Skip to content

Instantly share code, notes, and snippets.

James Forshaw tyranid

View GitHub Profile
View kill_file_locker.ps1
Import-Module NtObjectManager
<#
Function to kill all processes which are using a locked file.
#>
function Kill-FileLocker {
param(
[Parameter(Mandatory)]
[string]$Path
)
View bypass_uac.ps1
# Powershell script to bypass UAC on Vista+ assuming
# there exists one elevated process on the same desktop.
# Technical details in:
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-1.html
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-2.html
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-3.html
# You need to Install-Module NtObjectManager for this to run.
Import-Module NtObjectManager
@tyranid
tyranid / ntfs_testcase.cpp
Created Jun 2, 2014
Test Case for Illegal NTFS Names
View ntfs_testcase.cpp
#include <stdio.h>
#include <tchar.h>
#include <Windows.h>
#include <string>
int _tmain(int argc, _TCHAR* argv[])
{
for (int i = 1; i < 128; ++i)
{
std::wstring name = L".\a";
@tyranid
tyranid / cmdfile registration
Created May 22, 2014
A registry file for cmdfile registration
View cmdfile registration
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Classes\cmdfile\shell\open\command]
@="c:\\windows\\system32\\calc.exe"
View Test for MS14-027
#include <stdio.h>
#include <tchar.h>
#include <Windows.h>
int wmain(int argc, WCHAR* argv[])
{
if (argc < 2)
{
printf("Usage: ImpersonateSHExec filename [sessionid]\n");
return 1;
You can’t perform that action at this time.