prachauthit

## main.rs
// Code from: http://patshaughnessy.net/2020/1/20/downloading-100000-files-using-async-rust
//
// Cargo.toml:
// [dependencies]
// tokio = { version = "0.2", features = ["full"] }
// reqwest = { version = "0.10", features = ["json"] }
// futures = "0.3"

use std::io::prelude::*;
use std::fs::File;

## dell-XPS-15-arch-linux-install
# Having problems with the nvidia drivers
# Arch wiki page on XPS 15
# https://wiki.archlinux.org/index.php/Dell_XPS_15_9560

# Install ARCH Linux with encrypted file-system and UEFI on Dell XPS 15
# The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description.

# Download the archiso image from https://www.archlinux.org/
# Copy to a usb-drive
dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux

## feedly.opml
<?xml version="1.0" encoding="UTF-8"?>

<opml version="1.0">
    <head>
        <title>Matt subscriptions in feedly Cloud</title>
    </head>
    <body>
        <outline text="RedTeaming" title="RedTeaming">
            <outline type="rss" text="Strategic Cyber LLC" title="Strategic Cyber LLC" xmlUrl="http://blog.strategiccyber.com/feed/" htmlUrl="https://blog.cobaltstrike.com"/>
            <outline type="rss" text="Silent Break Security" title="Silent Break Security" xmlUrl="http://silentbreaksecurity.com/feed/" htmlUrl="https://silentbreaksecurity.com"/>

## feedly.opml
<?xml version="1.0" encoding="UTF-8"?>

<opml version="1.0">
    <head>
        <title>Matt subscriptions in feedly Cloud</title>
    </head>
    <body>
        <outline text="RedTeaming" title="RedTeaming">
            <outline type="rss" text="Strategic Cyber LLC" title="Strategic Cyber LLC" xmlUrl="http://blog.strategiccyber.com/feed/" htmlUrl="https://blog.cobaltstrike.com"/>
            <outline type="rss" text="Silent Break Security" title="Silent Break Security" xmlUrl="http://silentbreaksecurity.com/feed/" htmlUrl="https://silentbreaksecurity.com"/>

## obfuscate-mimikatz.sh
#!/bin/bash
#https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1
if [[ $# -le 1 ]] ; then
    echo './obfuscate-mimikatz.sh Invoke-Mimikatz.ps1 newfile.ps1'
    exit 1
fi

randstr(){< /dev/urandom tr -dc a-zA-Z0-9 | head -c${1:-8};}

cp $1 $2

## # Official Windows VM download URL archive.md

      
              4 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                prachauthit
                / # Official Windows VM download URL archive.md
            
            
              Created
              September 12, 2019 13:08
                — forked from zmwangx/# Official Windows VM download URL archive.md
            
              
                Official Windows VM download URL archive, from https://dev.modern.ie/tools/vms/mac/ — scratch that — https://developer.microsoft.com/en-us/microsoft-edge/api/tools/vms/
              
          
    https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

  
## web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
   <system.webServer>
      <handlers accessPolicy="Read, Script, Write">
         <add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" />
      </handlers>
      <security>
         <requestFiltering>
            <fileExtensions>
               <remove fileExtension=".config" />

## web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
   <system.webServer>
      <handlers accessPolicy="Read, Script, Write">
         <add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" />
      </handlers>
      <security>
         <requestFiltering>
            <fileExtensions>
               <remove fileExtension=".config" />

## invokeAllChecks.vbs

'-'
'-'  invokeAllChecks.vbs
'-'
'-'  VBscript implementation of the Invoke-AllChecks function of PowerUp developed by @harmj0y
'-'  by: @ImAnEnabler
'-'
'-'  In the environment I work, sc.exe is not allowed for non-admins, so I used WMI instead.
'-'  Save the vbs file and run with cscript:
'-'    cscript //nologo invokeAllChecks.vbs

## windows_blind
%SYSTEMDRIVE%\boot.ini
%WINDIR%\win.ini	This is another file that can be counted on to be readable by all users of a system.
%SYSTEMROOT%\repair\SAM
%SYSTEMROOT%\System32\config\RegBack\SAM	Stores user passwords in either an LM hash and/or an NTLM hash format. The SAM file in \repair is locked, but can be retrieved using forensic or Volume Shadow copy methods.
%SYSTEMROOT%\repair\system
%SYSTEMROOT%\System32\config\RegBack\system	This is the SYSTEM registry hive. This file is needed to extract the user account password hashes from a Windows system. The SYSTEM file in \repair is locked, but can be retrieved using forensic or Volume Shadow copy methods.
%SYSTEMROOT%\repair\SAM
%SYSTEMROOT%\System32\config\RegBack\SAM	These files store the LM and NTLM hashes for local users. Using Volume Shadow Copy or Ninja Copy you can retrieve these files.
%WINDIR%\repair\sam
%WINDIR%\repair\system
	// Code from: http://patshaughnessy.net/2020/1/20/downloading-100000-files-using-async-rust
	//
	// Cargo.toml:
	// [dependencies]
	// tokio = { version = "0.2", features = ["full"] }
	// reqwest = { version = "0.10", features = ["json"] }
	// futures = "0.3"

	use std::io::prelude::*;
	use std::fs::File;
	# Having problems with the nvidia drivers
	# Arch wiki page on XPS 15
	# https://wiki.archlinux.org/index.php/Dell_XPS_15_9560

	# Install ARCH Linux with encrypted file-system and UEFI on Dell XPS 15
	# The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description.

	# Download the archiso image from https://www.archlinux.org/
	# Copy to a usb-drive
	dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux
	<?xml version="1.0" encoding="UTF-8"?>

	<opml version="1.0">
	<head>
	<title>Matt subscriptions in feedly Cloud</title>
	</head>
	<body>
	<outline text="RedTeaming" title="RedTeaming">
	<outline type="rss" text="Strategic Cyber LLC" title="Strategic Cyber LLC" xmlUrl="http://blog.strategiccyber.com/feed/" htmlUrl="https://blog.cobaltstrike.com"/>
	<outline type="rss" text="Silent Break Security" title="Silent Break Security" xmlUrl="http://silentbreaksecurity.com/feed/" htmlUrl="https://silentbreaksecurity.com"/>
	#!/bin/bash
	#https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1
	if [[ $# -le 1 ]] ; then
	echo './obfuscate-mimikatz.sh Invoke-Mimikatz.ps1 newfile.ps1'
	exit 1
	fi

	randstr(){< /dev/urandom tr -dc a-zA-Z0-9 \| head -c${1:-8};}

	cp $1 $2
	<?xml version="1.0" encoding="UTF-8"?>
	<configuration>
	<system.webServer>
	<handlers accessPolicy="Read, Script, Write">
	<add name="web_config" path=".config" verb="" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" />
	</handlers>
	<security>
	<requestFiltering>
	<fileExtensions>
	<remove fileExtension=".config" />

	'-'
	'-' invokeAllChecks.vbs
	'-'
	'-' VBscript implementation of the Invoke-AllChecks function of PowerUp developed by @harmj0y
	'-' by: @ImAnEnabler
	'-'
	'-' In the environment I work, sc.exe is not allowed for non-admins, so I used WMI instead.
	'-' Save the vbs file and run with cscript:
	'-' cscript //nologo invokeAllChecks.vbs
	%SYSTEMDRIVE%\boot.ini
	%WINDIR%\win.ini This is another file that can be counted on to be readable by all users of a system.
	%SYSTEMROOT%\repair\SAM
	%SYSTEMROOT%\System32\config\RegBack\SAM Stores user passwords in either an LM hash and/or an NTLM hash format. The SAM file in \repair is locked, but can be retrieved using forensic or Volume Shadow copy methods.
	%SYSTEMROOT%\repair\system
	%SYSTEMROOT%\System32\config\RegBack\system This is the SYSTEM registry hive. This file is needed to extract the user account password hashes from a Windows system. The SYSTEM file in \repair is locked, but can be retrieved using forensic or Volume Shadow copy methods.
	%SYSTEMROOT%\repair\SAM
	%SYSTEMROOT%\System32\config\RegBack\SAM These files store the LM and NTLM hashes for local users. Using Volume Shadow Copy or Ninja Copy you can retrieve these files.
	%WINDIR%\repair\sam
	%WINDIR%\repair\system