qtc-de

#include <windows.h>
#include <stdio.h>
#include <tchar.h>
#include <psapi.h>
#include <winnt.h>
#include <winternl.h>

typedef NTSTATUS(*MyNtQueryInformationProcess)(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);

int main(int argc, char** argv)

qtc-de

#flag -lws2_32
#include "winsock2.h"

struct WSADATA {
mut:
	w_version        u16
	w_high_version   u16
	i_max_sockets    u16
	i_max_udp_dg     u16
	lp_vendor_info   &string = 0

qtc-de

#!/bin/bash

function usage()
{
    NAME=$(basename $0)

    echo "Usage: $NAME [filter] [path]"
    echo ""
    echo "Arguments:"
    echo "  filter          regex filter that is applied to archive contents"

qtc-de

#!/bin/bash

if ! command -v ugrep &> /dev/null; 
then
    echo "[-] Error: ugrep is not available, but required for this script."
    exit 1
fi

function usage()
{

qtc-de

#!/usr/bin/env python3

import re
import sys
import argparse


class Xor:
    '''
    Helper class for performing xor operations.

qtc-de

#!/usr/bin/env python3

import string
import argparse
import itertools
from typing import Iterator


def swaperoo(target: str) -> Iterator[str]:
    '''

qtc-de

' ********************************************************************************************************
'
' VBA reverse shell that uses Win32 API calls. Most of the code was copied from the following resources:
'
'   * https://stackoverflow.com/questions/8670391
'   * https://stackoverflow.com/questions/43197814
'   * https://renenyffenegger.ch/notes/development/languages/VBA/Win-API/examples/
'
' The code demonstrates more complex usage example for calling Win32 API from VBA and should be used
' for educational purpose only. During development I was mainly interested whether the WSAData or the

qtc-de

<#

DynWin32-ShellcodeProcessHollowing.ps1 performs shellcode based process hollowing using
dynamically looked up Win32 API calls. The script obtains the methods GetModuleHandle,
GetProcAddress and CreateProcess by using reflection. Afterwards it utilizes GetModuleHandle
and GetProcAddress to obtain the addresses of the other required Win32 API calls.

When all required Win32 API calls are looked up, it starts svchost.exe in a suspended state
and overwrites the entrypoint with the specified shellcode. Afterwards, the thread is resumed
and the shellcode is executed enveloped within the trusted svchost.exe process.

qtc-de

<#

DynWin32-ReverseShell.ps1 is a reverse shell based on dynamically looked up Win32 API calls.
The script uses reflection to obtain access to GetModuleHandle, GetProcAddress and CreateProcess.
Afterwards it uses GetModuleHandle and GetProcAddress to resolve the required WSA functions
from ws2_32.dll.

This script should be used for educational purposes only (and maybe while playing CTF :D).
It was only tested on Windows 10 (x64) and is probably not stable or portable. It's only
purpose is to demonstrate the usage of reflective lookups of Win32 API calls. See it as

qtc-de

/*
 * Simple Windows reverse shell. For educational purposes only!
 *
 * Compile on Windows (developer prompt):
 *   C:\> cl windows-reverse-shell.c
 *
 * Compile on Linux (mingw):
 *   $ x86_64-w64-mingw32-gcc windows-reverse-shell.c -o shell.exe -lws2_32
 */
#include <winsock2.h>