TGE ThunderGunExpress
ThunderGunExpress
/ gist:d221b316c94c4b7403f3179292c23ccb
Created
October 9, 2022 23:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //All credit goes to Ysoserial.net and the great @tiraniddo | |
| //Snippets copied from ysoserial.net | |
| //https://thewover.github.io/Mixed-Assemblies/ - Great read! | |
| //https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui - Another great read | |
| using System; | |
| using System.Collections.Generic; | |
| using System.Runtime.Serialization.Formatters.Binary; | |
| using System.IO; | |
| using System.Reflection; |
ThunderGunExpress
/ SuRestore.cpp
Last active
June 21, 2020 10:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //https://decoder.cloud/2018/02/12/the-power-of-backup-operatos/ | |
| //https://github.com/decoder-it/BadBackupOperator/blob/master/SuBackup/SuBackup/SuBackup.cpp | |
| //https://docs.microsoft.com/en-us/windows/win32/services/writing-a-servicemain-function | |
| //https://docs.microsoft.com/en-us/windows/win32/vds/loading-vds | |
| //Replace system command with your code. If DewIt() does not run, check if the vds service is running, it should be on-demand. | |
| #define UNICODE | |
| #include <windows.h> | |
| #include <stdio.h> | |
| #include <Psapi.h> |
ThunderGunExpress
/ rdpdc_hunter.cpp
Created
November 7, 2019 03:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Reference | |
| //https://gist.github.com/truekonrads/3173572 | |
| //https://docs.microsoft.com/en-us/windows/win32/api/wtsapi32/nf-wtsapi32-wtsvirtualchannelquery | |
| //https://github.com/FreeRDP/FreeRDP/blob/master/winpr/libwinpr/wtsapi/test/TestWtsApiQuerySessionInformation.c | |
| #include <Windows.h> | |
| #include <stdio.h> | |
| #include <wtsapi32.h> | |
| #include <tsvirtualchannels.h> |