Skip to content

Instantly share code, notes, and snippets.

View morian's full-sized avatar

Mòrian morian

10 followers · 20 following
View GitHub Profile
@Lopi
Lopi / narnia output
Last active November 11, 2016 00:46
Learning pwntools via OverTheWire Narnia WarGame
-> % python solve_narnia.py
[+] Connecting to narnia.labs.overthewire.org on port 22: Done
[+] Downloading '/narnia/narnia0.c': Found '/games/narnia/narnia0.c' in ssh cache
[+] Downloading '/narnia/narnia0.c' to 'narnia0.c': Found '/games/narnia/narnia0.c' in ssh cache
[*] Displaying code momentarily...
/*
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
@ryhanson
ryhanson / ExcelXLL.md
Last active July 22, 2024 15:25
Execute a DLL via .xll files and the Excel.Application object's RegisterXLL() method

DLL Execution via Excel.Application RegisterXLL() method

A DLL can be loaded and executed via Excel by initializing the Excel.Application COM object and passing a DLL to the RegisterXLL method. The DLL path does not need to be local, it can also be a UNC path that points to a remote WebDAV server.

When delivering via WebDAV, it should be noted that the DLL is still written to disk but the dropped file is not the one loaded in to the process. This is the case for any file downloaded via WebDAV, and they are stored at: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\.

The RegisterXLL function expects an XLL add-in which is essentially a specially crafted DLL with specific exports. More info on XLL's can be found on MSDN

The XLL can also be executed by double-clicking the .xll file, however there is a security warning. @rxwx has more notes on this here inc