SeeFlowerX

#!/system/bin/sh

set -ex

ip rule del fwmark 666 table 666 || true
ip route del local 0.0.0.0/0 dev lo table 666 || true

iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F

tothi

MS-MSDT 0-day Office RCE

MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).

The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).

Here are the steps to build a Proof-of-Concept docx:

1. Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.

opastorello

> * Go to [hexed.it](https://hexed.it/)
> * Click "Open File" and choose your sublime_text.exe **(DON'T FORGET TO BACKUP YOUR EXE FILE)**
> * Go to Search and in "Search for" put: 80 78 05 00 0F 94 C1
> * In Search Type select "Enable replace" and put: 80 78 05 00 0F 94 C1
> * Click "Find next" then "Replace"
> * Do the same thing with: C6 40 05 01 48 85 C9 => C6 40 05 01 48 85 C9
> * Click "Save as" then name it: sublime_text
> * Copy your modified sublime_text.exe to directory Sublime Text

a740122

#!/bin/python
#
# Connects to a Wifi network
#

import os

def commandExists(command):
    def canExecute(file):
        return os.path.isfile(file) and os.access(file, os.X_OK)