Skip to content

Instantly share code, notes, and snippets.

View pdolinic's full-sized avatar

pdolinic

22 followers · 189 following
View GitHub Profile
@pdolinic
pdolinic / wmic_cmds.txt
Created September 25, 2023 04:23 — forked from xorrior/wmic_cmds.txt
Useful Wmic queries for host and domain enumeration
Host Enumeration:
--- OS Specifics ---
wmic os LIST Full (* To obtain the OS Name, use the "caption" property)
wmic computersystem LIST full
--- Anti-Virus ---
wmic /namespace:\\root\securitycenter2 path antivirusproduct
@pdolinic
pdolinic / Cleanup-ClickOnce.ps1
Created June 27, 2023 16:33 — forked from mgeeky/Cleanup-ClickOnce.ps1
Cleanup-ClickOnce.ps1 - Simple Powershell script that removes ClickOnce deployments entirely from file system and registry.
#
# Usage:
# PS> . .\Cleanup-ClickOnce.ps1
# PS> Cleanup-ClickOnce -Name MyAppName
#
# Other than that you might also try using these commands:
# PS> rundll32 dfshim.dll,ShArpMaintain C:\Path\To\ClickOnce.application
# PS> rundll32 dfshim.dll CleanOnlineAppCache
#
@pdolinic
pdolinic / Workstation-Takeover.md
Created June 5, 2023 10:58 — forked from gladiatx0r/Workstation-Takeover.md
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure

Overview

In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;

  • Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
  • Relaying that machine authentication to LDAPS for configuring RBCD
  • RBCD takeover

The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.

@pdolinic
pdolinic / RustProcessInjection102.rs
Created May 27, 2023 22:45 — forked from OtterHacker/RustProcessInjection102.rs
/*
* Rust basic Process injection using OpenProcess, VirtualAllocEx, WriteProcessMemory and CreateRemoteThread
* API dynamic resolution and shellcode XOR encoded
*/
#[allow(non_camel_case_types)]
type HANDLE = *mut u64;
#[allow(non_camel_case_types)]
type LPVOID = *mut u64;
#[allow(non_camel_case_types)]
type DWORD = u32;
@pdolinic
pdolinic / windows_hardening.cmd
Created May 17, 2023 12:02 — forked from mackwage/windows_hardening.cmd
Script to perform some hardening of Windows OS
:: Windows 10 Hardening Script
:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering.
:: Obligatory 'views are my own'. :)
:: Thank you @jaredhaight for the Win Firewall config recommendations!
:: Thank you @ricardojba for the DLL Safe Order Search reg key!
:: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings!
:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
:
@pdolinic
pdolinic / windows_hardening.cmd
Created May 17, 2023 01:59 — forked from ricardojba/windows_hardening.cmd
A Windows hardening script
::##########################################################################################################################
::
:: This script can ruin your day, if you run it without fully understanding what it does, you don't know what you are doing,
::
:: OR BOTH!!!
::
:: YOU HAVE BEEN WARNED!!!!!!!!!!
::
:: This script is provided "AS IS" with no warranties, and confers no rights.
:: Feel free to challenge me, disagree with me, or tell me I'm completely nuts in the comments section,
@pdolinic
pdolinic / patchless_amsi.h
Created April 12, 2023 21:46 — forked from CCob/patchless_amsi.h
In-Process Patchless AMSI Bypass
#ifndef PATCHLESS_AMSI_H
#define PATCHLESS_AMSI_H
#include <windows.h>
static const int AMSI_RESULT_CLEAN = 0;
PVOID g_amsiScanBufferPtr = nullptr;
unsigned long long setBits(unsigned long long dw, int lowBit, int bits, unsigned long long newValue) {
@pdolinic
pdolinic / ChatGPT-Dan-Jailbreak.md
Created March 15, 2023 00:47 — forked from coolaj86/ChatGPT-Dan-Jailbreak.md
@pdolinic
pdolinic / gist:0bbb54080664d1d0903e8ad88183e3cf
Created February 28, 2023 15:27
B3-Vagrant: Vagrant Network with Debian11, Windows2022 and OPNSense
# Vagrant Network with Debian, Windows and OPNSense
0. Vagrant is a provider for Virtualization (such as Virtualbox, Openstack, Libvirt) (and Vagrant just provides configurationfiles for those providers)
1. Download Virtualbox: https://www.virtualbox.org/wiki/Downloads
2. Download Vagrant for your OS from here: https://www.vagrantup.com/Downloads
3. Create a New Directory-Name as you like, such as "Vagrant" anywhere you like
4. In the Vagrant-Directory, Create 3 Folders, as you like for example: Debian11, Windows2022, OPNSense,
5. In each folder, copy paste the configuration each time below, so 3 configuration files exist, they have to be named `Vagrantfile`
@pdolinic
pdolinic / logstash-windows-events.txt
Created February 13, 2023 13:45 — forked from linuxmalaysia/logstash-windows-events.txt
logstash windows events from winlogbeat. Translate common Event ID's and Translate common Event ID's to Quadrants
input {
beats {
id => "01-beats-input"
port => 55044
tags => "winlogbeat"
}
}