Skip to content

Instantly share code, notes, and snippets.

View nevermoe's full-sized avatar

nevermoe

181 followers · 61 following
View GitHub Profile
@tothi
tothi / ms-msdt.MD
Last active April 18, 2024 02:22
The MS-MSDT 0-day Office RCE Proof-of-Concept Payload Building Process

MS-MSDT 0-day Office RCE

MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).

The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).

Here are the steps to build a Proof-of-Concept docx:

  1. Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.
@klmitchell2
klmitchell2 / gist:536bce0cec94d24a5799ba3b17499b54
Last active October 10, 2018 05:32
bfinject
#!/jb/bin/bash
CYCRIPT_PORT=1337
function help {
echo "Syntax: $0 [-p PID | -P appname] [-l /path/to/yourdylib | -L feature]"
echo
echo For example:
echo " $0 -P Reddit.app -l /path/to/evil.dylib # Injects evil.dylib into the Reddit app"
echo " or"
@liantian-cn
liantian-cn / Engine.ini
Created October 25, 2017 07:36
Engine.ini
[/Script/Engine.RendererSettings]
grass.DiscardDataOnLoad=1
r.DefaultFeature.Bloom=False
r.ReflectionEnvironment=0
r.DefaultFeature.AmbientOcclusion=False
r.DefaultFeature.AmbientOcclusionStaticFraction=False
r.DefaultFeature.AutoExposure=False
r.DefaultFeature.MotionBlur=0
r.DefaultFeature.LensFlare=0
r.AmbientOcclusionLevels=0
@fate0
fate0 / pymarshal.py
Last active August 11, 2023 08:55
onmyoji: test
import types
import cStringIO
TYPE_NULL = '0'
TYPE_NONE = 'N'
TYPE_FALSE = 'F'
TYPE_TRUE = 'T'
TYPE_STOPITER = 'S'
TYPE_ELLIPSIS = '.'
TYPE_INT = 'i'
@youfoundron
youfoundron / lldb-basics.md
Created November 17, 2016 18:45
lldb basics

#LLDB Basics A basic overview of lldb for personal reference.
Official documentation can be found here here.

##Command Structure General syntax

<noun> <verb> [-options [option-value]] [argument [argument...]]
@otms61
otms61 / hotp.py
Last active September 3, 2018 05:55
A command-line tool for google authenticator verify code.
import hashlib
import hmac
import time
import struct
import base64
def compute_code(key):
t = int(time.time())
ts = t / 30
@st4g3r
st4g3r / house_of_einherjar.c
Last active July 28, 2021 22:46
Demonstration of House of Einherjar
/*
* Author: @st4g3r
* This is a PoC for House of Einherjar on x64 Linux.
*
* gcc -Wall -o house_of_einherjar house_of_einherjar.c
*
*/
#include <stdio.h>
#include <stdlib.h>
@CMCDragonkai
CMCDragonkai / memory_layout.md
Last active April 28, 2024 18:50
Linux: Understanding the Memory Layout of Linux Executables

Understanding the Memory Layout of Linux Executables

Required tools for playing around with memory:

  • hexdump
  • objdump
  • readelf
  • xxd
  • gcore
@akiym
akiym / online-ctf.md
Created September 11, 2014 15:55
オンラインCTFまとめ
@ozh
ozh / gist:4032945
Created November 7, 2012 16:57
Change committer name in git
git filter-branch --commit-filter '
if [ "$GIT_COMMITTER_NAME" = "<Old Name>" ];
then
GIT_COMMITTER_NAME="<New Name>";
GIT_AUTHOR_NAME="<New Name>";
GIT_COMMITTER_EMAIL="<New Email>";
GIT_AUTHOR_EMAIL="<New Email>";
git commit-tree "$@";
else
git commit-tree "$@";