SkyN9ne SkyN9ne
💚
SkyN9ne
/ NukePSLogging.cpp
Created
September 11, 2022 23:48
— forked from leechristensen/NukePSLogging.cpp
Nuke PS Logging
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| void Payload() { | |
| DWORD threadId; | |
| CreateThread( | |
| NULL, // default security attributes | |
| 0, // use default stack size | |
| MyThreadFunction, // thread function name | |
| NULL, // argument to thread function | |
| 0, // use default creation flags | |
| &threadId); | |
| } |
SkyN9ne
/ New-SYSVOLZip.ps1
Created
September 12, 2022 00:00
— forked from HarmJ0y/New-SYSVOLZip.ps1
Compresses all of SYSVOL to a local .zip file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function New-SYSVOLZip { | |
| <# | |
| .SYNOPSIS | |
| Compresses all folders/files in SYSVOL to a .zip file. | |
| Author: Will Schroeder (@harmj0y) | |
| License: BSD 3-Clause | |
| Required Dependencies: None |
SkyN9ne
/ LNKBackdoor.ps1
Created
September 12, 2022 01:42
— forked from HarmJ0y/LNKBackdoor.ps1
Functions to 'backdoor' .LNK files with additional functionality and enumerate all 'backdoored' .LNKs on a system.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Set-LNKBackdoor { | |
| <# | |
| .SYNOPSIS | |
| Backdoors an existing .LNK shortcut to trigger the original binary and a payload specified by | |
| -ScriptBlock or -Command. | |
| Author: @harmj0y | |
| License: BSD 3-Clause | |
| Required Dependencies: None |
SkyN9ne
/ ADC2.ps1
Created
September 12, 2022 01:43
— forked from HarmJ0y/ADC2.ps1
Command and Control channel through Active Directory Object Properties
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -Version 2 | |
| function New-ADPayload { | |
| <# | |
| .SYNOPSIS | |
| Stores PowerShell logic in the mSMQSignCertificates of the specified -TriggerAccount and generates | |
| a one-line launcher. | |
| Author: @harmj0y |
SkyN9ne
/ Start-FileSystemMonitor.ps1
Created
September 12, 2022 01:45
— forked from HarmJ0y/Start-FileSystemMonitor.ps1
Start-FileSystemMonitor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Start-FileSystemMonitor { | |
| <# | |
| .SYNOPSIS | |
| This function will monitor one or more file paths for any file | |
| creation, deletion, modification, or renaming events. Data including | |
| the change type, ACL for the file, etc. is output to the screen or | |
| a specified -LogFile. | |
| If -InjectShellCmd is specified, the given command is inserted into |
SkyN9ne
/ Invoke-HostFile.ps1
Created
September 12, 2022 01:55
— forked from HarmJ0y/Invoke-HostFile.ps1
Host a single binary file without needing administrative privileges
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Invoke-HostFile { | |
| <# | |
| .SYNOPSIS | |
| Hosts a base64 string representation of a binary file or a given | |
| $FilePath on the specified $Port. Any HTTP request to the given | |
| host/port will return the binary data of the specified file. | |
| .PARAMETER Base64File | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Code that quickly generates a deployable .war for a PowerShell one-liner | |
| import zipfile | |
| import StringIO | |
| import sys | |
| def generatePsWar(psCmd, appName): |
SkyN9ne
/ Invoke-PsExec.ps1
Created
September 12, 2022 02:41
— forked from HarmJ0y/Invoke-Psexec.ps1
Invoke-PsExec
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-PsExec { | |
| <# | |
| .SYNOPSIS | |
| This function is a rough port of Metasploit's psexec functionality. | |
| It utilizes Windows API calls to open up the service manager on | |
| a remote machine, creates/run a service with an associated binary | |
| path or command, and then cleans everything up. | |
| Either a -Command or a custom -ServiceEXE can be specified. | |
| For -Commands, a -ResultsFile can also be specified to retrieve the |
SkyN9ne
/ execve.c
Created
October 1, 2022 06:06
— forked from mgeeky/execve.c
Example of simple execve("/bin/sh", ...) shellcode, embedded in C program.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Example of simple execve('/bin/sh', ...); shellcode compiled | |
| * and embedded within C program, then compiled on 64-bit with NX bit | |
| * turned off and set executable stack. | |
| * | |
| * Compilation: | |
| * $ gcc -fno-stack-protector -z execstack execve1.c -o execve1c | |
| */ | |
| /* |
SkyN9ne
/ human_like_mouse_move.py
Created
October 15, 2022 22:01
— forked from teal33t/human_like_mouse_move.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Using B-spline for simulate humane like mouse movments | |
| def human_like_mouse_move(self, action, start_element): | |
| points = [[6, 2], [3, 2],[0, 0], [0, 2]]; | |
| points = np.array(points) | |
| x = points[:,0] | |
| y = points[:,1] | |
| t = range(len(points)) |