View AADLAPS_Request.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
GET /beta/deviceLocalCredentials/[DEVICE-ID]?$select=credentials HTTP/1.1 | |
ocp-client-version: 1.0 | |
client-request-id: 96cbfa59-dbfc-4a92-b261-7f77bd8f4b9b | |
ocp-client-name: Get-LapsAADPassword Windows LAPS Cmdlet | |
User-Agent: Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.22621; en-US) PowerShell/5.1.22621.963 Invoke-MgGraphRequest | |
SdkVersion: graph-powershell/1.26.0, Graph-dotnet-1.25.1 | |
FeatureFlag: 00000047 | |
Cache-Control: no-store, no-cache | |
Authorization: Bearer [AAD-JWT-HERE] | |
Accept-Encoding: gzip |
View LAPSDecrypt.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.DirectoryServices.Protocols; | |
using System.Globalization; | |
using System.Linq; | |
using System.Runtime.InteropServices; | |
using System.Runtime.InteropServices.ComTypes; | |
using System.Security.Policy; | |
using System.Security.Principal; | |
using System.Text; |
View sccmdecryptpoc.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Twitter thread: https://twitter.com/_xpn_/status/1543682652066258946 (was a bit bored ;) | |
// Needs to be run on the SCCM server containing the "Microsoft Systems Management Server" CSP for it to work. | |
using System; | |
using System.Collections.Generic; | |
using System.Runtime.InteropServices; | |
namespace SCCMDecryptPOC | |
{ | |
internal class Program |
View DogFoodExec.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Reflection; | |
using System.Runtime.InteropServices; | |
using System.Linq; | |
namespace NautilusProject | |
{ | |
internal class CombinedExec | |
{ | |
public static IntPtr AllocMemory(int length) |
View WriteGadget.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.Linq; | |
using System.Text; | |
using System.Threading.Tasks; | |
namespace NautilusProject | |
{ | |
public class WriteGadget | |
{ |
View ReadGadget.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Reflection; | |
using System.Runtime.InteropServices; | |
namespace NautilusProject | |
{ | |
public class ReadGadget | |
{ | |
public static IntPtr ReadMemory(IntPtr addr) | |
{ |
View ExecNativeSlot.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Reflection; | |
using System.Runtime.InteropServices; | |
namespace NautilusProject | |
{ | |
public class ExecNativeSlot | |
{ | |
public static void Execute() | |
{ |
View ExecStubOverwriteWithoutPInvoke.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Reflection; | |
using System.Runtime.InteropServices; | |
namespace NautilusProject | |
{ | |
public class ExecStubOverwriteWithoutPInvoke | |
{ | |
public static void Execute(byte[] shellcode) | |
{ |
View ExecStubOverwrite.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Runtime.InteropServices; | |
namespace NautilusProject | |
{ | |
public class ExecStubOverwrite | |
{ | |
public static void Execute(byte[] shellcode) | |
{ | |
// mov rax, 0x4141414141414141 |
View dotnet_inject.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Compile with g++ dotnet_injectbundle.cpp -o dotnet_injectbundle | |
#include <stdio.h> | |
#include <fcntl.h> | |
#include <string.h> | |
#include <unistd.h> | |
#include <stdlib.h> | |
#include "main.h" | |
// libcorclr.dll signature for finding hlpDynamicFuncTable |
NewerOlder