草泥马之家

Windows与.Net.....

首页
文档
工具
留言本

Windows

DCOM Potato

去年猫猫托梦的两颗土豆。

完全基于DCOM特性，原理很简单，技术很老旧，实现不复杂。

但很有用。

Tags： Exploit 工具 Windows COM

Windows

Advanced Windows TaskScheduler Playbook - Part.3 from RPC to lateral movement

Windows计划任务系列第二篇，一个基于MS-TSCH的远程PowerShell。

Tags： Windows TaskScheduler COM PowerShell

Windows

Advanced Windows Task Scheduler Playbook - Part.2 from COM to UAC bypass and get SYSTEM dirtectly

Windows计划任务系列第二篇，讲一个未公开的UAC绕过。

Tags： RPC COM TaskScheduler Windows

Windows

Advanced Windows Task Scheduler Playbook - Part.1 basic

Windows计划任务系列开篇，本系列讲述一些更贴近本质的使用，本章为基础知识。

Tags： Windows TaskScheduler RPC COM

‹‹ 1 ››

搜索

最近发表

DCOM Potato
Advanced Windows TaskScheduler Playbook - Part.3 from RPC to lateral movement
Advanced Windows Task Scheduler Playbook - Part.2 from COM to UAC bypass and get SYSTEM dirtectly
Advanced Windows Task Scheduler Playbook - Part.1 basic
EfsPotato
CVE-2020-17144漏洞分析与武器化
Windows任意文件下载的三个Tips
CVE-2020-0688的武器化与.net反序列化漏洞那些事
POP3 MITM思路与简单实现
RemoteFreeLibrary

最新留言

Now try the ysoserial.net directly, in fact, I was submitted a pull request for it a few years ago.You just need to use `ActivitySurrogateSelectorFromFile` and pass your own backdoor assembly to generate the payload, this is the large byte array named `stub` in the source.And, if the .net framework installed on the target server is updated(I forgot the exact time, maybe after 2020), the `ActivitySurrogateDisableTypeCheck` payload is also needed, this is the small byte array named `v48disablecheck` in the source.Have fun.
Hi All.plz update code.thanks A lot.
Hey currently in an active pentest and wanted to check out your Sharepoint CVE that just dropped. Any way to contact you and discuss?
Hi.plz Update cve-2017-7269https://github.com/zcgonvh/cve-2017-7269-tool
Hello first of all very thankful for your writeup and work done on the poc and rce.Wanted to ask you how did you generate the payload? where from etc.I tried generating the exact payload of your poc for example and didnt manage to get the same result or a result that worked.I need to generate my payload from zero so if you'd be able to explain how did you do that or give the source code of yours it will be very helpfulThanks alot
I'm sorry it took me some time to find my report, I've sent you an email, please check it.
Hi,I'am currently having some difficulty in trying to reproduce the CVE-2023-21706 and CVE-2023-21710 of yours, can you give me some hints.Nguyen
6
我收回这句话，当我没说，解压密码找到了
压缩包双击打开，仔细看工具栏那里，有个《注释》选项，点开里面就是解压密码，其实楼主的名字就是解压密码

分类归档

Sql (9)
Exp (8)
Asp.Net (5)
Web (4)
c/c++ (4)
域渗透 (4)
杂谈 (3)
Script (3)
.Net (2)
WinDbg (2)
PowerShell (2)
Wmi (1)
MITM (1)

RSS

联系方式: zcgonvh#at#qq.com

草泥马之家

Windows与.Net.....

Windows

DCOM Potato

2022年12月09日 / 作者：zcgonvh / 分类：Windows / 评论：0 / 浏览：4366

Tags： Exploit 工具 Windows COM

Windows

Advanced Windows TaskScheduler Playbook - Part.3 from RPC to lateral movement

2022年09月28日 / 作者：zcgonvh / 分类：Windows / 评论：0 / 浏览：8550

Tags： Windows TaskScheduler COM PowerShell

Windows

Advanced Windows Task Scheduler Playbook - Part.2 from COM to UAC bypass and get SYSTEM dirtectly

2022年06月20日 / 作者：zcgonvh / 分类：Windows / 评论：0 / 浏览：24975

Tags： RPC COM TaskScheduler Windows

Windows

Advanced Windows Task Scheduler Playbook - Part.1 basic

2022年05月30日 / 作者：zcgonvh / 分类：Windows / 评论：0 / 浏览：8282

Tags： Windows TaskScheduler RPC COM

Copyright GMH's Home. Powered By Z-Blog.