Thomas M thomasxm

## Mounting VirtualBox shared folders on Ubuntu Server 16.04 LTS.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                thomasxm
                / Mounting VirtualBox shared folders on Ubuntu Server 16.04 LTS.md
            
            
              Created
              July 21, 2022 14:08
                — forked from estorgio/Mounting VirtualBox shared folders on Ubuntu Server 16.04 LTS.md
            
              
                Mounting VirtualBox shared folders on Ubuntu Server 16.04 LTS
              
          
    Update 28 July 2019: An updated version of this guide for Ubuntu Server 18.04 LTS is now available. Feel free to check it out.
Update 23 May 2020: This guide is ALREADY OUTDATED and might no longer work with new versions of Ubuntu and VirtualBox. Please consider switching to the updated guide instead. I will no longer respond to the replies to this gist. Thank you.
Mounting VirtualBox shared folders on Ubuntu Server 16.04 LTS

This guide will walk you through steps on how to setup a VirtualBox shared folder inside your Ubuntu Server guest. Tested on Ubuntu Server 16.04.3 LTS (Xenial Xerus)

  
## PowerView-3.0-tricks.ps1
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
#   tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
#   https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

# New function naming schema:
#   Verbs:
#       Get : retrieve full raw data sets
#       Find : ‘find’ specific data entries in a data set

## Get-InjectedThread.ps1
function Get-InjectedThread
{
    <#

    .SYNOPSIS

    Looks for threads that were created as a result of code injection.

    .DESCRIPTION


## main.cpp
#include <WinSock2.h> // must preceed #include <windows.h>
#include <WS2tcpip.h>
#include <windows.h>
#include <winnt.h>
#include <winternl.h>
#include <stddef.h>
#include <stdio.h>

#define htons(A) ((((WORD)(A) & 0xff00) >> 8) | (((WORD)(A) & 0x00ff) << 8))

## main.cpp
#include <WinSock2.h> // must preceed #include <windows.h>
#include <WS2tcpip.h>
#include <windows.h>
#include <winnt.h>
#include <winternl.h>
#include <stddef.h>
#include <stdio.h>

#define htons(A) ((((WORD)(A) & 0xff00) >> 8) | (((WORD)(A) & 0x00ff) << 8))

## patchless_amsi.h
#ifndef PATCHLESS_AMSI_H
#define PATCHLESS_AMSI_H

#include <windows.h>

static const int AMSI_RESULT_CLEAN = 0;

PVOID g_amsiScanBufferPtr = nullptr;

unsigned long long setBits(unsigned long long dw, int lowBit, int bits, unsigned long long newValue) {

## BaseThreadInitThunk.cpp
//
// Every new thread starts with ntdll!RtlUserThreadStart and it typically calls kernel32!BaseThreadInitThunk
//
// Some applications like Mozilla Firefox and Microsoft Edge will replace this with their own function for hooking purposes.
// The following code shows how to find it without using debugging symbols.
//
// @modexpblog
//

#define PHNT_VERSION PHNT_VISTA

## BaseThreadInitThunk.cpp
//
// Every new thread starts with ntdll!RtlUserThreadStart and it typically calls kernel32!BaseThreadInitThunk
//
// Some applications like Mozilla Firefox and Microsoft Edge will replace this with their own function for hooking purposes.
// The following code shows how to find it without using debugging symbols.
//
// @modexpblog
//

#define PHNT_VERSION PHNT_VISTA

## mask.cpp

//
// Simple obfuscation using byte substitution
//

#include <cstdio>
#include <cstdint>
#include <cstdlib>
#include <cstring>
#include <cmath>

## gist:b5e37c0dc0547c2eb4e6a3d9d039f5f3
e75187cee7250f9f2c0e1473a3d707d456af716f54c418f62ad9f3c9414fa121
	# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
	# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

	# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
	# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

	# New function naming schema:
	# Verbs:
	# Get : retrieve full raw data sets
	# Find : ‘find’ specific data entries in a data set
	function Get-InjectedThread
	{
	<#

	.SYNOPSIS

	Looks for threads that were created as a result of code injection.

	.DESCRIPTION
	#include <WinSock2.h> // must preceed #include <windows.h>
	#include <WS2tcpip.h>
	#include <windows.h>
	#include <winnt.h>
	#include <winternl.h>
	#include <stddef.h>
	#include <stdio.h>

	#define htons(A) ((((WORD)(A) & 0xff00) >> 8) \| (((WORD)(A) & 0x00ff) << 8))
	#ifndef PATCHLESS_AMSI_H
	#define PATCHLESS_AMSI_H

	#include <windows.h>

	static const int AMSI_RESULT_CLEAN = 0;

	PVOID g_amsiScanBufferPtr = nullptr;

	unsigned long long setBits(unsigned long long dw, int lowBit, int bits, unsigned long long newValue) {
	//
	// Every new thread starts with ntdll!RtlUserThreadStart and it typically calls kernel32!BaseThreadInitThunk
	//
	// Some applications like Mozilla Firefox and Microsoft Edge will replace this with their own function for hooking purposes.
	// The following code shows how to find it without using debugging symbols.
	//
	// @modexpblog
	//

	#define PHNT_VERSION PHNT_VISTA

	//
	// Simple obfuscation using byte substitution
	//

	#include <cstdio>
	#include <cstdint>
	#include <cstdlib>
	#include <cstring>
	#include <cmath>