Skip to content

Instantly share code, notes, and snippets.

View swtornio's full-sized avatar

Steve Tornio swtornio

44 followers · 60 following
View GitHub Profile
@swtornio
swtornio / nmap-http-url.py
Created April 28, 2022 23:29 — forked from tothi/nmap-http-url.py
Generate HTTP URLs from Nmap XML (and optionally use VirtualHosts)
#!/usr/bin/env python3
#
# inputs: nmap.xml (nmap scan xml output), subdomains.csv (optional virtualhost info, hostname + ip address csv file)
# output: url listing (useful for tools like EyeWitness)
#
# sample usage: ./nmap-http-url.py nmap.xml subdomains.csv | sort -u | gowitness file -f -
#
description = '''
Generate HTTP URLs from Nmap XML (and optionally additional VirtualHost listing, taken from e.g. subdomain enumeration).
@swtornio
swtornio / boilerplate.py
Created May 13, 2022 11:47 — forked from notareverser/boilerplate.py
Boilerplate Python script
#!/usr/bin/env python3
import argparse
import sys
import json
import logging
@swtornio
swtornio / ms-msdt.MD
Created May 31, 2022 12:04 — forked from tothi/ms-msdt.MD
The MS-MSDT 0-day Office RCE Proof-of-Concept Payload Building Process

MS-MSDT 0-day Office RCE

MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).

The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).

Here are the steps to build a Proof-of-Concept docx:

  1. Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.
@swtornio
swtornio / gist:fa9e6984a4619344db6e986527512ee7
Created December 8, 2022 22:09 — forked from jaredsburrows/gist:9e121d2e5f1147ab12a696cf548b90b0
full English translation of Phineas Fisher's account of how he took down HackingTeam - https://www.reddit.com/r/netsec/comments/4f3e6p/full_english_translation_of_phineas_fishers/
_ _ _ ____ _ _
| | | | __ _ ___| | __ | __ ) __ _ ___| | _| |
| |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / |
| _ | (_| | (__| < | |_) | (_| | (__| <|_|
|_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_)
A DIY Guide
@swtornio
swtornio / 2serv.py
Created February 15, 2023 19:29 — forked from phrawzty/2serv.py
simple python http server to dump request headers
#!/usr/bin/env python2
import SimpleHTTPServer
import SocketServer
import logging
PORT = 8000
class GetHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
@swtornio
swtornio / DInjectQueuerAPC.cs
Created September 13, 2024 15:24 — forked from jfmaes/DInjectQueuerAPC.cs
.NET Process injection in a new process with QueueUserAPC using D/invoke - compatible with gadgettojscript
using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
namespace DinjectorWithQUserAPC
{
public class Program
@swtornio
swtornio / install.sh
Created October 14, 2024 14:01 — forked from ikr4-m/install.sh
Hyper-V Enhanced Session for Debian
#!/bin/sh
# This script based on linux-vm-tools for Ubuntu 22.02.
# Thanks to https://github.com/Hinara/linux-vm-tools/ to script
# This script is for Ubuntu 22.04 Jammy Jellyfish to download and install XRDP+XORGXRDP via
# source.
#
# Major thanks to: http://c-nergy.be/blog/?p=11336 for the tips.
#