Jean-Pierre LESUEUR (Microsoft MVP) DarkCoderSc
DarkCoderSc
/ cmd_perl.cgi
Created
October 25, 2019 14:32
example : http://targeturl/cmd_perl.cgi?cmd=whoami
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl | |
| use strict; | |
| use warnings; | |
| use CGI qw(); | |
| my $cgi = CGI->new(); | |
| print "Cache-Control: no-cache\n"; | |
| print "Content-type: text/plain\n\n"; |
DarkCoderSc
/ ssh-enumusers.py
Created
November 4, 2019 11:19
Modified version of CVE-2018-15473 originally coded by Justin Gardner.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit: OpenSSH 7.7 - Username Enumeration | |
| # Author: Justin Gardner | |
| # Date: 2018-08-20 | |
| # Software: https://ftp4.usa.openbsd.org/pub/OpenBSD/OpenSSH/openssh-7.7.tar.gz | |
| # Affected Versions: OpenSSH version < 7.7 | |
| # CVE: CVE-2018-15473 | |
| # | |
| # Modified version by Jean-Pierre LESUEUR (@darkcodersc) 04/11/2019 | |
| # --> Support Python3 | |
| # --> Removed export functions |
DarkCoderSc
/ BufferToHexView.pas
Created
November 9, 2019 14:49
Little code snippet to display buffer from any kind to viewable hex table (little an hex editor). Useful for console debug output.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (* | |
| Jean-Pierre LESUEUR | |
| @DarkCoderSc | |
| https://www.phrozen.io/ | |
| Note: This code is a bit old and could be optimized. Feel free to do so ;) | |
| *) | |
| function BufferToHexView(ABuffer : PVOID; ABufferSize : Int64; pLastOffset : PNativeUINT = nil; AStartOffset : NativeUINT = 0) : String; | |
| var ARows : DWORD; | |
| i, n : integer; | |
| AVal : Byte; |
DarkCoderSc
/ File2Batch.py
Last active
April 3, 2021 13:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #----------------------------------------------------------------------------------------------------------------------- | |
| # PHROZEN SAS (c) 2018 - www.phrozen.io | |
| # Jean-Pierre LESUEUR (jplesueur@phrozen.io) | |
| # | |
| # Name : File2Batch | |
| # Description : File Binder (Wrapper) only using Batch commands (.BAT output extension) | |
| # Category : Malware Research | |
| # Version : 0.1 (07/02/2018) | |
| # Target OS : Windows XP->Windows 10 (32/64bit) | |
| # License : MIT |
DarkCoderSc
/ gen_malicious_shortcut.pas
Created
May 10, 2018 17:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| uses ActiveX, ShlObj, ComObj; | |
| // ... | |
| function MaliciousLnk(fileUrl, destFile : String) : Boolean; | |
| var cObject : IUnknown; | |
| shellLink : IShellLink; | |
| PFile : IPersistFile; | |
| LinkName : string; |
DarkCoderSc
/ file2cmdline.py
Created
May 14, 2018 15:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #----------------------------------------------------------------------------------------------------------------------- | |
| # PHROZEN SAS (c) 2018 - www.phrozen.io | |
| # Jean-Pierre LESUEUR (jplesueur@phrozen.io) | |
| # | |
| # Name : File2CmdLine | |
| # Description : Conv a small file to a single line command. When executed the file is extracted and executed. | |
| # Category : Malware Research | |
| # Version : 1 (27/04/2017) | |
| # Target OS : Windows XP->Windows 10 (32/64bit) | |
| # License : MIT |
DarkCoderSc
/ GenMalShortcut.dpr
Last active
April 3, 2021 13:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {-----------------------------------------------------------------------------------------------------------------------} | |
| { PHROZEN SAS (c) 2018 - www.phrozen.io } | |
| { Jean-Pierre LESUEUR (jplesueur@phrozen.io) } | |
| { } | |
| { Create a Windows Shortcut by code and inject a potential malicious single line command, for post extraction and } | |
| { execution. } | |
| {-----------------------------------------------------------------------------------------------------------------------} | |
| program Shortcut_gen; |
DarkCoderSc
/ file2lnk.py
Created
June 8, 2018 08:36
Generate a Microsoft Windows Shortcut and inject a file inside of it. When the shortcut is executed, the file is extracted and executed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #------------------------------------------------------------------------------- | |
| # PHROZEN SAS (c) 2018 - www.phrozen.io | |
| # Jean-Pierre LESUEUR (jplesueur@phrozen.io) | |
| # | |
| # Name : File2Lnk | |
| # Description : File Binder (Wrapper) using Microsoft Windows Shortcuts (.LNK) | |
| # Category : Malware Research | |
| # Version : 0.1 (26/05/2018) | |
| # Target OS : Microsoft Windows (32/64 bit) | |
| # License : MIT |
DarkCoderSc
/ SharpRunAsAttached.cs
Created
December 3, 2021 10:07
A ported version of PowerRunAsAttached to C#
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*------------------------------------------------------------------------------- | |
| .Developer | |
| Jean - Pierre LESUEUR(@DarkCoderSc) | |
| https://www.twitter.com/darkcodersc | |
| https://github.com/DarkCoderSc | |
| www.phrozen.io | |
| jplesueur@phrozen.io | |
| PHROZEN | |
| .License | |
| Apache License |
DarkCoderSc
/ PowerPureRunAsAttached.psm1
Last active
December 20, 2021 17:23
This script is only a partially successful attempt to create a RunAsAttached version in Pure Powershell (Without Inline CSharp).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <#------------------------------------------------------------------------------- | |
| .Developer | |
| Jean-Pierre LESUEUR (@DarkCoderSc) | |
| https://www.twitter.com/darkcodersc | |
| https://github.com/DarkCoderSc | |
| www.phrozen.io | |
| jplesueur@phrozen.io | |
| PHROZEN | |
| .License | |
| Apache License |
OlderNewer