Skip to content

Instantly share code, notes, and snippets.

View gist:d40270da694322bfee75
$DirEntry = New-Object DirectoryServices.DirectoryEntry('LDAP://dc=demo,dc=lab',$user,$pass)
$AdsiSearcher = New-Object DirectoryServices.DirectorySearcher($ADSI,"(objectCategory=User)")
$AdsiSearcher.findall()
View gist:bba41defe6db2aaf09bd
(cmd /c echo {([adsisearcher]'objectCategory=Computer').Findall() | ForEach {$_.properties.cn}}).split(' ')[1]
View gist:7faa11676c21ab84b888
powershell.exe -enc KABbAGEAZABzAGkAcwBlAGEAcgBjAGgAZQByAF0AJwBvAGIAagBlAGMAdABDAGEAdABlAGcAbwByAHkAPQBDAG8AbQBwAHUAdABlAHIAJwApAC4ARgBpAG4AZABhAGwAbAAoACkAIAB8ACAARgBvAHIARQBhAGMAaAAgAHsAJABfAC4AcAByAG8AcABlAHIAdABpAGUAcwAuAGMAbgB9AA==
View gist:7ee41139bada41b7c737
powershell.exe -com "((([adsisearcher]"objectCategory=User").Findall())[0].properties).PropertyNames"
View gist:b6c97b423fedc4500c10
$LdapFilter = #Query Goes Here
([adsisearcher]"$LdapFilter").Findall()
View gist:d1bafa3013ced1b38f08
([adsisearcher]"objectCategory=User").Findall() | ForEach {$_.properties.cn}
View gist:df5f652c7e7088e2412c
function Test-SmbPassword {
<#
.SYNOPSIS
Tests a username and password to see if it is valid against a remote machine or domain.
Author: Chris Campbell (@obscuresec)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
View gist:104edc53459715214226
Function Get-SubnetResolution {
$Subnet = '74.125.228' #change this
$Wait = 2 #Seconds to wait between resolution
$HostRangeLow = 1
$HostRangeHigh = 10
$Range = $HostRangeLow..$HostRangeHigh
#Instantiate once
$DnsObject = [Net.DNS]
View test-ms15034.ps1
function Test-MS15034($url) {
try {
$wr = [Net.WebRequest]::Create($url)
$wr.AddRange('bytes',234234,28768768)
$res = $wr.GetResponse()
$status = $res.statuscode
Write-Output "$status means it is not vulnerable"
$res.Close()
}catch {
if ($Error[0].Exception.InnerException.Response.StatusCode -eq '416') {Write-Output "Site is vulnerable"}
View gist:eb46bc1094cd6003a12d
function Test-MS15034($url) {
try {
$wr = [Net.WebRequest]::Create($url)
$wr.AddRange('bytes',18,18446744073709551615)
$res = $wr.GetResponse()
$status = $res.statuscode
Write-Output "$status means it is not vulnerable"
$res.Close()
}catch {
if ($Error[0].Exception.InnerException.Response.StatusCode -eq '416') {Write-Output "Site is vulnerable"}
You can’t perform that action at this time.