TheKevinWang
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AAAAAAAA AAA AAAAAAAAA AAAAAAAAAAAA AAAAAAAAAAAAA AAAAAAAAAAAAAA AAAAAAAAAAAA AAA AAAAAAAAAAAAA AAA AAAAAAAAA AAAAAAAAAAAAA AAAAAA AAAAA AAAAAAAAAAAA AAAAAAA AAAAAAAA AAAAAAAAAAAAA AAAAAAAAA AAAAAAAAAA AAAAAAAAAAAAA AAAAAAAAAAAAAA AAAAAAAAA AAAAAAAAAA AAAAAAA AAAAAAAAAAAA AAAAAAAAAAAAAA AAAAAAA AAAAAAAAAAAAA AAAAAAAAAAAA AAAAAA AAAAAAAAAA AAAAAAAAAAAAA AAAAAA AAAAAAAA AAAAAAAAAAA AAAA AAAAAA AAAAAAAAAAAA AAAAAAAAAA AAAAAAAAAAAAAA AAAAAAAAAAA AAAAAAAA AAAAAAAAAAA AAAAAAA AAA AAAAA AAAAAA AAAAAAAAAAAA AAAAAAA AAAAAAAAAAAA AAAAAAAAAAA AAAAAAAAAAA AAAAAA AAAA AAAAA AAAAAAA AAAAAA AAAAAAAAAAAAAA AAAAAAAAA AAAAAAAA AAAAAAAAAAAAA AAAAAAA AAAAAAAA AAAAAAAAAAAAAA AAAAAAUE4ABA AAAAAF VM/AAAA AAQRwD GAAAAAA UE8AAA AAAAAAAAAA AAAAAAAAA AAAAAAAA AAAAAAAAAAAA AAAAAAAAAAAA AAAAAAA AAAA AAAAAAAAAAAAA AAAAAA AAAAA AAAAAAAAAAAAAA AAAA AAAAAAAAAA AAA AAAAAAAAAAAAAA AAAAAAAAAAA AAAAAAAAAA AAAAAAAAAAA AAAA AAAA AAAAAAAAAA AAAAA AAAA AAAAAAAAAAA AAAAAAAA AAAAAAAA AAAAAA AAAAAA AAAAA AAAAAA AAAAAAAAA AAA AAA AAA AAAAAAAA AAAAAAAAAA |
TheKevinWang
/ bloodhoundce_import.py
Created
May 30, 2024 23:24
— forked from aconite33/bloodhoundce_import.py
Import large files into BloodHound CE Edition
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import json | |
| import time | |
| import argparse | |
| import getpass | |
| import os | |
| import sys | |
| def main(): |
TheKevinWang
/ show_modern_messagebox.ps1
Created
November 7, 2023 23:03
Show message box in powershell using Windows.Forms.Application in a style that fits w10/11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [System.Windows.Forms.Application]::EnableVisualStyles(); | |
| Add-Type -AssemblyName System.Windows.Forms | |
| [System.Windows.Forms.MessageBox]::Show("failed", "status", "OK", "Error") |
TheKevinWang
/ Generate-IMEI.ps1
Last active
March 29, 2022 01:58
Quick and dirty script to generate a random IMEI from an existing one.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# Takes an IMEI number, randomizes the SNR (unique identifier), calculates the check digit using Luhn algorithm, and returns the resulting IMEI. | |
| #> | |
| function Generate-IMEI([string] $seed) { | |
| #generate random SNR | |
| $str = ($seed.substring(0,8)+ [string](Get-Random -max 999999 -min 0) + $seed[14]) | |
| $ca = $str.ToCharArray() | |
| $sum = 0 | |
| #calculate check digit | |
| for($i=0; $i -lt $ca.length-1; $i++) { | |
| $digit = [int]([string]$ca[$i]) |
TheKevinWang
/ meterpreter.yara
Created
September 6, 2018 01:49
Detects meterpreter payloads in memory.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule Meterpreter { | |
| meta: | |
| author = "Kevin Wang" | |
| description = "Meterpreter reverse shell in memory detecter." | |
| strings: | |
| $a = "metsrv.dll" | |
| $b = "stdapi_" | |
| $c = "priv_fs" | |
| condition: | |
| $a and $b and $c |
TheKevinWang
/ powershell2.bat
Last active
January 20, 2020 18:54
Enable and disable Powershell 2.0 via DISM
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Works on Windows 10 1803. Requires admin privileges. | |
| #Disable Powershell 2.0 and 1.0 | |
| dism /online /disable-feature /FeatureName:MicrosoftWindowsPowerShellV2Root | |
| dism /online /disable-feature /FeatureName:MicrosoftWindowsPowerShellV2 | |
| #Enable Powershell 2.0 and 1.0 | |
| dism /online /enable-feature /FeatureName:MicrosoftWindowsPowerShellV2Root | |
| dism /online /enable-feature /FeatureName:MicrosoftWindowsPowerShellV2 |
TheKevinWang
/ Get-LocalAccInfo.ps1
Last active
May 16, 2018 15:15
Get last login time and description of local accounts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ([ADSI]"WinNT://$env:COMPUTERNAME").Children | ? {$_.SchemaClassName -eq 'user'} | ft name,lastlogin,description |
TheKevinWang
/ CompileInMemory.cs
Last active
October 23, 2024 04:43
Compile and run C# code in memory to avoid anti-virus. Taken from a C# ransomware sample: https://www.bleepingcomputer.com/news/security/new-c-ransomware-compiles-itself-at-runtime/ However, this will still execute csc.exe and drop a dll to %temp% https://twitter.com/Laughing_Mantis/status/991018563296157696
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Text; | |
| using System.CodeDom.Compiler; | |
| using Microsoft.CSharp; | |
| using System.IO; | |
| using System.Reflection; | |
| namespace InMemoryCompiler | |
| { | |
| class Program |
TheKevinWang
/ ClassModulesoAppClass
Created
January 29, 2018 02:39
Class module for VBA decoy document. It should be named "oAppClass"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Option Explicit | |
| Public WithEvents oApp As Word.Application | |
| Private Sub oApp_DocumentBeforeClose(ByVal Doc As Document, Cancel As Boolean) | |
| Cancel = True | |
| Application.Quit SaveChanges:=wdDoNotSaveChanges | |
| End Sub |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Option Explicit | |
| Dim oAppClass As New oAppClass | |
| Public Sub AutoOpen() | |
| ActiveDocument.Sections(1).Range.Font.Hidden = False | |
| Set page1 = Selection.GoTo(What:=1, Which:=2, Name:=1).Bookmarks("\Page").Range | |
| page1.Delete | |
| Set oAppClass.oApp = Word.Application | |
| End Sub | |