| // dllmain.cpp : Defines the entry point for the DLL application. | |
| #include "pch.h" | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #define _CRT_SECURE_NO_DEPRECATE | |
| #pragma warning (disable : 4996) | |
| // generated with sharpdllproxy. |
| using System.Data.Common; | |
| using System.Runtime.CompilerServices; | |
| using System.Text; | |
| using Npgsql; | |
| GetCatalogItemsSql(null, null, null, 10); | |
| void GetCatalogItemsSql(int? catalogBrandId, int? before, int? after, int pageSize) | |
| { | |
| // This looks like it would be susceptible to SQL injection, but it's not. |
| #!/usr/bin/env python3 | |
| # | |
| # String decryption for unknown malware | |
| # | |
| # Author: @jaydinbas (2023-05-02) | |
| # | |
| # Reference sample: | |
| # | |
| # https://www.virustotal.com/gui/file/88c10674bb6a53791bfe08497948699bf57ea9980a878a3a5fc1afb160d1d234 | |
| # |
| ''' | |
| Author: Mohamed Ashraf (@X__Junior) | |
| tested samples: | |
| 0be6f1e927f973df35dad6fc661048236d46879ad59f824233d757ec6e722bde | |
| 3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79 | |
| usage: | |
| python3 lockbit_macos_string_decryption.py sample.bin | |
| ''' |
There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException() and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context.
| #Thank you @NotMedic for troubleshooting/validating stuff! | |
| $password = Read-Host -Prompt "Enter Password" | |
| #^^ Feel free to hardcode this for running in a beacon/not retyping it all the time! | |
| $server = "admin" #This will just decide the name of the cert request files that are created. I didn't want to change the var name so it's server for now. | |
| $CERTPATH = "C:\Users\lowpriv\Desktop\" #Where do you want the cert requests to be stored? | |
| $CAFQDN = "dc01.alexlab.local" #hostname of underlying CA box. | |
| $CASERVER = "alexlab-dc01-ca" #CA name. | |
| $CA = $CAFQDN + "\" + $CASERVER |
| @echo off | |
| REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²° | |
| REM °² Enumerates all files extensions ²° | |
| REM °² and what opens them on Windows 10/11 in batch/cmd ²° | |
| REM °² twitter: @ollieatnowhere ²° | |
| REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²° | |
| REM ------------------------------------------------------ | |
| REM |
| import dnfile, sys, os | |
| def Main(): | |
| if(len(sys.argv) != 2 or sys.argv[1] == '-h' or sys.argv[1] == '--help'): | |
| print("Description: Creates x64dbg script for setting breakpoints on defined ImplMap (PInvoke) methods of .NET executable") | |
| print(f"Usage: {os.path.basename(sys.argv[0])} <filepath>\n") | |
| sys.exit() | |
| file_path = sys.argv[1] | |
| script_path = file_path + "_x64dbg.txt" |
| // TcbElevation - Authors: @splinter_code and @decoder_it | |
| #define SECURITY_WIN32 | |
| #include <windows.h> | |
| #include <sspi.h> | |
| #include <stdio.h> | |
| #pragma comment(lib, "Secur32.lib") | |
| void EnableTcbPrivilege(BOOL enforceCheck); |
| # Pack macro-enabled doc to ISO | |
| py PackMyPayload.py Resume1337.xlsm test11.iso | |
| # Apply MOTW on that ISO | |
| Set-Content -Path test11.iso -Stream Zone.Identifier -Value '[ZoneTransfer]','ZoneId=3' | |
| # Mount it | |
| Mount-DiskImage -ImagePath test11.iso |