Skip to content

Instantly share code, notes, and snippets.

View 0xa-saline's full-sized avatar

0xa-saline

184 followers · 379 following
View GitHub Profile
@0xa-saline
0xa-saline / PoC_CVE-2021-28482.py
Created May 4, 2021 16:42 — forked from testanull/PoC_CVE-2021-28482.py
PoC of CVE-2021-28482
import requests
import time
import sys
from base64 import b64encode
from requests_ntlm2 import HttpNtlmAuth
from urllib3.exceptions import InsecureRequestWarning
from urllib import quote_plus
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
@0xa-saline
0xa-saline / GetAadJoinInformation.cs
Created April 21, 2021 16:43 — forked from benpturner/GetAadJoinInformation.cs
GetAadJoinInformation C# Module
using System;
using System.Collections.Generic;
using System.Management;
using System.DirectoryServices;
using System.DirectoryServices.ActiveDirectory;
using System.Text;
using System.Runtime.Serialization.Formatters.Binary;
using System.IO;
using System.Collections;
using System.Runtime.InteropServices;
@0xa-saline
0xa-saline / Invoke-WMItoSMB.ps1
Created April 20, 2021 02:15 — forked from rvrsh3ll/Invoke-WMItoSMB.ps1
function Invoke-SMBShellcodeLoad {
<#
.SYNOPSIS
Short description
.DESCRIPTION
Long description
.EXAMPLE
An example
@0xa-saline
0xa-saline / JenkinsDecrypter.py
Created March 29, 2021 02:32 — forked from djhohnstein/JenkinsDecrypter.py
Decrypt jenkins secrets with all key material from disk
#!/usr/bin/env python3
import re
import sys
import base64
from hashlib import sha256
from binascii import hexlify, unhexlify
from Crypto.Cipher import AES
from xml.dom import minidom
from pprint import pprint
@0xa-saline
0xa-saline / process-hollowing.cs
Created March 12, 2021 16:03 — forked from med0x2e/process-hollowing.cs
Process Hollowing (slightly updated to work with G2JS) - credits for the initial code go to @smgorelik and @ambray
using System;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Text;
namespace Hollowing
{
public class Loader
{
public static byte[] target_ = Encoding.ASCII.GetBytes("calc.exe");
@0xa-saline
0xa-saline / dllmain.go
Created February 28, 2021 10:45 — forked from NaniteFactory/dllmain.go
An implementation example of DllMain() entrypoint with Golang. $ go build --buildmode=c-shared -o my.dll && rundll32.exe my.dll Test
package main
//#include "dllmain.h"
import "C"
@0xa-saline
0xa-saline / invokeInMemLinux.go
Created February 28, 2021 10:45 — forked from capnspacehook/invokeInMemLinux.go
Executes a binary or file in memory on a Linux system. Uses the memfd_create(2) syscall. Credits and idea from: https://magisterquis.github.io/2018/03/31/in-memory-only-elf-execution.html
package main
import (
"io/ioutil"
"os"
"os/exec"
"strconv"
"syscall"
@0xa-saline
0xa-saline / powershell.go
Created January 13, 2021 06:29 — forked from coolbrg/powershell.go
Playing PowerShell command via Golang
package main
import (
"bytes"
"fmt"
"os/exec"
"strings"
)
// PowerShell struct
@0xa-saline
0xa-saline / DInjectQueuerAPC.cs
Created November 14, 2020 07:45 — forked from jfmaes/DInjectQueuerAPC.cs
.NET Process injection in a new process with QueueUserAPC using D/invoke - compatible with gadgettojscript
using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
namespace DinjectorWithQUserAPC
{
public class Program
@0xa-saline
0xa-saline / create-msvcrt
Created October 3, 2020 11:24 — forked from SolomonSklash/create-msvcrt
Creating msvcrt.lib
# On Windows, within a VS developer prompt
# Dump the exports of msvcrt.dll
dumpbin.exe /exports C:\Windows\System32\msvcrt.dll > msvcrt.txt
# Copy msvcrt.txt to a Linux box
# Convert the file to Unix line endings
dos2unix msvcrt.txt