Skip to content

Instantly share code, notes, and snippets.

@rasta-mouse
rasta-mouse / NtCreateUserProcess.cs
Created December 20, 2022 22:19
Attempt at NtCreateUserProcess in C# (not working)
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace CreateProcess;
internal static class Program
{
public static void Main(string[] args)
{
@rasta-mouse
rasta-mouse / Program.cs
Created January 31, 2021 14:52
Modifying self with dnlib
using dnlib.DotNet;
using dnlib.DotNet.Emit;
using System;
using System.IO;
using System.Linq;
using System.Reflection;
namespace ConsoleApp1
{
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace BlockDllTest
{
class Program
{
static void Main(string[] args)
{
Invoke-Expression 'AMSI Test Sample: 7e72c3ce-861b-4339-8740-0ac1484c1386'
Exchange Online
Type Priority Host name Points to address or value TTL
MX 0 @ <domain>-<tld>.mail.protection.outlook.com 1 Hour
TXT - @ v=spf1 include:spf.protection.outlook.com -all 1 Hour
CNAME - autodiscover autodiscover.outlook.com 1 Hour
------------------
Skype for Business
1. C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /target:library C:\Tools\shellcodeLauncher.cs
2. DotNetToJScript.exe --lang=JScript --ver=v4 -c ShellCodeLauncher.Program C:\Tools\shellcodeLauncher.dll
@rasta-mouse
rasta-mouse / PowerView
Last active April 11, 2018 21:20
Some helpful PowerView commands
Find-DomainLocalGroupMember -GroupName Administrators | Select-Object ComputerName, MemberName | Export-Csv -NoTypeInformation -Path local-admins.csv
Get-DomainGPO | % { Get-DomainObjectAcl -Identity $_.name -ResolveGUIDs }
Windows Server 2016
http://care.dlservice.microsoft.com/dl/download/1/4/9/149D5452-9B29-4274-B6B3-5361DBDA30BC/14393.0.161119-1705.RS1_REFRESH_SERVER_EVAL_X64FRE_EN-US.ISO
Windows Server 2012 R2
http://care.dlservice.microsoft.com/dl/download/6/2/A/62A76ABB-9990-4EFC-A4FE-C7D698DAEB96/9600.17050.WINBLUE_REFRESH.140317-1640_X64FRE_SERVER_EVAL_EN-US-IR3_SSS_X64FREE_EN-US_DV9.ISO
Windows 10 LTSB
http://care.dlservice.microsoft.com/dl/download/C/C/9/CC961888-75C0-479B-B21A-A0CC81978111/14393.0.160715-1616.RS1_RELEASE_CLIENTENTERPRISE_S_EVAL_X64FRE_EN-GB.ISO

Keybase proof

I hereby claim:

  • I am rasta-mouse on github.
  • I am rasta_mouse (https://keybase.io/rasta_mouse) on keybase.
  • I have a public key ASDdfXATXOdgG0AVemBJUOTM1rTjZmEa8gDu07AhfFx4qwo

To claim this, I am signing this object:

#include <stdio.h>
#include <stdlib.h>
int main(int argc, char *argv[])
{
if(!argv[1])
exit(1);
printf("%#x\n", getenv(argv[1]));
return 0;
}