Skip to content

Instantly share code, notes, and snippets.

Chris Campbell obscuresec

Block or report user

Report or block obscuresec

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View gist:d40270da694322bfee75
$DirEntry = New-Object DirectoryServices.DirectoryEntry('LDAP://dc=demo,dc=lab',$user,$pass)
$AdsiSearcher = New-Object DirectoryServices.DirectorySearcher($ADSI,"(objectCategory=User)")
$AdsiSearcher.findall()
View gist:bba41defe6db2aaf09bd
(cmd /c echo {([adsisearcher]'objectCategory=Computer').Findall() | ForEach {$_.properties.cn}}).split(' ')[1]
View gist:7faa11676c21ab84b888
powershell.exe -enc KABbAGEAZABzAGkAcwBlAGEAcgBjAGgAZQByAF0AJwBvAGIAagBlAGMAdABDAGEAdABlAGcAbwByAHkAPQBDAG8AbQBwAHUAdABlAHIAJwApAC4ARgBpAG4AZABhAGwAbAAoACkAIAB8ACAARgBvAHIARQBhAGMAaAAgAHsAJABfAC4AcAByAG8AcABlAHIAdABpAGUAcwAuAGMAbgB9AA==
View gist:7ee41139bada41b7c737
powershell.exe -com "((([adsisearcher]"objectCategory=User").Findall())[0].properties).PropertyNames"
View gist:b6c97b423fedc4500c10
$LdapFilter = #Query Goes Here
([adsisearcher]"$LdapFilter").Findall()
View gist:d1bafa3013ced1b38f08
([adsisearcher]"objectCategory=User").Findall() | ForEach {$_.properties.cn}
View gist:df5f652c7e7088e2412c
function Test-SmbPassword {
<#
.SYNOPSIS
Tests a username and password to see if it is valid against a remote machine or domain.
Author: Chris Campbell (@obscuresec)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
View gist:104edc53459715214226
Function Get-SubnetResolution {
$Subnet = '74.125.228' #change this
$Wait = 2 #Seconds to wait between resolution
$HostRangeLow = 1
$HostRangeHigh = 10
$Range = $HostRangeLow..$HostRangeHigh
#Instantiate once
$DnsObject = [Net.DNS]
View test-ms15034.ps1
function Test-MS15034($url) {
try {
$wr = [Net.WebRequest]::Create($url)
$wr.AddRange('bytes',234234,28768768)
$res = $wr.GetResponse()
$status = $res.statuscode
Write-Output "$status means it is not vulnerable"
$res.Close()
}catch {
if ($Error[0].Exception.InnerException.Response.StatusCode -eq '416') {Write-Output "Site is vulnerable"}
View gist:eb46bc1094cd6003a12d
function Test-MS15034($url) {
try {
$wr = [Net.WebRequest]::Create($url)
$wr.AddRange('bytes',18,18446744073709551615)
$res = $wr.GetResponse()
$status = $res.statuscode
Write-Output "$status means it is not vulnerable"
$res.Close()
}catch {
if ($Error[0].Exception.InnerException.Response.StatusCode -eq '416') {Write-Output "Site is vulnerable"}
You can’t perform that action at this time.