- Use the modified Magisk module to install the certificate in both the user and the system store.
git clone https://github.com/Magisk-Modules-Repo/movecert.git
- Apply
cp
patch - Magisk-Modules-Repo/movecert#16
import datetime | |
import json | |
from impacket.structure import Structure | |
from enum import Flag, Enum | |
class NegotiateFlags(Flag): | |
NTLMSSP_NEGOTIATE_56 = 0x80000000 | |
NTLMSSP_NEGOTIATE_KEY_EXCH = 0x40000000 | |
NTLMSSP_NEGOTIATE_128 = 0x20000000 |
from mitmproxy import http, ctx | |
from impacket.ntlm import getNTLMSSPType1, getNTLMSSPType3 | |
import requests | |
import logging | |
import base64 | |
username = "username" | |
password = "password" | |
domain = '' |
from impacket.ntlm import getNTLMSSPType1, getNTLMSSPType3 | |
import requests | |
import base64 | |
# Replace these values with your IIS server details | |
target_url = "http://localhost" | |
username = "username" | |
password = "password" | |
domain = '' |
# Requires system privileges! | |
# Thank you: https://github.com/sandytsang/MSIntune/blob/master/Intune-PowerShell/AppLocker/Delete-AppLockerEXE.ps1 | |
$path = "<PATH TO APPLOCKER XML'S>" | |
$xmls = (ls -filter '*.xml' $path |% {$_.FullName}) | |
$Appx, $Dll, $Exe, $Msi, $Script = $null | |
$xmls |% { |
metadata: | |
language: v1-beta | |
name: "Potential Client-Side Desync on erroneous path" | |
description: "Tests for Client-Side Desync vulnerabilities on specifically erroneous paths" | |
author: "Frank Spierings" | |
run for each: | |
potential_path = | |
"/..%2f", | |
"/%2e%2e", |
git clone https://github.com/Magisk-Modules-Repo/movecert.git
cp
patch# Thanks to h2 for the example code and thanks to Portswigger for the awesome free labs! | |
# - https://python-hyper.org/projects/h2/en/stable/plain-sockets-example.html | |
# - https://portswigger.net/web-security/request-smuggling/advanced/lab-request-smuggling-h2-request-splitting-via-crlf-injection | |
# | |
import socket | |
import ssl | |
import h2.connection | |
import h2.events |
/* | |
- Compile: docker run --rm -it -v /tmp/data:/tmp/data mono csc /tmp/data/dinvoke-shellcode.cs -out:/tmp/data/dinvoke-shellcode.exe /platform:x64 /unsafe | |
- Reference (Thanks!) : https://jhalon.github.io/utilizing-syscalls-in-csharp-1/ | |
*/ | |
using System; | |
using System.Runtime.InteropServices; | |
using System.Diagnostics; | |
using System.ComponentModel; | |
using Microsoft.Win32; |
function Invoke-SQLCmd { | |
param( | |
[Parameter(Mandatory=$True)] | |
[string] $Server, | |
[Parameter(Mandatory=$True)] | |
[string] $Database, | |
[Parameter(Mandatory=$True)] | |
[string] $Query | |
); |
diff --git a/SharpShooter.py b/SharpShooter.py | |
index 9b10de1..50cece0 100644 | |
--- a/SharpShooter.py | |
+++ b/SharpShooter.py | |
@@ -286,7 +286,7 @@ End Sub""" | |
raise Exception | |
if(payload_type == 1): | |
- if(args.comtechnique): | |
+ if(args.comtechnique or args.dotnetver == str(4)): |