I hereby claim:
- I am matterpreter on github.
- I am matterpreter (https://keybase.io/matterpreter) on keybase.
- I have a public key ASBpyi7rGq-uzLP9xeGttxt0c2ZnQh1EOkXjKv6lQm3eWgo
To claim this, I am signing this object:
Matt Hand matterpreter
matterpreter
/ build-tao.sh
Last active
September 14, 2019 12:44
Build tao-utils to use on Ubuntu for decoding IORs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| sudo apt install -y libace-6.3.3 libc6 libgcc1 libstdc++6 libtao-2.0.1 liblzo2-2 zlib1g libssl1.0.0 | |
| mkdir debs && cd debs | |
| #Pull all the required packages from Launchpad for Ubunutu | |
| wget -nv http://launchpadlibrarian.net/74750902/libace-6.0.1_6.0.1-3_amd64.deb | |
| wget -nv http://launchpadlibrarian.net/74750904/libace-ssl-6.0.1_6.0.1-3_amd64.deb | |
| wget -nv http://launchpadlibrarian.net/74750910/libace-htbp-6.0.1_6.0.1-3_amd64.deb | |
| wget -nv http://launchpadlibrarian.net/74750917/libacexml-6.0.1_6.0.1-3_amd64.deb | |
| wget -nv http://launchpadlibrarian.net/74750919/libkokyu-6.0.1_6.0.1-3_amd64.deb |
matterpreter
/ abandonedInprocServer32.cs
Created
October 30, 2018 14:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.IO; | |
| using System.Linq; | |
| using System.Management; | |
| namespace ComAbandonment | |
| { | |
| public class ComAbandonment | |
| { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import sys | |
| def usage(): | |
| print('HashMash - decrypted password to username matcher') | |
| print('') | |
| print('$ python3 %s <Hash File> <OCL Hashcat Decrypted File>' % sys.argv[0]) | |
| print('') | |
| print('User Hash File format is user:hash (or JTR NTLM)') | |
| print('OCL Decrypted Pasword File format is, hash:password') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| namespace UnkillableTest | |
| { | |
| class Program | |
| { | |
| [DllImport("ntdll.dll", SetLastError = true)] | |
| private static extern void RtlSetProcessIsCritical(uint bNew, uint pbOld, uint bNeedScb); |
matterpreter
/ IsAdmin.cs
Last active
March 15, 2022 20:52
Check if user is a member of the local admins group
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public static bool IsAdmin() | |
| { | |
| WindowsIdentity identity = WindowsIdentity.GetCurrent(); | |
| WindowsPrincipal principal = new WindowsPrincipal(identity); | |
| if (!principal.IsInRole(WindowsBuiltInRole.Administrator)) | |
| { | |
| return false; | |
| } | |
| else | |
| { |
matterpreter
/ GrantTokenPrivileges.cs
Created
September 14, 2019 12:43
Grant the current process token the specified privilege
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Runtime.InteropServices; | |
| public static void SetTokenPrivilege(ref IntPtr hToken, string privName) | |
| { | |
| Console.WriteLine("[*] Adding {0} to token", privName); | |
| LUID luid = new LUID(); | |
| if (!LookupPrivilegeValue(null, privName, ref luid)) | |
| { | |
| Console.WriteLine("[-] LookupPrivilegeValue failed!"); |
matterpreter
/ keybase.md
Created
September 16, 2019 07:37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Thanks @Arno0x: https://github.com/Arno0x/CSharpScripts/blob/master/shellcodeLauncher.cs | |
| using System; | |
| using System.Runtime.InteropServices; | |
| namespace ShellcodeLoader | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) | |
| { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Thanks @Arno0x: https://github.com/Arno0x/CSharpScripts/blob/master/shellcodeLauncher.cs | |
| using System; | |
| using System.Runtime.InteropServices; | |
| namespace ShellcodeLoader | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) | |
| { |
matterpreter
/ IRP Structure
Last active
August 9, 2022 18:38
(Semi)Full IRP Structure in Win10 1903
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0: kd> dt -b nt!_IRP | |
| +0x000 Type : Int2B | |
| +0x002 Size : Uint2B | |
| +0x004 AllocationProcessorNumber : Uint2B | |
| +0x006 Reserved : Uint2B | |
| +0x008 MdlAddress : Ptr64 | |
| +0x010 Flags : Uint4B | |
| +0x018 AssociatedIrp : <anonymous-tag> | |
| +0x000 MasterIrp : Ptr64 | |
| +0x000 IrpCount : Int4B |
OlderNewer