# win32api-practice

**Repository Path**: delete_user/win32api-practice

## Basic Information

- **Project Name**: win32api-practice
- **Description**: Offensive tools written for practice purposes
- **Primary Language**: Unknown
- **License**: Not specified
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2021-01-24
- **Last Updated**: 2021-10-20

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

## List

+ JuicyPotato WebShell version, modified from [juicy-potato](https://github.com/ohpe/juicy-potato)
+ PrintSpoofer WebShell version, modified from [PrintSpoofer](https://github.com/itm4n/PrintSpoofer)
+ PrintSpoofer Reflective DLL version, via [ReflectiveDLLInjection](https://github.com/stephenfewer/ReflectiveDLLInjection)
+ WMIExec - invoke `WMI - Win32_Process::Create` to execute command on remote machine
+ KeyLogger - keyboard logger via Windows message hook
+ ArgumentSpoofer - spoof command line parameters, like `argue` command in CobaltStrike (version >= 3.13)
+ OXIDNicResolver - use native API to retrieve nic's network address from remote machine via RPC/135 without authentication
+ procdump - dump full(type 0x02) process memory via `MiniDumpWriteDump`(unhook if necessary)
+ dump-lsass-via-rpc-addssp - code from [xpn](https://gist.github.com/xpn/c7f6d15bf15750eae3ec349e7ec2380e), use `AddSecurityPackage` RPC call to add(inject) SSP DLL
+ DllHijackDigger - dig runtime dynamic linking DLL hijack automatically