Skip to content

Instantly share code, notes, and snippets.

View clr2of8's full-sized avatar

Carrie Roberts clr2of8

286 followers · 0 following
View GitHub Profile
@clr2of8
clr2of8 / test1.txt
Created November 13, 2018 21:18
test1
test
@clr2of8
clr2of8 / index1.html
Created November 13, 2018 21:21
index1.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Hello World!</title>
</head>
<body>
Hello World!
<script>alert(1)</script>
</body>
@clr2of8
clr2of8 / testcc.js
Created November 13, 2018 21:39
testcc
var webSocketDebuggerUrl;
var port = 9666;
var request = new XMLHttpRequest();
request.open("GET", "http://localhost:" + port + "/json");
request.responseType = 'json';
request.send();
request.onload = function() {
webSocketDebuggerUrl = request.response[0].webSocketDebuggerUrl;
console.log(webSocketDebuggerUrl);
@clr2of8
clr2of8 / Various-Macro-Based-RCEs.md
Created March 14, 2019 14:59 — forked from mgeeky/Various-Macro-Based-RCEs.md
Various Visual Basic Macros-based Remote Code Execution techniques to get your meterpreter invoked on the infected machine.

This is a note for myself describing various Visual Basic macros construction strategies that could be used for remote code execution via malicious Document vector. Nothing new or fancy here, just a list of techniques, tools and scripts collected in one place for a quick glimpse of an eye before setting a payload.

All of the below examples had been generated for using as a remote address: 192.168.56.101.

List:

  1. Page substiution macro for luring user to click Enable Content
  2. The Unicorn Powershell based payload
@clr2of8
clr2of8 / rtf_with_multiple_embedded_docs
Created May 31, 2019 14:53
rule rtf_with_multiple_embedded_docs
{
meta:
description = "RTF file with multiple embedded macro-enabled documents"
weight = 90
author = "Walmart Information Security"
date = "2019-03-14"
strings:
// Headers of files to look for
@clr2of8
clr2of8 / rtf_with_embedded_macro_enabled_office_document
Last active May 31, 2019 17:00
rule rtf_with_embedded_macro_enabled_office_document
{
meta:
description = "RTF file with multiple embedded macro-enabled documents"
weight = 90
author = "Walmart Information Security"
date = "2019-03-14"
strings:
// Headers of files to look for
@clr2of8
clr2of8 / groupenumeration.ps1
Created January 8, 2020 14:59 — forked from joswr1ght/groupenumeration.ps1
Create a Collection of Files for Windows Domain Groups with User Members in Each File
Get-AdGroup -Filter * | % { Get-AdGroupMember $_.Name | Select-Object -ExpandProperty SamAccountName | Out-File -FilePath "$($_.Name).txt" -Encoding ASCII }
@clr2of8
clr2of8 / test.bat
Created April 18, 2020 13:55
# comment
dir
@clr2of8
clr2of8 / mt_path-normalization.bat
Last active April 19, 2020 01:42
REM Path Normalization (spaces and single trailing periods are removed, forward slashes changed to backslashes)
c:\Windows.\System32.\notepad.exe
"c:\Windows\System32 \notepad.exe"
c:/Windows/System32\notepad.exe
//.\c:\Windows/System32/notepad.exe
"c:\Windows.\System32. . ./notepad.exe"
@clr2of8
clr2of8 / mt_fully-qualified-DOS-paths.bat
Last active April 19, 2020 01:45
REM Fully Qualified DOS Paths (begins with a drive letter, a volume separator, and a component separator)
c:\Windows\System32\notepad.exe
REM Environment Variables
%SystemRoot%\System32\notepad.exe
%HomeDrive%Windows\System32\notepad.exe