Skip to content

Instantly share code, notes, and snippets.

@obscuresec
obscuresec / Get-AdDnsRecords
Last active Aug 27, 2016
Get-AdDnsRecords
View Get-AdDnsRecords
function Get-ADDNSRecords {
<#
update of dns-dump.ps1 by Michael B. Smith
michael at smithcons dot com
https://github.com/mmessano/PowerShell/blob/master/dns-dump.ps1
#>
Param(
[string]$zone = "$env:USERDNSDOMAIN",
[string]$dc = "$(($env:LOGONSERVER).trim('\'))"
)
View gist:d40270da694322bfee75
$DirEntry = New-Object DirectoryServices.DirectoryEntry('LDAP://dc=demo,dc=lab',$user,$pass)
$AdsiSearcher = New-Object DirectoryServices.DirectorySearcher($ADSI,"(objectCategory=User)")
$AdsiSearcher.findall()
@obscuresec
obscuresec / dirtywebserver.ps1
Created May 18, 2014
Dirty PowerShell Webserver
View dirtywebserver.ps1
$Hso = New-Object Net.HttpListener
$Hso.Prefixes.Add("http://+:8000/")
$Hso.Start()
While ($Hso.IsListening) {
$HC = $Hso.GetContext()
$HRes = $HC.Response
$HRes.Headers.Add("Content-Type","text/plain")
$Buf = [Text.Encoding]::UTF8.GetBytes((GC (Join-Path $Pwd ($HC.Request).RawUrl)))
$HRes.ContentLength64 = $Buf.Length
$HRes.OutputStream.Write($Buf,0,$Buf.Length)
View gist:b6c97b423fedc4500c10
$LdapFilter = #Query Goes Here
([adsisearcher]"$LdapFilter").Findall()
View gist:d1bafa3013ced1b38f08
([adsisearcher]"objectCategory=User").Findall() | ForEach {$_.properties.cn}
View gist:bd30a8431ee4bc32f1cd
powershell.exe -com '([adsisearcher]'objectCategory=Computer').Findall() | ForEach {$_.properties.cn}'
View gist:bba41defe6db2aaf09bd
(cmd /c echo {([adsisearcher]'objectCategory=Computer').Findall() | ForEach {$_.properties.cn}}).split(' ')[1]
View gist:7faa11676c21ab84b888
powershell.exe -enc KABbAGEAZABzAGkAcwBlAGEAcgBjAGgAZQByAF0AJwBvAGIAagBlAGMAdABDAGEAdABlAGcAbwByAHkAPQBDAG8AbQBwAHUAdABlAHIAJwApAC4ARgBpAG4AZABhAGwAbAAoACkAIAB8ACAARgBvAHIARQBhAGMAaAAgAHsAJABfAC4AcAByAG8AcABlAHIAdABpAGUAcwAuAGMAbgB9AA==
View gist:7ee41139bada41b7c737
powershell.exe -com "((([adsisearcher]"objectCategory=User").Findall())[0].properties).PropertyNames"
@obscuresec
obscuresec / psproxy.ps1
Created May 19, 2014
Simple but dirty Powershell web proxy
View psproxy.ps1
#simple and dirty proxy
#usage: http://127.0.0.1:8000/?url=http://www.obscuresec.com
$Up = "http://+:8000/"
$Hso = New-Object Net.HttpListener
$Wco = New-Object Net.Webclient
#ignore self-signed/invalid ssl certs
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$True}
Foreach ($P in $Up) {$Hso.Prefixes.Add($P)}
You can’t perform that action at this time.