0xa-saline
0xa-saline
/ PoC_CVE-2021-28482.py
Created
May 4, 2021 16:42
— forked from testanull/PoC_CVE-2021-28482.py
PoC of CVE-2021-28482
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import time | |
| import sys | |
| from base64 import b64encode | |
| from requests_ntlm2 import HttpNtlmAuth | |
| from urllib3.exceptions import InsecureRequestWarning | |
| from urllib import quote_plus | |
| requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) |
0xa-saline
/ GetAadJoinInformation.cs
Created
April 21, 2021 16:43
— forked from benpturner/GetAadJoinInformation.cs
GetAadJoinInformation C# Module
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Management; | |
| using System.DirectoryServices; | |
| using System.DirectoryServices.ActiveDirectory; | |
| using System.Text; | |
| using System.Runtime.Serialization.Formatters.Binary; | |
| using System.IO; | |
| using System.Collections; | |
| using System.Runtime.InteropServices; |
0xa-saline
/ Invoke-WMItoSMB.ps1
Created
April 20, 2021 02:15
— forked from rvrsh3ll/Invoke-WMItoSMB.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-SMBShellcodeLoad { | |
| <# | |
| .SYNOPSIS | |
| Short description | |
| .DESCRIPTION | |
| Long description | |
| .EXAMPLE | |
| An example |
0xa-saline
/ JenkinsDecrypter.py
Created
March 29, 2021 02:32
— forked from djhohnstein/JenkinsDecrypter.py
Decrypt jenkins secrets with all key material from disk
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import re | |
| import sys | |
| import base64 | |
| from hashlib import sha256 | |
| from binascii import hexlify, unhexlify | |
| from Crypto.Cipher import AES | |
| from xml.dom import minidom | |
| from pprint import pprint |
0xa-saline
/ process-hollowing.cs
Created
March 12, 2021 16:03
— forked from med0x2e/process-hollowing.cs
Process Hollowing (slightly updated to work with G2JS) - credits for the initial code go to @smgorelik and @ambray
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Runtime.InteropServices; | |
| using System.Text; | |
| namespace Hollowing | |
| { | |
| public class Loader | |
| { | |
| public static byte[] target_ = Encoding.ASCII.GetBytes("calc.exe"); |
0xa-saline
/ dllmain.go
Created
February 28, 2021 10:45
— forked from NaniteFactory/dllmain.go
An implementation example of DllMain() entrypoint with Golang. $ go build --buildmode=c-shared -o my.dll && rundll32.exe my.dll Test
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| //#include "dllmain.h" | |
| import "C" |
0xa-saline
/ invokeInMemLinux.go
Created
February 28, 2021 10:45
— forked from capnspacehook/invokeInMemLinux.go
Executes a binary or file in memory on a Linux system. Uses the memfd_create(2) syscall. Credits and idea from: https://magisterquis.github.io/2018/03/31/in-memory-only-elf-execution.html
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "io/ioutil" | |
| "os" | |
| "os/exec" | |
| "strconv" | |
| "syscall" |
0xa-saline
/ powershell.go
Created
January 13, 2021 06:29
— forked from brgnepal/powershell.go
Playing PowerShell command via Golang
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bytes" | |
| "fmt" | |
| "os/exec" | |
| "strings" | |
| ) | |
| // PowerShell struct |
0xa-saline
/ DInjectQueuerAPC.cs
Created
November 14, 2020 07:45
— forked from jfmaes/DInjectQueuerAPC.cs
.NET Process injection in a new process with QueueUserAPC using D/invoke - compatible with gadgettojscript
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.IO; | |
| using System.Runtime.InteropServices; | |
| namespace DinjectorWithQUserAPC | |
| { | |
| public class Program |
0xa-saline
/ create-msvcrt
Created
October 3, 2020 11:24
— forked from SolomonSklash/create-msvcrt
Creating msvcrt.lib
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # On Windows, within a VS developer prompt | |
| # Dump the exports of msvcrt.dll | |
| dumpbin.exe /exports C:\Windows\System32\msvcrt.dll > msvcrt.txt | |
| # Copy msvcrt.txt to a Linux box | |
| # Convert the file to Unix line endings | |
| dos2unix msvcrt.txt |
NewerOlder