[AHK] Automatic update 👽

Meditology · Aug 4, 2022 · 87e8846 · 87e8846
1 parent e438b34
commit 87e8846
Show file tree

Hide file tree

Showing 5 changed files with 74 additions and 101 deletions.
diff --git a/SUMMARY.md b/SUMMARY.md
@@ -1,16 +1,13 @@
 # Table of Contents
 
-## Pentest
+## Pentest ⚒️
 
 * [C2](pentest/c2/README.md)
   - [Covenant](pentest/c2/covenant.md)
   - [Empire](pentest/c2/empire.md)
   - [Metasploit](pentest/c2/metasploit.md)
   - [PoshC2](pentest/c2/poshc2.md)
   - [Sliver](pentest/c2/sliver.md)
-* [Misc](pentest/misc/README.md)
-  - [OSCP BOF](pentest/misc/oscp-bof.md)
-  - [RE](pentest/misc/re.md)
 * [Infrastructure](pentest/infrastructure/README.md)
   - [AD](pentest/infrastructure/ad/README.md)
     * [ACL Abuse](pentest/infrastructure/ad/acl-abuse.md)
@@ -129,6 +126,9 @@
   - [SNMP](pentest/infrastructure/snmp.md)
   - [TFTP](pentest/infrastructure/tftp.md)
   - [VNC](pentest/infrastructure/vnc.md)
+* [Misc](pentest/misc/README.md)
+  - [OSCP BOF](pentest/misc/oscp-bof.md)
+  - [RE](pentest/misc/re.md)
 * [OSINT](pentest/osint/README.md)
   - [Shodan](pentest/osint/shodan.md)
 * [Password Brute Force](pentest/password-brute-force/README.md)
@@ -166,7 +166,7 @@
     * [Enterprise](pentest/wi-fi/wpa-wpa2/enterprise.md)
     * [Personal](pentest/wi-fi/wpa-wpa2/personal.md)
 
-## Red Team
+## Red Team 🐞
 
 * [Basics](redteam/basics.md)
 * [Cobalt Strike](redteam/cobalt-strike.md)
@@ -192,8 +192,9 @@
     * [HTML Smuggling](redteam/se/phishing/html-smuggling.md)
     * [MS Office](redteam/se/phishing/ms-office.md)
 
-## Admin
+## Admin ⚙️
 
+* [Git](admin/git.md)
 * [Linux](admin/linux/README.md)
   - [Kali](admin/linux/kali.md)
 * [Networking](admin/networking/README.md)
@@ -206,10 +207,3 @@
   - [VirtualBox](admin/virtualization/virtualbox.md)
   - [VMWare](admin/virtualization/vmware.md)
 * [Windows](admin/windows.md)
-
-## Dev
-
-* [C / C++](dev/c-cpp.md)
-* [Git](dev/git.md)
-* [Python](dev/python/README.md)
-  - [Code Snippets](dev/python/code-snippets.md)
diff --git a/dev/git.md → admin/git.md b/dev/git.md → admin/git.md
diff --git a/dev/c-cpp.md b/dev/c-cpp.md
diff --git a/dev/python/code-snippets.md b/dev/python/code-snippets.md
diff --git a/redteam/maldev/README.md b/redteam/maldev/README.md
@@ -68,6 +68,73 @@ shellcode = (unsigned char*)malloc(shellcodeSize);
 memcpy(shellcode, scResourceData, shellcodeSize);
 ```
 
+An alternative way to get the nearest return address in current stack frame (besides [\_ReturnAddress](https://docs.microsoft.com/ru-ru/cpp/intrinsics/returnaddress?view=msvc-170) and [\_AddressOfReturnAddress](https://docs.microsoft.com/ru-ru/cpp/intrinsics/addressofreturnaddress?view=msvc-170)) without manually walking the stack:
+
+{% code title="retaddr.cpp" %}
+```cpp
+#include <intrin.h>
+#include <windows.h>
+#include <iostream>
+#include <sstream>
+#include <iomanip>
+
+// https://github.com/mgeeky/ThreadStackSpoofer/blob/f67caea38a7acdb526eae3aac7c451a08edef6a9/ThreadStackSpoofer/header.h#L38-L45
+template<class... Args>
+void log(Args... args)
+{
+    std::stringstream oss;
+    (oss << ... << args);
+    std::cout << oss.str() << std::endl;
+}
+
+// https://github.com/mgeeky/ThreadStackSpoofer/blob/f67caea38a7acdb526eae3aac7c451a08edef6a9/ThreadStackSpoofer/main.cpp#L13-L14
+void addressOfReturnAddress() {
+    auto pRetAddr = (PULONG_PTR)_AddressOfReturnAddress(); // https://doxygen.reactos.org/d6/d8c/intrin__ppc_8h_source.html#l00040
+    log("Original return address via _AddressOfReturnAddress: 0x", std::hex, std::setw(8), std::setfill('0'), *pRetAddr);
+}
+
+// https://stackoverflow.com/a/1334586/6253579
+void rtlCaptureStackBackTrace() {
+    typedef USHORT(WINAPI* CaptureStackBackTraceType)(__in ULONG, __in ULONG, __out PVOID*, __out_opt PULONG);
+    CaptureStackBackTraceType RtlCaptureStackBackTrace = (CaptureStackBackTraceType)(GetProcAddress(LoadLibrary("ntdll.dll"), "RtlCaptureStackBackTrace"));
+
+    void* callers[2] = { NULL };
+    int count = (RtlCaptureStackBackTrace)(1, 2, callers, NULL);
+    log("Original return address via RtlCaptureStackBackTrace: 0x", std::hex, std::setw(8), std::setfill('0'), (DWORD64)callers[0]);
+}
+
+int main(int argc, char** argv)
+{
+    addressOfReturnAddress();
+    rtlCaptureStackBackTrace();
+    return 0;
+}
+```
+{% endcode %}
+
+
+
+### Python
+
+Run OS command:
+
+{% code title="runCmd.py" %}
+```python
+import subprocess, shlex
+
+def run_command(command):
+	process = subprocess.Popen(shlex.split(command), stdout=subprocess.PIPE)
+	while True:
+		output = process.stdout.readline().decode()
+		if output == '' and process.poll() is not None:
+			break
+		if output:
+			print(output.strip())
+	res = process.poll()
+	return res
+```
+{% endcode %}
+