Jump to content


  • Posts

  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

9o3's Achievements

  1. As of now, most payloads simply remove the entire RunMRU history. This however may be noticed by a user that regularly uses the run dialog. Instead removing just the last entry can be done like so: #Remove latest run entry $p="HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU";$m="MRUList";$l=(gp $p).$m;rp $p $l[0];sp $p $m $l.SubString(1); Let's break it down: First we grab a list of all entries in RunMRU MRUList: $l=(gp $p).$m After this we remove the last entry by its key: rp $p $l[0] Finally we update the MRUList to omit the remove key: sp $p $m $l.SubString(1) gp -> Get-ItemProperty rp -> Remove-ItemProperty sp -> Set-ItemProperty I hope this can be useful to some of you. ~9o3 P.s. I shortened the snippet as much as possible, however it's still a good idea to include this in a second stage if possible.
  2. Hi Hitem, First off awesome that you also made a BB payload for the SeriousSAM vulnerability! If I had known you were also working on it I wouldn't have submitted my own payload. My apologies for that. I look forward to seeing what other payloads you'll create. ~9o3
  3. Hi, I'm 9o3. I am a Solution Architect, Bug bounty hunter, programmer, and most of all a cyber security enthusiast. I love finding edge cases and finding ways to make machines do things they aren't supposed to. I look forward to getting to know all of you 🙂
  • Create New...