tothi
/ ms-msdt.MD
Last active
April 18, 2024 02:22
The MS-MSDT 0-day Office RCE Proof-of-Concept Payload Building Process
MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).
The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).
Here are the steps to build a Proof-of-Concept docx:
- Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.
jinschoi
/ create_sub.py
Last active
February 24, 2024 06:53
Python script to generate Flipper RAW .sub files from OOK bitstreams
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from typing import Iterable, Union, Any | |
| # freq: frequency in Hz | |
| # zerolen: length of space bit in μs | |
| # onelen: length of mark bit in μs | |
| # repeats: number of times to repeat sequence | |
| # pause: time to wait in μs between sequences | |
| # bits: string of ones and zeros to represent sequence |
jordanwiseman
/ obsidian-web-clipper.js
Last active
February 24, 2023 11:46
— forked from kepano/obsidian-web-clipper.js
Obsidian Web Clipper Bookmarklet to save articles and pages from the web (for Safari, Chrome, Firefox, and mobile browsers)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| javascript: Promise.all([import('https://unpkg.com/turndown@6.0.0?module'), import('https://unpkg.com/@tehshrike/readability@0.2.0'), ]).then(async ([{ | |
| default: Turndown | |
| }, { | |
| default: Readability | |
| }]) => { | |
| /* Optional vault name */ | |
| const vault = ""; | |
| /* Optional folder name such as "Clippings/" */ |
eshrinivasan
/ Check Angular or React Version from Browser
Last active
August 23, 2022 09:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Check angular version from browser | |
| 1. From Browser console: | |
| Newer angular version: | |
| — | |
| >> getAllAngularRootElements()[0].attributes["ng-version"]; | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| LONG SingleStepEncryptDecrypt(EXCEPTION_POINTERS* ExceptionInfo); | |
| typedef VOID(__stdcall* Shellcode)(); | |
| LPBYTE ShellcodeBuffer; | |
| ULONG_PTR PreviousOffset; | |
| ULONG_PTR CurrentOffset; | |
| ULONGLONG InstructionCount; | |
| DWORD dwOld; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This script can be used for malware samples that used Base64+RC4. | |
| # python3 rc4_decrypt.py <key> <base64-ciphertext> | |
| import codecs | |
| import base64 | |
| import sys | |
| key = sys.argv[1] | |
| c = base64.b64decode(sys.argv[2]) | |
| def KSA(key): |
xpn
/ dotnet_etw.c
Created
March 16, 2020 19:25
A demo of how to collect information on basic .NET events from ETW.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define AssemblyDCStart_V1 155 | |
| #define MethodLoadVerbose_V1 143 | |
| #include <windows.h> | |
| #include <stdio.h> | |
| #include <wbemidl.h> | |
| #include <wmistr.h> | |
| #include <evntrace.h> | |
| #include <Evntcons.h> |
ahhh
/ msfconsole.rc
Created
February 25, 2020 09:02
example msfconsole.rc from red team planning book
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| spool /root/.msf4/spool.log | |
| setg ConsoleLogging true | |
| setg verbose true | |
| setg LogLevel 5 | |
| setg SessionLogging true | |
| setg TimestampOutput true | |
| setg PromptTimeFormat %Y%m%d.%H%M%S%z | |
| setg PROMPT %T S:%S J:%J | |
| setg ExitOnSession false | |
| setg DisableCourtesyShell true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Android native hooks By @709924470 | |
| // CC-BY-NC 4.0 | |
| var moduleName = "libmain.so"; // Module name gose here | |
| var hookFunctions = [ | |
| { | |
| name: "Java_com_example_hellojni_getstr", // Function name goes here | |
| onEnter: function(args){ | |
| // TODO: your code here | |
| }, | |
| onLeave: function(ret){ |
NewerOlder