Import-Module -Name NtObjectManager
$rpc = ls C:\Windows\System32\* | Get-RpcServer
$rpc | Where-Object {$_.InterfaceId -eq '4b324fc8-1670-01d3-1278-5a47bf6ee188'} | Format-List
$server = $rpc | Where-Object {$_.InterfaceId -eq '4b324fc8-1670-01d3-1278-5a47bf6ee188'}
$Proc12 = $server.Procedures | Where-Object {$_.ProcNum -eq 12}
$Proc12
Daniel Mayer MayerDaniel
MayerDaniel
/ default_wsl_user.sh
Created
October 1, 2025 20:24
run inside of wsl in the the context of the user you want to be default
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /mnt/c/Windows/System32/WindowsPowerShell/v1.0/powershell.exe "Get-ItemProperty HKCU:\Software\Microsoft\Windows\CurrentVersion\Lxss\*\ DistributionName | Where-Object -Property DistributionName -eq $WSL_DISTRO_NAME | Set-ItemProperty -Name DefaultUid -Value $(id -u)" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat 20241127_* | perl -pe 's/\e([^\[\]]|\[.*?[a-zA-Z]|\].*?\a)//g' | ansifilter | col -b | less |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ksetup /addkdc INTERNAL.LAB dc01.internal.lab | |
| ksetup /setrealmflags INTERNAL.LAB tcpsupported | |
| add lsass.exe to proxifier |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import struct | |
| import argparse | |
| def hex_string_to_guid(hex_string): | |
| # Convert the hex string to bytes | |
| guid_bytes = bytes.fromhex(hex_string) | |
| if len(guid_bytes) != 16: | |
| print("Invalid GUID hex string length") | |
| return None |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| git rm --cached submodule_path # delete reference to submodule HEAD (no trailing slash) | |
| git rm .gitmodules # if you have more than one submodules, | |
| # you need to edit this file instead of deleting! | |
| rm -rf submodule_path/.git # make sure you have backup!! | |
| git add submodule_path # will add files instead of commit reference | |
| git commit -m "remove submodule" |
First function definition:
ms opendocs here:
create the function signature NET_API_STATUS NetrSessionEnum( SRVSVC_HANDLE ServerName, WCHAR* ClientName, WCHAR* UserName, PSESSION_ENUM_STRUCT InfoStruct, DWORD PreferedMaximumLength, DWORD* TotalEntries, DWORD* ResumeHandle)
For this cast to work you need to import two structs:
Service Creation Logs: Security 4697 and System 7045
Create Service
# Define service parameters
$serviceName = "MyTestService"
$serviceDisplayName = "MY Test Service"
$serviceDescription = "This is a test service created for demonstration purposes."
$serviceExecutablePath = "C:\Windows\System32\cmd.exe"
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idaapi | |
| import idautils | |
| import idc | |
| import struct | |
| CONTEXT_MENU_PATH = 'GUIDConvert/' | |
| ITEM_NAME = 'Convert GUID Bytes' | |
| class GuidConverterActionHandler(idaapi.action_handler_t): | |
| def activate(self, ctx): |
NewerOlder