Last active
January 8, 2023 01:40
-
-
Save curi0usJack/fedb4531820a565b6044df65f1a0fb2c to your computer and use it in GitHub Desktop.
Revisions
-
curi0usJack revised this gist
Jun 20, 2018 . 1 changed file with 24 additions and 10 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,8 @@ $exepath = "c:\windows" $searchstrings = @("/url", "/uri", "/wildcard", "/format", "/path") $skip = @("logoff.exe", "mcrmgr.exe", "audit.exe") $foundin = @() $testedbins = @() Function Execute-Command ($commandPath, $commandArguments) { @@ -34,20 +36,32 @@ Function Execute-Command ($commandPath, $commandArguments) ExitCode = $p.ExitCode } } Write-Output "Searching exes for $searchstrings" $exes = gci -recurse -path $exepath -filter "*.exe" -erroraction silentlycontinue foreach ($exe in $exes) { $fullpath = $exe.DirectoryName + "\" + $exe.Name $output = "[-] Testing... $fullpath" #Write-output $output Add-Content -Path "./exeout.log" -Value $output if ($skip -notcontains $exe.Name -and $testedbins -notcontains $exe.Name) { $exeout = Execute-Command $fullpath "/?" if ($exeout.stdout | select-string -pattern $searchstrings -quiet) { $output = "[+] Found in $fullpath" Write-Host $output -foreground Green Add-Content -Path "./exeout.log" -Value $output $foundin += $exe.Name Add-Content -Path "./exefulloutput.log" -Value $exe.name Add-Content -Path "./exefulloutput.log" -Value $exeout.stdout } } else { if ($foundin -contains $exe.Name) { $output = "[+] Duplicate Found binary: $fullpath" Write-Host $output -foreground yellow Add-Content -Path "./exeout.log" -Value $output } } $testedbins += $exe.Name } Write-Output "`n[-] Done!`n" -
Jun 20, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,6 @@ $exepath = "c:\windows" $searchstrings = @("url", "uri") $skip = @("logoff.exe", "mcrmgr.exe", "audit.exe") Function Execute-Command ($commandPath, $commandArguments) { -
Jun 20, 2018 . 1 changed file with 3 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -46,6 +46,8 @@ foreach ($exe in $exes) { $exeout = Execute-Command $fullpath "/?" } if ($exeout.stdout | select-string -pattern $searchstrings -quiet) { $found = "[+] Found in $fullpath" Write-Host $found -foreground Green Add-Content -Path "./exeout.log" -Value $found } } -
Jun 20, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,51 @@ $exepath = "c:\windows" $searchstrings = @("url", "uri") $skip = @("logoff.exe", "mcrmgr.exe") Function Execute-Command ($commandPath, $commandArguments) { $pinfo = New-Object System.Diagnostics.ProcessStartInfo $pinfo.FileName = $commandPath $pinfo.RedirectStandardError = $true $pinfo.RedirectStandardOutput = $true $pinfo.UseShellExecute = $false $pinfo.Arguments = $commandArguments $p = New-Object System.Diagnostics.Process $p.StartInfo = $pinfo try { $p.Start() | Out-Null $p.WaitForExit(2000) | Out-Null if ($p.HasExited -eq $false) {$p.Kill()} } catch { $retstdout = "" } if ($p.StandardOutput) { $retstdout = $p.StandardOutput.ReadToEnd() } else {$retstdout = ""} $p.Dispose() [pscustomobject]@{ stdout = $retstdout #stderr = $p.StandardError.ReadToEnd() ExitCode = $p.ExitCode } } $exes = gci -recurse -path $exepath -filter "*.exe" -erroraction silentlycontinue Write-Output "Searching exes for $searchstrings" foreach ($exe in $exes) { $fullpath = $exe.DirectoryName + "\" + $exe.Name $output = "[-] Testing... $fullpath" Write-output $output Add-Content -Path "./exeout.log" -Value $output if ($skip -notcontains $exe.Name) { $exeout = Execute-Command $fullpath "/?" } if ($exeout.stdout | select-string -pattern $searchstrings -quiet) { Write-Host "[+] Found in $fullpath" -foreground Green } }