thinkst-cs

## ImageFileExecutionOptions.ps1
<#
    ImageFileExecutionOptions v1.0
    License: GPLv3
    Author: @netbiosX
#>
# Image File Execution Options Injection Persistence Technique
# https://pentestlab.blog/2020/01/13/persistence-image-file-execution-options-injection/

function Persist-Debugger

## aws-sigv4-ssm-get-parameter.sh
#!/bin/bash

# Source: https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html

[[ -n "${AWS_ACCESS_KEY_ID}" ]]     || { echo "AWS_ACCESS_KEY_ID required" >&2; exit 1; }
[[ -n "${AWS_SECRET_ACCESS_KEY}" ]] || { echo "AWS_SECRET_ACCESS_KEY required" >&2; exit 1; }

readonly parameterName="SlawekTestParam"

readonly method="POST"

## aws-sigv4-ssm-get-parameter.sh
#!/bin/bash

# Source: https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html

[[ -n "${AWS_ACCESS_KEY_ID}" ]]     || { echo "AWS_ACCESS_KEY_ID required" >&2; exit 1; }
[[ -n "${AWS_SECRET_ACCESS_KEY}" ]] || { echo "AWS_SECRET_ACCESS_KEY required" >&2; exit 1; }

readonly parameterName="SlawekTestParam"

readonly method="POST"

## aws-sigv4-ssm-get-parameter.sh
#!/bin/bash

# Source: https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html

[[ -n "${AWS_ACCESS_KEY_ID}" ]]     || { echo "AWS_ACCESS_KEY_ID required" >&2; exit 1; }
[[ -n "${AWS_SECRET_ACCESS_KEY}" ]] || { echo "AWS_SECRET_ACCESS_KEY required" >&2; exit 1; }

readonly parameterName="SlawekTestParam"

readonly method="POST"

## ASR Rules Bypass.vba
' ASR rules bypass creating child processes
' https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction
' https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office
' https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule

Sub ASR_blocked()
    Dim WSHShell As Object
    Set WSHShell = CreateObject("Wscript.Shell")
    WSHShell.Run "cmd.exe"
End Sub

## server.py
#!/usr/bin/env python3
"""
Very simple HTTP server in python for logging requests
Usage::
    ./server.py [<port>]
"""
from http.server import BaseHTTPRequestHandler, HTTPServer
import logging

class S(BaseHTTPRequestHandler):

## self-hosted-runners-playground.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                thinkst-cs
                / self-hosted-runners-playground.md
            
            
              Created
              November 29, 2022 17:08
                — forked from swinton/self-hosted-runners-playground.md
            
              
                Programmatically create a self-hosted runner
              
          
    self-hosted-runners-playground

Programmatically create a self-hosted runner


Download
Configure
Run
Remove

Download


## ProjectedFSLib.h
/*++

Copyright (c) Microsoft Corporation.  All rights reserved.

Module Name:

    projectedfslib.h

Abstract:

## SimpleHTTPServerWithUpload.py
#!/usr/env python3
########################################################################
#
#  Simple HTTP server that  supports file upload  for moving data around
#  between boxen on HTB. Based on a gist by bones7456, but mangled by me
#  as I've tried  (badly) to port it to Python 3, code golf it, and make
#  It a  little more  robust. I was also able to  strip out a lot of the
#  code trivially  because Python3 SimpleHTTPServer is  a thing, and the
#  cgi module handles multipart data nicely.
#

## SystemService.cs
using System;
using System.Diagnostics;
using System.ServiceProcess;

namespace RedTeamingService
{
    public partial class SystemService : ServiceBase
    {
        public static int pid = 0;
	<#
	ImageFileExecutionOptions v1.0
	License: GPLv3
	Author: @netbiosX
	#>
	# Image File Execution Options Injection Persistence Technique
	# https://pentestlab.blog/2020/01/13/persistence-image-file-execution-options-injection/

	function Persist-Debugger
	#!/bin/bash

	# Source: https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html

	[[ -n "${AWS_ACCESS_KEY_ID}" ]] \|\| { echo "AWS_ACCESS_KEY_ID required" >&2; exit 1; }
	[[ -n "${AWS_SECRET_ACCESS_KEY}" ]] \|\| { echo "AWS_SECRET_ACCESS_KEY required" >&2; exit 1; }

	readonly parameterName="SlawekTestParam"

	readonly method="POST"
	' ASR rules bypass creating child processes
	' https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction
	' https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office
	' https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule

	Sub ASR_blocked()
	Dim WSHShell As Object
	Set WSHShell = CreateObject("Wscript.Shell")
	WSHShell.Run "cmd.exe"
	End Sub
	#!/usr/bin/env python3
	"""
	Very simple HTTP server in python for logging requests
	Usage::
	./server.py [<port>]
	"""
	from http.server import BaseHTTPRequestHandler, HTTPServer
	import logging

	class S(BaseHTTPRequestHandler):
	/*++

	Copyright (c) Microsoft Corporation. All rights reserved.

	Module Name:

	projectedfslib.h

	Abstract:
	#!/usr/env python3
	########################################################################
	#
	# Simple HTTP server that supports file upload for moving data around
	# between boxen on HTB. Based on a gist by bones7456, but mangled by me
	# as I've tried (badly) to port it to Python 3, code golf it, and make
	# It a little more robust. I was also able to strip out a lot of the
	# code trivially because Python3 SimpleHTTPServer is a thing, and the
	# cgi module handles multipart data nicely.
	#
	using System;
	using System.Diagnostics;
	using System.ServiceProcess;

	namespace RedTeamingService
	{
	public partial class SystemService : ServiceBase
	{
	public static int pid = 0;