This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| STOP|START parental control service [WpcMonSvc] | |
| Author: @r00t-3xp10it | |
| Tested Under: Windows 10 (19044) x64 bits | |
| Required Dependencies: Get-Service | |
| Optional Dependencies: SCHTASKS | |
| PS cmdlet Dev version: v1.0.8 |
r00t-3xp10it
/ Url_obfuscator.ps1
Last active
March 14, 2024 23:07
Ip address URL obfuscater [octal|hexadecimal]
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Ip address URL obfuscator [MITRE T1566.002] | |
| Author: r00t-3xp10it | |
| Credits: Nick Simonian [@ scheme abuse] | |
| Tested Under: Windows 10 (19044) x64 bits | |
| Required Dependencies: [Convert]::ToString() | |
| Optional Dependencies: Invoke-WebRequest | |
| PS cmdlet Dev version: v1.1.8 |
r00t-3xp10it
/ rec_audio.ps1
Last active
March 6, 2024 17:59
Record native microphone audio to an file.mp3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| records microphone audio [MP3] until -rectime <sec> its reached | |
| Author: @r00t-3xp10it | |
| Tested Under: Windows 10 (19044) x64 bits | |
| Required Dependencies: ffmpeg.exe {auto-download} | |
| Optional Dependencies: Curl, WinGet {native} | |
| PS cmdlet Dev version: v2.2.10 |
r00t-3xp10it
/ Invoke-Shortcut.ps1
Last active
February 18, 2024 05:58
Create a shortcut file (.LNK) that runs appls\scripts if pressed [Mitre - T1027.012]
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Create shortcut file (LNK) that runs appl\script [Mitre - T1027.012] | |
| Author: @r00t-3xp10it | |
| Tested Under: Windows 10 (19044) x64 bits | |
| Required Dependencies: ComObject WScript.Shell | |
| Optional Dependencies: Iwr, tinyurl | |
| PS cmdlet Dev version: v2.3.12 |
r00t-3xp10it
/ identify_offensive_tools.ps1
Last active
March 16, 2024 04:23
identify possible ams1 detection strings in files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Identify possible ams1 strings inside scripts | |
| Author: @r00t-3xp10it | |
| Tested Under: Windows 10 (19044) x64 bits | |
| Required Dependencies: none | |
| Optional Dependencies: none | |
| PS cmdlet Dev version: v2.2.18 |
r00t-3xp10it
/ SocialMedia.ps1
Last active
January 16, 2024 17:06
WhatsApp, Facebook, Twitter, Discord, Telegram, Instagram -- active browser tab keystrokes keylogger
r00t-3xp10it
/ Invoke-WinGet.ps1
Last active
December 4, 2023 01:10
Silent install applications from Windows Store
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| [Silent] manage applications from microsoft store | |
| Author: @r00t-3xp10it | |
| Tested Under: Windows 10 (19044) x64 bits | |
| Required Dependencies: WinGet, UserLand | |
| Optional Dependencies: none | |
| PS cmdlet Dev version: v1.0.2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Dump major browsers stored credentials | |
| Author: @r00t-3xp10it (ssa redteam) | |
| Tested Under: Windows 10 (19043) x64 bits | |
| Required Dependencies: administrator privileges | |
| Optional Dependencies: WebBrowserPassView.exe | SendToPasteBin.ps1 | |
| PS cmdlet Dev version: v1.3.8 |
r00t-3xp10it
/ Invoke-WDigest.ps1
Last active
July 22, 2023 00:32
WDigest credential caching [Memory]
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| WDigest credential caching [Memory] | |
| Author: @r00t-3xp10it | |
| Credits: @wh0nsq [BypassCredGuard.exe] | |
| Credits: @BenjaminDelpy [mi`mi`katz.exe] | |
| Tested Under: Windows 10 (19044) x64 bits | |
| Required Dependencies: Administrator privileges | |
| Optional Dependencies: WDigest, BypassCredGuard.exe |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # If a script needs to be run elevated, then you can ensure it will only | |
| # ever be run elevated by including the logic within the script. | |
| ## Check privileges | |
| If(-not([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) | |
| { | |
| ## Not-ADMIN = Relaunch as an elevated process: | |
| Start-Process powershell.exe "-File",('"{0}"' -f $MyInvocation.MyCommand.Path) -Verb RunAs | |
| exit | |
| } |
NewerOlder