xpn
/ AADLAPS_Request.txt
Last active
January 30, 2024 10:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| GET /beta/deviceLocalCredentials/[DEVICE-ID]?$select=credentials HTTP/1.1 | |
| ocp-client-version: 1.0 | |
| client-request-id: 96cbfa59-dbfc-4a92-b261-7f77bd8f4b9b | |
| ocp-client-name: Get-LapsAADPassword Windows LAPS Cmdlet | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.22621; en-US) PowerShell/5.1.22621.963 Invoke-MgGraphRequest | |
| SdkVersion: graph-powershell/1.26.0, Graph-dotnet-1.25.1 | |
| FeatureFlag: 00000047 | |
| Cache-Control: no-store, no-cache | |
| Authorization: Bearer [AAD-JWT-HERE] | |
| Accept-Encoding: gzip |
xpn
/ LAPSDecrypt.cs
Last active
October 11, 2024 18:16
Quick POC looking at how encryption works for LAPS (v2)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.DirectoryServices.Protocols; | |
| using System.Globalization; | |
| using System.Linq; | |
| using System.Runtime.InteropServices; | |
| using System.Runtime.InteropServices.ComTypes; | |
| using System.Security.Policy; | |
| using System.Security.Principal; | |
| using System.Text; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Twitter thread: https://twitter.com/_xpn_/status/1543682652066258946 (was a bit bored ;) | |
| // Needs to be run on the SCCM server containing the "Microsoft Systems Management Server" CSP for it to work. | |
| using System; | |
| using System.Collections.Generic; | |
| using System.Runtime.InteropServices; | |
| namespace SCCMDecryptPOC | |
| { | |
| internal class Program |
xpn
/ DogFoodExec.cs
Created
May 3, 2021 23:10
https://blog.xpnsec.com/weird-ways-to-execute-dotnet/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Reflection; | |
| using System.Runtime.InteropServices; | |
| using System.Linq; | |
| namespace NautilusProject | |
| { | |
| internal class CombinedExec | |
| { | |
| public static IntPtr AllocMemory(int length) |
xpn
/ WriteGadget.cs
Created
May 3, 2021 23:09
https://blog.xpnsec.com/weird-ways-to-execute-dotnet/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Linq; | |
| using System.Text; | |
| using System.Threading.Tasks; | |
| namespace NautilusProject | |
| { | |
| public class WriteGadget | |
| { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Reflection; | |
| using System.Runtime.InteropServices; | |
| namespace NautilusProject | |
| { | |
| public class ReadGadget | |
| { | |
| public static IntPtr ReadMemory(IntPtr addr) | |
| { |
xpn
/ ExecNativeSlot.cs
Created
May 3, 2021 23:06
https://blog.xpnsec.com/weird-ways-to-execute-dotnet/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Reflection; | |
| using System.Runtime.InteropServices; | |
| namespace NautilusProject | |
| { | |
| public class ExecNativeSlot | |
| { | |
| public static void Execute() | |
| { |
xpn
/ ExecStubOverwriteWithoutPInvoke.cs
Created
May 3, 2021 22:58
https://blog.xpnsec.com/weird-ways-to-execute-dotnet/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Reflection; | |
| using System.Runtime.InteropServices; | |
| namespace NautilusProject | |
| { | |
| public class ExecStubOverwriteWithoutPInvoke | |
| { | |
| public static void Execute(byte[] shellcode) | |
| { |
xpn
/ ExecStubOverwrite.cs
Created
May 3, 2021 22:56
https://blog.xpnsec.com/weird-ways-to-execute-dotnet/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Runtime.InteropServices; | |
| namespace NautilusProject | |
| { | |
| public class ExecStubOverwrite | |
| { | |
| public static void Execute(byte[] shellcode) | |
| { | |
| // mov rax, 0x4141414141414141 |
xpn
/ dotnet_inject.cpp
Created
September 13, 2020 22:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Compile with g++ dotnet_injectbundle.cpp -o dotnet_injectbundle | |
| #include <stdio.h> | |
| #include <fcntl.h> | |
| #include <string.h> | |
| #include <unistd.h> | |
| #include <stdlib.h> | |
| #include "main.h" | |
| // libcorclr.dll signature for finding hlpDynamicFuncTable |
NewerOlder