This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.EnterpriseServices; | |
using System.Runtime.InteropServices; | |
/* | |
Author: Casey Smith, Twitter: @subTee | |
License: BSD 3-Clause | |
Create Your Strong Name Key -> key.snk |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
REGSVR odbcconf.dll |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Invoke-ExcelMacroPivot{ | |
<# | |
.AUTHOR | |
Matt Nelson (@enigma0x3) | |
.SYNOPSIS | |
Pivots to a remote host by using an Excel macro and Excel's COM object | |
.PARAMETER Target | |
Remote host to pivot to | |
.PARAMETER RemoteDocumentPath | |
Local path on the remote host where the payload resides |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Create-LNKPayload{ | |
<# | |
.SYNOPSIS | |
Generates a malicous LNK file | |
.PARAMETER LNKName | |
Name of the LNK file you want to create. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Invoke-UACBypass { | |
<# | |
.SYNOPSIS | |
Bypasses UAC on Windows 10 by abusing the SilentCleanup task to win a race condition, allowing for a DLL hijack without a privileged file copy. | |
Author: Matthew Graeber (@mattifestation), Matt Nelson (@enigma0x3) | |
License: BSD 3-Clause | |
Required Dependencies: None | |
Optional Dependencies: None |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Invoke-RunScriptHelperExpression { | |
<# | |
.SYNOPSIS | |
Executes PowerShell code in full language mode in the context of runscripthelper.exe. | |
.DESCRIPTION | |
Invoke-RunScriptHelperExpression executes PowerShell code in the context of runscripthelper.exe - a Windows-signed PowerShell host application which appears to be used for telemetry collection purposes. The PowerShell code supplied will run in FullLanguage mode and bypass constrained language mode. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# first: mkdir user && cd user && cp /path/to/get_gists.py . | |
# python3 get_gists.py user | |
import requests | |
import sys | |
from subprocess import call | |
user = sys.argv[1] | |
r = requests.get('https://api.github.com/users/{0}/gists'.format(user)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" ?> | |
<!-- Te.exe DataDrivenTest.wsc --> | |
<!-- C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF > ./TE.exe DataDrivenTest.wsc --> | |
<!-- Test Authoring and Execution Framework v5.8k for x64 --> | |
<!-- StartGroup: VBSampleTests::TestOne --> | |
<!-- Calling TestOne --> | |
<!-- EndGroup: VBSampleTests::TestOne [Passed] --> | |
<!-- Summary: Total=1, Passed=1, Failed=0, Blocked=0, Not Run=0, Skipped=0 --> | |
<?component error="true" debug="true"?> | |
<package> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
T1103 - AppInitDlls | |
T1017 - Application Deployment Software | |
T1131 - Authentication Package | |
T1009 - Binary Padding | |
T1042 - Change Default Association | |
T1116 - Code Signing | |
T1122 - Component Object Model Hijacking | |
T1003 - Credential Access | |
T1055 - DLL Injection | |
T1038 - DLL Search Order Hijacking |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0"?> | |
<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi"> | |
<Product Id="*" UpgradeCode="12345678-1234-1234-1234-111111111111" Name="Example Product Name" Version="0.0.1" Manufacturer="@_xpn_" Language="1033"> | |
<Package InstallerVersion="200" Compressed="yes" Comments="Windows Installer Package"/> | |
<Media Id="1" Cabinet="product.cab" EmbedCab="yes"/> | |
<Directory Id="TARGETDIR" Name="SourceDir"> | |
<Directory Id="ProgramFilesFolder"> | |
<Directory Id="INSTALLLOCATION" Name="Example"> | |
<Component Id="ApplicationFiles" Guid="12345678-1234-1234-1234-222222222222"> |
OlderNewer