luxcupitor
luxcupitor
/ refl.cpp
Created
October 18, 2024 11:51
— forked from GeneralTesler/refl.cpp
PoC using RtlCreateProcessReflection + MiniDumpWriteDump to dump lsass.exe process memory
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <iostream> | |
| #include <DbgHelp.h> | |
| #include <processsnapshot.h> | |
| #include <TlHelp32.h> | |
| #include <processthreadsapi.h> | |
| //process reflection stuff copied from: https://github.com/hasherezade/pe-sieve/blob/master/utils/process_reflection.cpp | |
| //minidump/process searching copied from: https://ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass | |
| //compile using: cl.exe refl.cpp /DUNICODE |
luxcupitor
/ fork.c
Created
October 18, 2024 11:50
— forked from petrsmid/fork.c
fork() for Windows with fixed Console
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * fork.c | |
| * Experimental fork() on Windows. Requires NT 6 subsystem or | |
| * newer. | |
| * | |
| * Improved version with fixed Console | |
| * | |
| * Copyright (c) 2023 Petr Smid | |
| * Copyright (c) 2012 William Pitcock <nenolod@dereferenced.org> | |
| * |
luxcupitor
/ winfork.c
Created
October 18, 2024 11:48
— forked from juntalis/winfork.c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * fork.c | |
| * Experimental fork() on Windows. Requires NT 6 subsystem or | |
| * newer. | |
| * | |
| * Copyright (c) 2012 William Pitcock <nenolod@dereferenced.org> | |
| * | |
| * Permission to use, copy, modify, and/or distribute this software for any | |
| * purpose with or without fee is hereby granted, provided that the above | |
| * copyright notice and this permission notice appear in all copies. |
luxcupitor
/ Program.cs
Created
September 18, 2024 12:04
— forked from sploutchy/Program.cs
KrbRelay Remote Capable
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using KrbRelay.Clients; | |
| using KrbRelay.Com; | |
| using Microsoft.Win32; | |
| using NetFwTypeLib; | |
| using SMBLibrary; | |
| using SMBLibrary.Client; | |
| using System; | |
| using System.Collections.Generic; | |
| using System.Diagnostics; | |
| using System.Linq; |
luxcupitor
/ sccmdecryptpoc.cs
Created
August 22, 2024 13:23
— forked from xpn/sccmdecryptpoc.cs
SCCM Account Password Decryption POC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Twitter thread: https://twitter.com/_xpn_/status/1543682652066258946 (was a bit bored ;) | |
| // Needs to be run on the SCCM server containing the "Microsoft Systems Management Server" CSP for it to work. | |
| using System; | |
| using System.Collections.Generic; | |
| using System.Runtime.InteropServices; | |
| namespace SCCMDecryptPOC | |
| { | |
| internal class Program |
luxcupitor
/ frier.py
Created
August 21, 2024 12:35
— forked from klezVirus/frier.py
Attempt to hook a NT functionwhile also try to recover partial information about the caller (module, address)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import frida | |
| import sys | |
| import subprocess | |
| import ctypes | |
| import threading | |
| import multiprocessing | |
| import argparse | |
| def inject_dummy(): |
luxcupitor
/ rpcpsgen.py
Created
August 21, 2024 12:33
— forked from klezVirus/rpcpsgen.py
Script to generate a RPC ProcString as a byte array
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| import time | |
| from binascii import hexlify | |
| def generate_array(n_params): | |
| # Basic array structure | |
| proc_string = [ | |
| 0x32, # FC_BIND_PRIMITIVE | |
| 0x48, # Old Flags: |
luxcupitor
/ dblchk.py
Created
August 21, 2024 12:32
— forked from klezVirus/dblchk.py
Script to check how many and which vulnerable drivers (listed in the LOLDrivers project) are not covered by Microsoft Recommended Blocklist
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # ====================================== | |
| # Requires the following deps: | |
| # pip install xmltodict, requests, bs4 | |
| # ====================================== | |
| from argparse import ArgumentParser | |
| from pathlib import Path | |
| import requests | |
| import zipfile |
luxcupitor
/ get_processes_dlls_threads.py
Created
June 26, 2024 15:35
— forked from topin89/get_processes_dlls_threads.py
For Windows, get all processes, theirs modules (aka DLLs) and threads in Python 3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Based on recipe http://code.activestate.com/recipes/576362-list-system-process-and-process-information-on-win/ | |
| #also hosted here https://github.com/ActiveState/code/blob/master/recipes/Python/576362_List_System_Process_Process/recipe-576362.py | |
| #by winterTTr Dong , http://code.activestate.com/recipes/users/4164498/ | |
| #updated by topin89 | |
| #License: MIT | |
| from ctypes import c_long , c_int , c_uint , c_char , c_ubyte , c_char_p , c_void_p, c_size_t, c_ulong, c_wchar | |
| from ctypes import windll | |
| from ctypes import Structure | |
| from ctypes import sizeof , POINTER , pointer , cast |
luxcupitor
/ xwin.dockerfile
Created
May 13, 2024 13:40
— forked from Jake-Shadle/xwin.dockerfile
Example dockerfile for cross compilation of `x86_64-pc-windows-msvc` Rust binaries in a Linux container
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # We'll just use the official Rust image rather than build our own from scratch | |
| FROM docker.io/library/rust:1.54.0-slim-bullseye | |
| ENV KEYRINGS /usr/local/share/keyrings | |
| RUN set -eux; \ | |
| mkdir -p $KEYRINGS; \ | |
| apt-get update && apt-get install -y gpg curl; \ | |
| # clang/lld/llvm | |
| curl --fail https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --dearmor > $KEYRINGS/llvm.gpg; \ |
NewerOlder