Tobias Neitzel qtc-de
qtc-de
/ windows-reverse-shell.v
Created
August 16, 2022 19:39
Simple Windows reverse shell based on V. Just an experiment. For educational purposes only!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #flag -lws2_32 | |
| #include "winsock2.h" | |
| struct WSADATA { | |
| mut: | |
| w_version u16 | |
| w_high_version u16 | |
| i_max_sockets u16 | |
| i_max_udp_dg u16 | |
| lp_vendor_info &string = 0 |
qtc-de
/ Get-ProcessRedirectionTrustPolicy.cpp
Created
October 20, 2022 11:56
Enumerate the ProcessRedirectionTrustPolicy for each running process and print the result.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| #include <tchar.h> | |
| #include <psapi.h> | |
| #include <winnt.h> | |
| #include <winternl.h> | |
| typedef NTSTATUS(*MyNtQueryInformationProcess)(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG); | |
| int main(int argc, char** argv) |
qtc-de
/ sccm-http.py
Created
December 9, 2024 19:31
This script contains a python version of sccm-http-looter (https://github.com/badsectorlabs/sccm-http-looter)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # This script contains a python version of sccm-http-looter (https://github.com/badsectorlabs/sccm-http-looter) | |
| # The following additional packages may need to be installed depending on the usage: | |
| # | |
| # pip install requests-ntlm (required for authenticated access to SCCM DPs) | |
| # pip install requests[socks] (required for usage over socks proxy) | |
| # | |
| # The script attempts to obtain a package list via HTTP directory listing. However, when dealing | |
| # with large package lists, this is not 100% reliable as the server may cut the amount of entries |
qtc-de
/ rogue-mysql.py
Created
December 9, 2024 20:01
Modernized version of https://github.com/Gifts/Rogue-MySql-Server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Modernized version of https://github.com/Gifts/Rogue-MySql-Server that works without further dependencies. | |
| # However, this technique does no longer work by default in most MySQL clients. The ability of the server | |
| # to request local files from the client is usually restricted nowadays and needs to be unlocked using specific | |
| # parameters in the client config or the connection string. The following lines show a an example how to emulate | |
| # a vulnerable PHP based MySQL client: | |
| # | |
| # php > $db = new PDO('mysql:host=127.0.0.1;dbname=test', 'root', 'root', array(PDO::MYSQL_ATTR_LOCAL_INFILE => true)); | |
| # php > $db->query('SELECT user()'); |
OlderNewer