bontchev

#!/usr/bin/env python
# -*- coding: utf-8 -*-

from __future__ import print_function

import os
import sys

try:
    import olefile

kirk-sayre-work

# Unhide all the very hidden sheets in an Office 97 Excel file.

from __future__ import print_function
import re
import sys

# Read in the Excel file for which to unhide sheets.
fname = sys.argv[1]
f = open(fname, 'rb')
data = f.read()

multiplex3r

#!/usr/bin/env python3
from scapy.all import *
from py2neo import Graph, Node, Relationship

packets = rdpcap("<your_pcap_file>")
g = Graph(password="<your_neo4j_password>")


for packet in packets.sessions():
    pkt = packet.split()

Arno0x

BEWARE: THIS WILL ONLY WORK IN A FRENCH VERSION OF MS-OFFICE/EXCEL

1. Open Excel
2. Click on the active tab
3. Select "Insérer"
4. Click on "Macro MS Excel 4.0".
5. This will create a new worksheet called "Macro1"

================================================================================
In the Macro1 worksheet, paste the following block in cells in column A, starting in cell A1:

djhohnstein

https://ghostbin.com/paste/4x325
<o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o>



              * * * * * * * * * * * * * * * * * * * * *
             *                                         *
            *                                           *
            *              The Unofficial               *
            *                                           *

infosecn1nja

' ASR rules bypass creating child processes
' https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction
' https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office
' https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule

Sub ASR_blocked()
    Dim WSHShell As Object
    Set WSHShell = CreateObject("Wscript.Shell")
    WSHShell.Run "cmd.exe"
End Sub

katjahahn

import sys
import re

if len(sys.argv) <= 1: exit()
scriptpath = sys.argv[1]

with open(scriptpath, 'r') as scriptfile:
	script = scriptfile.read().replace('^', '')
	p = re.compile('\([Ss][Ee][Tt][^=]+=([^&]+)&&')
	s = p.search(script)

wdormann

If (([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
    Write-Warning "This script will not function with administrative privileges. Please run as a normal user."
    Break
}

$outfile = "acltestfile"
set-variable -name paths -value (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).path.Split(";")
Foreach ($path in $paths) {
    # This prints a table of ACLs
    # get-acl $path | %{ $_.Access  } | ft -Wrap -AutoSize -property IdentityReference, AccessControlType, FileSystemRights

leechristensen

<?xml version="1.0" encoding="utf-8"?>
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:ac="http://schemas.microsoft.com/Search/2013/SettingContent" targetNamespace="http://schemas.microsoft.com/Search/2013/SettingContent" elementFormDefault="qualified" >
	<xsd:annotation>
		<xsd:documentation xml:lang="en">Copyright (C) Microsoft. All rights reserved.
Searchable setting content file schema.
		</xsd:documentation>
	</xsd:annotation>
	<xsd:element name="SearchableContent" type="ac:SearchableContentType"/>
	<xsd:complexType name="SearchableContentType">
		<xsd:sequence>

dotps1

#requires -module ActiveDirectory

# Input computers.
$threshold = (Get-Date).AddDays(-180)
$computers = Get-ADComputer -Filter { OperatingSystem -notlike "*server*" -and OperatingSystem -like "*windows*" -and PasswordLastSet -gt $threshold } |
    Select-Object -ExpandProperty Name |
        Sort-Object -Property Name

# Make sure there are not existing jobs.
Get-Job |