0xa-saline
0xa-saline
/ gadget2jscriptQueueAPCInject.cs
Created
June 23, 2020 03:17
— forked from rvrsh3ll/gadget2jscriptQueueAPCInject.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Diagnostics; | |
| using System.Reflection; | |
| using System.Runtime.InteropServices; | |
| using System.Net; | |
| using System.IO.Compression; | |
| public class Payload | |
| { |
0xa-saline
/ env_var_spoofing_poc.cpp
Created
June 22, 2020 18:09
— forked from xpn/env_var_spoofing_poc.cpp
A very rough x64 POC for spoofing environment variables (similar to argument spoofing) with a focus on setting the COMPlus_ETWEnabled=0 var used to disable ETW in .NET
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // A very rough x64 POC for spoofing environment variables similar to argument spoofing with a focus on | |
| // setting the COMPlus_ETWEnabled=0 var for disabling ETW in .NET. | |
| // | |
| // Works by launching the target process suspended, reading PEB, updates the ptr used to store environment variables, | |
| // and then resuming the process. | |
| // | |
| // (https://blog.xpnsec.com/hiding-your-dotnet-complus-etwenabled/) | |
| #define INJECT_PARAM L"COMPlus_ETWEnabled=0\0\0\0" | |
| #define INJECT_PARAM_LEN 43 |
0xa-saline
/ IOPProfile.java
Created
June 14, 2020 15:00
— forked from fnmsd/IOPProfile.java
Patch for IIOP Relocation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package weblogic.iiop; | |
| import java.net.InetAddress; | |
| import java.net.UnknownHostException; | |
| import java.util.Arrays; | |
| import java.util.List; | |
| import weblogic.corba.cos.transactions.TransactionPolicyComponent; | |
| import weblogic.corba.idl.poa.PolicyImpl; | |
| import weblogic.diagnostics.debug.DebugLogger; | |
| import weblogic.iiop.csi.CompoundSecMechList; |
0xa-saline
/ FindClass.java
Created
June 14, 2020 15:00
— forked from fnmsd/FindClass.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Author:fnmsd | |
| //Blog:https://blog.csdn.net/fnmsd | |
| package aa; | |
| import javax.servlet.http.HttpServletRequest; | |
| import javax.servlet.http.HttpServletResponse; | |
| import java.io.PrintWriter; | |
| import java.lang.reflect.Field; | |
| import java.lang.reflect.Modifier; | |
| import java.util.HashSet; |
0xa-saline
/ FindClass_final.java
Created
June 14, 2020 15:00
— forked from fnmsd/FindClass_final.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Author:fnmsd | |
| //Blog:https://blog.csdn.net/fnmsd | |
| import javax.servlet.http.HttpServletRequest; | |
| import javax.servlet.http.HttpServletResponse; | |
| import java.lang.reflect.Field; | |
| import java.util.HashSet; | |
| import java.util.Scanner; | |
| public class a { |
0xa-saline
/ NetLoader.cs
Created
June 8, 2020 16:15
— forked from Arno0x/NetLoader.cs
Partial rewrite of @Flangvik NetLoader. Supports proxy with authentication, XOR encrypted binaries, multiple arguments passing to binary.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Author: Arno0x0x, Twitter: @Arno0x0x | |
| Completely based on @Flangvik netloader | |
| This partial rewrite of @Flangvik Netloader includes the following changes: | |
| - Allow loading of an XOR encrypted binary to bypass antiviruses | |
| To encrypt the initial binary you can use my Python transformFile.py script. | |
| Example: ./transformFile.py -e xor -k mightyduck -i Rubeus.bin -o Rubeus.xor | |
0xa-saline
/ Get-BlockedPowershellHashInCIPolicy.ps1
Created
April 15, 2020 08:07
— forked from sunnyc7/Get-BlockedPowershellHashInCIPolicy.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Based on a hint by @tiraniddo in chat today on Matt's Twitch Stream - https://www.twitch.tv/mattifestation | |
| # Context: https://github.com/MicrosoftDocs/windows-itpro-docs/blob/public/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md | |
| # What does the script do?: | |
| # Get a list of blocked filenames from the hashes in Microsoft recommended block rules. | |
| # Result | |
| # Some strange filenames from hashes in VT output, for e.g.169339.ps1 | |
| # Some hashes do not exist in VT. |
0xa-saline
/ gist:c6d88d73d07b92720250556bed77b12c
Created
April 13, 2020 15:57
— forked from teixeira0xfffff/gist:c5333504841978a359c540f837ab0a18
MSBuild - Property functions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003" > | |
| <Target Name="Hello" > | |
| <!-- Call ANY .NET API --> | |
| <!-- | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause | |
0xa-saline
/ msol_spray.py
Created
April 2, 2020 05:25
— forked from byt3bl33d3r/msol_spray.py
Fully async python port of @dafthacks MSOLSpray (https://github.com/dafthack/MSOLSpray)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python3 | |
| # | |
| # Requires Python 3.7+ & aiohttp (speedups recommended) | |
| # pip3 install aiohttp[speedups] | |
| # | |
| import sys | |
| import asyncio | |
| import aiohttp |
0xa-saline
/ gist:70ab13ff653dac7b0524cd1a460314fa
Created
March 25, 2020 04:11
— forked from ASkyeye/gist:b776e58dc844367b8d4c44a899afdf43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import argparse | |
| import string | |
| import sys | |
| from impacket import nmb | |
| from impacket.smb3 import SMB2_COMPRESSION_TRANSFORM_HEADER, SMB3, SMB2_DIALECT_311, SMB2_NEGOTIATE_SIGNING_REQUIRED, \ | |
| SMB2_NEGOTIATE_SIGNING_ENABLED, STATUS_SUCCESS, SMB2_DIALECT_30, \ | |
| SMB2_GLOBAL_CAP_ENCRYPTION, SMB2_DIALECT_WILDCARD, SMB2Negotiate_Response, SMB2_NEGOTIATE, \ | |
| SMB2Negotiate, SMB311ContextData, SMB2NegotiateContext, SMB2_PREAUTH_INTEGRITY_CAPABILITIES, \ |