Jean-Pierre LESUEUR (Microsoft MVP) DarkCoderSc
DarkCoderSc
/ unprotect_macaddr_vm_detect.cs
Last active
June 17, 2022 13:09
https://unprotect.it/technique/detecting-mac-address/ - (Author: Jean-Pierre LESUEUR (@DarkCoderSc)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System.Net.NetworkInformation; | |
| /* | |
| String[] vmMacAddresses = | |
| { | |
| "08:00:27", | |
| "00:0C:29", | |
| "00:1C:14", | |
| "00:50:56", | |
| "00:05:69", |
DarkCoderSc
/ CursorStateMonitorPoC.ps1
Created
January 15, 2022 18:45
Proof of Concept I made to monitor the state of global Windows mouse cursor. I will implement this code in PowerRemoteDesktop_Server to synchronize mouse state with Viewer.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <#------------------------------------------------------------------------------- | |
| .Developer | |
| Jean-Pierre LESUEUR (@DarkCoderSc) | |
| https://www.twitter.com/darkcodersc | |
| https://github.com/DarkCoderSc | |
| www.phrozen.io | |
| jplesueur@phrozen.io | |
| PHROZEN | |
DarkCoderSc
/ SharpRunAsAttached.cs
Created
December 3, 2021 10:07
A ported version of PowerRunAsAttached to C#
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*------------------------------------------------------------------------------- | |
| .Developer | |
| Jean - Pierre LESUEUR(@DarkCoderSc) | |
| https://www.twitter.com/darkcodersc | |
| https://github.com/DarkCoderSc | |
| www.phrozen.io | |
| jplesueur@phrozen.io | |
| PHROZEN | |
| .License | |
| Apache License |
DarkCoderSc
/ PowerPureRunAsAttached.psm1
Last active
December 20, 2021 17:23
This script is only a partially successful attempt to create a RunAsAttached version in Pure Powershell (Without Inline CSharp).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <#------------------------------------------------------------------------------- | |
| .Developer | |
| Jean-Pierre LESUEUR (@DarkCoderSc) | |
| https://www.twitter.com/darkcodersc | |
| https://github.com/DarkCoderSc | |
| www.phrozen.io | |
| jplesueur@phrozen.io | |
| PHROZEN | |
| .License | |
| Apache License |
DarkCoderSc
/ BufferToHexView.pas
Created
November 9, 2019 14:49
Little code snippet to display buffer from any kind to viewable hex table (little an hex editor). Useful for console debug output.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (* | |
| Jean-Pierre LESUEUR | |
| @DarkCoderSc | |
| https://www.phrozen.io/ | |
| Note: This code is a bit old and could be optimized. Feel free to do so ;) | |
| *) | |
| function BufferToHexView(ABuffer : PVOID; ABufferSize : Int64; pLastOffset : PNativeUINT = nil; AStartOffset : NativeUINT = 0) : String; | |
| var ARows : DWORD; | |
| i, n : integer; | |
| AVal : Byte; |
DarkCoderSc
/ distccd_rce_CVE-2004-2687.py
Last active
January 26, 2024 09:22
(CVE-2004-2687) DistCC Daemon - Command Execution (Python)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| ''' | |
| distccd v1 RCE (CVE-2004-2687) | |
| This exploit is ported from a public Metasploit exploit code : | |
| https://www.exploit-db.com/exploits/9915 | |
| The goal of that script is to avoid using Metasploit and to do it manually. (OSCP style) |
DarkCoderSc
/ ssh-enumusers.py
Created
November 4, 2019 11:19
Modified version of CVE-2018-15473 originally coded by Justin Gardner.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit: OpenSSH 7.7 - Username Enumeration | |
| # Author: Justin Gardner | |
| # Date: 2018-08-20 | |
| # Software: https://ftp4.usa.openbsd.org/pub/OpenBSD/OpenSSH/openssh-7.7.tar.gz | |
| # Affected Versions: OpenSSH version < 7.7 | |
| # CVE: CVE-2018-15473 | |
| # | |
| # Modified version by Jean-Pierre LESUEUR (@darkcodersc) 04/11/2019 | |
| # --> Support Python3 | |
| # --> Removed export functions |
DarkCoderSc
/ cmd_perl.cgi
Created
October 25, 2019 14:32
example : http://targeturl/cmd_perl.cgi?cmd=whoami
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl | |
| use strict; | |
| use warnings; | |
| use CGI qw(); | |
| my $cgi = CGI->new(); | |
| print "Cache-Control: no-cache\n"; | |
| print "Content-type: text/plain\n\n"; |
DarkCoderSc
/ file2lnk.py
Created
June 8, 2018 08:36
Generate a Microsoft Windows Shortcut and inject a file inside of it. When the shortcut is executed, the file is extracted and executed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #------------------------------------------------------------------------------- | |
| # PHROZEN SAS (c) 2018 - www.phrozen.io | |
| # Jean-Pierre LESUEUR (jplesueur@phrozen.io) | |
| # | |
| # Name : File2Lnk | |
| # Description : File Binder (Wrapper) using Microsoft Windows Shortcuts (.LNK) | |
| # Category : Malware Research | |
| # Version : 0.1 (26/05/2018) | |
| # Target OS : Microsoft Windows (32/64 bit) | |
| # License : MIT |
DarkCoderSc
/ GenMalShortcut.dpr
Last active
April 3, 2021 13:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {-----------------------------------------------------------------------------------------------------------------------} | |
| { PHROZEN SAS (c) 2018 - www.phrozen.io } | |
| { Jean-Pierre LESUEUR (jplesueur@phrozen.io) } | |
| { } | |
| { Create a Windows Shortcut by code and inject a potential malicious single line command, for post extraction and } | |
| { execution. } | |
| {-----------------------------------------------------------------------------------------------------------------------} | |
| program Shortcut_gen; |