-
Service Control Manager
- This method is used by psexec and all of its clones to start the executable that psexec creates.
-
Task scheduler (scheduled task)
- A command to be run at designated time(s) as SYSTEM.
jermdw
/ SimpleHTTPServerWithUpload.py
Created
June 18, 2018 20:30
— forked from touilleMan/SimpleHTTPServerWithUpload.py
Simple Python Http Server with Upload - Python3 version
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """Simple HTTP Server With Upload. | |
| This module builds on BaseHTTPServer by implementing the standard GET | |
| and HEAD requests in a fairly straightforward manner. | |
| see: https://gist.github.com/UniIsland/3346170 | |
| """ | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (gwmi Win32_UserProfile | ? { $_.SID -notmatch "S-1-5-(18|19|20).*" }).LocalPath | % { ls -Path $_ -Recurse -Filter "*.exe" } | % { Get-AuthenticodeSignature -FilePath $_.FullName } | ? { $_.Status -ne 'Valid' } |
jermdw
/ Find Alternate Data Streams Powershell
Created
April 19, 2018 17:07
— forked from greyboxsoftware/Find Alternate Data Streams Powershell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Grabs the path you wish to search | |
| $getPath = Read-Host "What is the path you would like to search (example: c:\temp)" | |
| #recursively searches through a path and grabs the data streams | |
| $getItem = Get-ChildItem -Path $getPath -Recurse | Get-Item -Stream * | |
| foreach($item in $getItem) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create Windows Server 2016 Domain Controller | |
| # with a little help from: https://j3rm.io/2EKvjXY | |
| # rename computer | |
| Rename-computer -newname 2016-DC01 | |
| # setup ip configuration | |
| $ipaddress = "10.0.0.2" | |
| $dnsaddress = "127.0.0.1" | |
| New-NetIPAddress -InterfaceAlias Ethernet -IPAddress $ipaddress -AddressFamily IPv4 -PrefixLength 24 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Perform on Client computer | |
| Set-Item wsman:\localhost\Client\TrustedHosts -Value < destination host > -Concatenate | |
| # Ensure WinRM is running on destination host | |
| Test-WSMan <destHost> | |
| # Connect | |
| $cred = Get-Credential | |
| Enter-PSSession -computername <computername> -Credential $cred |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule Carbanak_Go_Trojan | |
| { | |
| meta: | |
| author = “RSA FW” | |
| strings: | |
| $mz = { 4D 5A } | |
| $build_id = “Go build ID: | |
| \”33ee104ab2c9fc37c067a26623e7fddd3bb76302\”” |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM alpine | |
| # Include dist | |
| ADD dist/ /root/dist/ | |
| # Install packages | |
| RUN apk -U upgrade && \ | |
| apk add bash \ | |
| ca-certificates \ | |
| file \ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| modprobe dummy | |
| lsmod | grep dummy | |
| ip link set name eth10 dev dummy0 | |
| ip link show eth10 | |
| ifconfig eth10 hw ether 00:22:22:ff:ff:ff | |
| ip link show eth10 | |
| ip addr add 192.168.100.199/24 brd + dev eth10 label eth10:0 | |
| ifconfig eth10 up |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '2' | |
| services: | |
| elasticsearch1: | |
| image: docker.elastic.co/elasticsearch/elasticsearch:5.2.2 | |
| container_name: elasticsearch1 | |
| environment: | |
| - cluster.name=docker-cluster | |
| - bootstrap.memory_lock=true | |
| - "ES_JAVA_OPTS=-Xms512m -Xmx512m" | |
| - xpack.security.enabled=false |