| function Invoke-GhostTask { | |
| param ( | |
| [string]$TaskName, | |
| [switch]$ShowTasks, | |
| [string]$Id, | |
| [string]$TargetTask, | |
| [string]$TargetBinary, | |
| [string]$Date, | |
| [string]$Help | |
| ) |
| import csv | |
| import requests | |
| import argparse | |
| from bs4 import BeautifulSoup | |
| from colorama import Fore, Style, init | |
| init(autoreset=True) | |
| known_security_vendors = [ | |
| 'symantec', 'mcafee', 'trendmicro', 'kaspersky', 'bitdefender', |
| #!/usr/bin/python3 | |
| import re | |
| import zipfile | |
| import argparse | |
| from urllib.parse import urlparse | |
| from colorama import Fore, Style, init | |
| init() |
This is a minimal /etc/ssl/openssl.cnf supporting legacy algorithms on modern openssl installations
where it is disabled by default.
The marked (######) lines should be added to your openssl.cnf (other parts may be unchanged).
For checking if legacy providers are enabled successfully:
$ openssl list -providers
Providers:
| $elevated = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) | |
| function Show-Menu { | |
| Clear-Host | |
| Write-Host "======================================================" | |
| Write-Host "================ Give Back Control ================" | |
| Write-Host "======================================================" | |
| if($elevated -eq $true){ | |
| Write-Host "Local Admin: " -ForegroundColor white -NoNewline; Write-Host $elevated -ForegroundColor Green | |
| Write-Host "We have superpowers. Ready to continue." |
| """ | |
| Transform a binary file into a C header file. | |
| The binary file is splitted into 16 char strings and rebuild at execution time. | |
| The function buildsc() must be called in your main to rebuild the binary file into the sc C variable. | |
| The length is set in the sc_length variable. | |
| Be carefull, try to avoid compiler code optimization as it will remove all these modifications in the final binary. | |
| """ |
| import re, sys | |
| def rule_startswith(ioc_string): | |
| def __match(pipename): | |
| if pipename.startswith(ioc_string): | |
| print("\tMATCH startswith({})".format(ioc_string)) | |
| return True | |
| return False | |
| return __match |
| // Copyright (C) 2022 Evan McBroom | |
| // | |
| // Permission is hereby granted, free of charge, to any person obtaining a copy | |
| // of this software and associated documentation files (the "Software"), to deal | |
| // in the Software without restriction, including without limitation the rights | |
| // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
| // copies of the Software, and to permit persons to whom the Software is | |
| // furnished to do so, subject to the following conditions: | |
| // | |
| // The above copyright notice and this permission notice shall be included in |
In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;
The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.
| CACHE_INFO: 127.0.0.1 | |
| CF_CONNECTING_IP: 127.0.0.1 | |
| CF-Connecting-IP: 127.0.0.1 | |
| CLIENT_IP: 127.0.0.1 | |
| Client-IP: 127.0.0.1 | |
| COMING_FROM: 127.0.0.1 | |
| CONNECT_VIA_IP: 127.0.0.1 | |
| FORWARD_FOR: 127.0.0.1 | |
| FORWARD-FOR: 127.0.0.1 | |
| FORWARDED_FOR_IP: 127.0.0.1 |