin c:\Windows\System32\CodeIntegrity\SIPolicy.p7b -force
	# Make sure the module is not loaded
	Remove-Module Posh-VirusTotal -ErrorAction SilentlyContinue
	# Download latest version
	$webclient = New-Object System.Net.WebClient
	$url = "https://github.com/darkoperator/Posh-VirusTotal/archive/master.zip"
	Write-Host "Downloading latest version of Posh-VirusTotal from $url" -ForegroundColor Cyan
	$file = "$($env:TEMP)\Posh-VirusTotal.zip"
	$webclient.DownloadFile($url,$file)
	Write-Host "File saved to $file" -ForegroundColor Green
	# Unblock and Decompress