Skip to content

Instantly share code, notes, and snippets.

@tothi
tothi / ms-msdt.MD
Last active September 29, 2024 08:10
The MS-MSDT 0-day Office RCE Proof-of-Concept Payload Building Process

MS-MSDT 0-day Office RCE

MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).

The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).

Here are the steps to build a Proof-of-Concept docx:

  1. Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.
@ustayready
ustayready / spoof.py
Created April 13, 2022 13:22
Simple unfinished SMTP spoof script for use with Office365 DirectSend SmartHosts
import smtplib
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email.mime.base import MIMEBase
from email import encoders
import ssl
import email
import argparse
@sbinlondon
sbinlondon / synthwaveglow.md
Last active October 12, 2024 17:10
Get the synth wave glow theme working for VS Code on Mac

Get the synth wave glow working for VS Code on Mac

These notes are pretty much the same steps as the two extensions list, it's just that I had to collate them together because neither seems to list it fully in the proper order.

  1. Install Synthwave ’84/Synthwave + Fluoromachine theme on VS Code (I used the Fluoromachine one)

  2. Install Custom CSS and JS Loader

  3. Command + Shift + P to open command palette > "Preferences: Open settings (JSON)"

@Ardillo
Ardillo / js
Created December 17, 2019 22:37
window.setInterval(thanosify, 2000);
function thanosify(){
[].forEach.call(document.querySelectorAll('.player'), function (el) {
if (el.className.includes("me")) {
console.log(el)
} else {
el.style.visibility = 'hidden'
}
});}
@haproxytechblog
haproxytechblog / haproxy-config-2-1.cfg
Created December 2, 2019 23:22
HAProxy 2.1 Sample Config
#
# This is the ultimate HAProxy 2.0 "Getting Started" config
# It demonstrates many of the features available which are now available
# While you may not need all of these things, this can serve
# as a reference for your own configurations.
#
# Have questions? Check out our community Slack:
# https://slack.haproxy.org/
#
@JustinGrote
JustinGrote / Search-Giphy.ps1
Last active July 5, 2024 14:33
Get a random gif from Giphy. ***NOTE: Invoke-TerminalGif was moved to MSTerminalSettings module***
#requires -module msterminalsettings,threadjob
###QUICKSTART
#FIRST: Run this in your Powershell Windows Terminal: Install-Module threadjob,msterminalsettings -scope currentuser
#THEN: iex (iwr git.io/invoketerminalgif)
#THEN: Get-Help Search-Giphy -Examples
#THEN: Get-Help Invoke-TerminalGif -Examples
#THEN: Search-Giphy | Format-List -prop *
#THEN: Invoke-TerminalGif https://media.giphy.com/media/g9582DNuQppxC/giphy.gif
from fastapi import Security, Depends, FastAPI, HTTPException
from fastapi.security.api_key import APIKeyQuery, APIKeyCookie, APIKeyHeader, APIKey
from fastapi.openapi.docs import get_swagger_ui_html
from fastapi.openapi.utils import get_openapi
from starlette.status import HTTP_403_FORBIDDEN
from starlette.responses import RedirectResponse, JSONResponse
API_KEY = "1234567asdfgh"
API_KEY_NAME = "access_token"
magnet:?xt=urn:btih:827FBFFA925AF95BA20C7C0BA8D35807C1E31C75&dn=Combined_HaveIBeenPwnedWordlists.txt&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80%2fannounce&tr=udp%3a%2f%2ftracker.opentrackr.org%3a1337%2fannounce
@webash
webash / OrphanAdminSDHolder.ps1
Last active April 23, 2024 03:03
Detect and correct orphaned 'adminCount=1' users who are no longer in protected groups
<#
.SYNOPSIS
Detects Orphaned SD Admin users, resets admin count attribute and enables inheritable permissions
.Author
Alan.McBurney (+ Ashley Steel)
THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER.
alert('hello ' + document.location.href);