Jean-Pierre LESUEUR (Microsoft MVP) DarkCoderSc
DarkCoderSc
/ File2Batch.py
Last active
April 3, 2021 13:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #----------------------------------------------------------------------------------------------------------------------- | |
| # PHROZEN SAS (c) 2018 - www.phrozen.io | |
| # Jean-Pierre LESUEUR ([email protected]) | |
| # | |
| # Name : File2Batch | |
| # Description : File Binder (Wrapper) only using Batch commands (.BAT output extension) | |
| # Category : Malware Research | |
| # Version : 0.1 (07/02/2018) | |
| # Target OS : Windows XP->Windows 10 (32/64bit) | |
| # License : MIT |
DarkCoderSc
/ gen_malicious_shortcut.pas
Created
May 10, 2018 17:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| uses ActiveX, ShlObj, ComObj; | |
| // ... | |
| function MaliciousLnk(fileUrl, destFile : String) : Boolean; | |
| var cObject : IUnknown; | |
| shellLink : IShellLink; | |
| PFile : IPersistFile; | |
| LinkName : string; |
DarkCoderSc
/ file2cmdline.py
Created
May 14, 2018 15:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #----------------------------------------------------------------------------------------------------------------------- | |
| # PHROZEN SAS (c) 2018 - www.phrozen.io | |
| # Jean-Pierre LESUEUR ([email protected]) | |
| # | |
| # Name : File2CmdLine | |
| # Description : Conv a small file to a single line command. When executed the file is extracted and executed. | |
| # Category : Malware Research | |
| # Version : 1 (27/04/2017) | |
| # Target OS : Windows XP->Windows 10 (32/64bit) | |
| # License : MIT |
DarkCoderSc
/ GenMalShortcut.dpr
Last active
April 3, 2021 13:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {-----------------------------------------------------------------------------------------------------------------------} | |
| { PHROZEN SAS (c) 2018 - www.phrozen.io } | |
| { Jean-Pierre LESUEUR ([email protected]) } | |
| { } | |
| { Create a Windows Shortcut by code and inject a potential malicious single line command, for post extraction and } | |
| { execution. } | |
| {-----------------------------------------------------------------------------------------------------------------------} | |
| program Shortcut_gen; |
DarkCoderSc
/ file2lnk.py
Created
June 8, 2018 08:36
Generate a Microsoft Windows Shortcut and inject a file inside of it. When the shortcut is executed, the file is extracted and executed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #------------------------------------------------------------------------------- | |
| # PHROZEN SAS (c) 2018 - www.phrozen.io | |
| # Jean-Pierre LESUEUR ([email protected]) | |
| # | |
| # Name : File2Lnk | |
| # Description : File Binder (Wrapper) using Microsoft Windows Shortcuts (.LNK) | |
| # Category : Malware Research | |
| # Version : 0.1 (26/05/2018) | |
| # Target OS : Microsoft Windows (32/64 bit) | |
| # License : MIT |
DarkCoderSc
/ cmd_perl.cgi
Created
October 25, 2019 14:32
example : http://targeturl/cmd_perl.cgi?cmd=whoami
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl | |
| use strict; | |
| use warnings; | |
| use CGI qw(); | |
| my $cgi = CGI->new(); | |
| print "Cache-Control: no-cache\n"; | |
| print "Content-type: text/plain\n\n"; |
DarkCoderSc
/ ssh-enumusers.py
Created
November 4, 2019 11:19
Modified version of CVE-2018-15473 originally coded by Justin Gardner.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit: OpenSSH 7.7 - Username Enumeration | |
| # Author: Justin Gardner | |
| # Date: 2018-08-20 | |
| # Software: https://ftp4.usa.openbsd.org/pub/OpenBSD/OpenSSH/openssh-7.7.tar.gz | |
| # Affected Versions: OpenSSH version < 7.7 | |
| # CVE: CVE-2018-15473 | |
| # | |
| # Modified version by Jean-Pierre LESUEUR (@darkcodersc) 04/11/2019 | |
| # --> Support Python3 | |
| # --> Removed export functions |
DarkCoderSc
/ distccd_rce_CVE-2004-2687.py
Last active
June 26, 2024 09:41
(CVE-2004-2687) DistCC Daemon - Command Execution (Python)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| ''' | |
| distccd v1 RCE (CVE-2004-2687) | |
| This exploit is ported from a public Metasploit exploit code : | |
| https://www.exploit-db.com/exploits/9915 | |
| The goal of that script is to avoid using Metasploit and to do it manually. (OSCP style) |
DarkCoderSc
/ BufferToHexView.pas
Created
November 9, 2019 14:49
Little code snippet to display buffer from any kind to viewable hex table (little an hex editor). Useful for console debug output.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (* | |
| Jean-Pierre LESUEUR | |
| @DarkCoderSc | |
| https://www.phrozen.io/ | |
| Note: This code is a bit old and could be optimized. Feel free to do so ;) | |
| *) | |
| function BufferToHexView(ABuffer : PVOID; ABufferSize : Int64; pLastOffset : PNativeUINT = nil; AStartOffset : NativeUINT = 0) : String; | |
| var ARows : DWORD; | |
| i, n : integer; | |
| AVal : Byte; |
DarkCoderSc
/ PowerPureRunAsAttached.psm1
Last active
December 20, 2021 17:23
This script is only a partially successful attempt to create a RunAsAttached version in Pure Powershell (Without Inline CSharp).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <#------------------------------------------------------------------------------- | |
| .Developer | |
| Jean-Pierre LESUEUR (@DarkCoderSc) | |
| https://www.twitter.com/darkcodersc | |
| https://github.com/DarkCoderSc | |
| www.phrozen.io | |
| [email protected] | |
| PHROZEN | |
| .License | |
| Apache License |
OlderNewer