Skip to content

Instantly share code, notes, and snippets.

@PowerPress
PowerPress / TypeClipboard.md
Created Apr 1, 2021 — forked from ethack/TypeClipboard.md
Scripts that simulate typing the clipboard contents. Useful when pasting is not allowed.
View TypeClipboard.md

It "types" the contents of the clipboard.

Why can't you just paste the contents you ask? Sometimes pasting just doesn't work.

  • One example is in system password fields on OSX.
  • Sometimes you're working in a VM and the clipboard isn't shared.
  • Other times you're working via Remote Desktop and again, the clipboard doesn't work in password boxes such as the system login prompts.
  • Connected via RDP and clipboard sharing is disabled and so is mounting of local drives. If the system doesn't have internet access there's no easy way to get things like payloads or Powershell scripts onto it... until now.

Windows

The Windows version is written in AutoHotKey and easily compiles to an executable. It's a single line script that maps Ctrl-Shift-V to type the clipboard.

View RDP_Eavesdropping_Hijacking
RDP Eavesdropping and Hijacking
*******************************
I spent some time this evening looking at ways to eavesdrop and hijack RDP sessions. Here is a gist of (semi) interesting findings
that is not very new...
===========
Inspiration
===========
As you may already know...
@PowerPress
PowerPress / Various-Macro-Based-RCEs.md
Last active Dec 29, 2020 — forked from mgeeky/Various-Macro-Based-RCEs.md
Various Visual Basic Macros-based Remote Code Execution techniques to get your meterpreter invoked on the infected machine.
View Various-Macro-Based-RCEs.md

This is a note for myself describing various Visual Basic macros construction strategies that could be used for remote code execution via malicious Document vector. Nothing new or fancy here, just a list of techniques, tools and scripts collected in one place for a quick glimpse of an eye before setting a payload.

All of the below examples had been generated for using as a remote address: 192.168.56.101.

List:

  1. Page substiution macro for luring user to click Enable Content
  2. The Unicorn Powershell based payload