setup variables for commands
echo -e "\n
export image=redroid/redroid:11.0.0-amd64
export image_tar=${HOME}/redroid:11.0.0-amd64" >> ${HOME}/.bashrc
source ${HOME}/.bashrc
MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).
The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).
Here are the steps to build a Proof-of-Concept docx:
- Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.
/* | |
RunPE for x64 - classic RunPE for 64-bit executables | |
Copyright (C) 2020 Valentin-Gabriel Radu | |
This program is free software; you can redistribute it and/or modify | |
it under the terms of the GNU General Public License as published by | |
the Free Software Foundation; either version 2 of the License, or | |
(at your option) any later version. | |
This program is distributed in the hope that it will be useful, |
const simulated_latitude = 48.8534 | |
const simulated_longitude = 2.3488 | |
Java.perform(function(){ | |
const Location = Java.use('android.location.Location') | |
var location = Location.$new("gps") | |
location.setLatitude(simulated_latitude) | |
location.setLongitude(simulated_longitude) |
This is my guide for a successful PCI-Passthrough from Linux (Arch Linux) to QEMU/KVM via virt-manager and libvirtd into a Windows 10 Home guest.
NOTE: This is a guide for Intel only. I do not own an AMD machine, and will not add AMD information this guide until such time that I do, which could be never.
Device Type | Device |
---|---|
CPU | Intel Core i7 7700K Quad-Core, Hyperthreading |
Motherboard | Gigabyte Z270X-Gaming 5 |
Filter | Description | Example |
---|---|---|
allintext | Searches for occurrences of all the keywords given. | allintext:"keyword" |
intext | Searches for the occurrences of keywords all at once or one at a time. | intext:"keyword" |
inurl | Searches for a URL matching one of the keywords. | inurl:"keyword" |
allinurl | Searches for a URL matching all the keywords in the query. | allinurl:"keyword" |
intitle | Searches for occurrences of keywords in title all or one. | intitle:"keyword" |
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
Annoyingly, you can't click these links in this gist because github doesnt recognize them as actual valid links. You cant paste it into a browser address bar either, so create a bookmark with the link and then click that!
Opens Minecraft in Edu Mode. This is the real Education Edition!
Link: minecraft:?edu=1