Ohhhh damn how did I not realize the zero width space would be so useful there. Very well done.
-
-
Replying to @0xdade @MalwareTechBlog
Haha, that obfuscation trick worked on you, so no doubting
You can try to copy this if twitter doesn't mangle it: http://bit.ly \\?\C:\Users\dade\Downloads\exploit.bat:2 replies 2 retweets 15 likes -
Replying to @taviso @MalwareTechBlog
Yup okay that replicates it. That's sneaky and awesome.
1 reply 0 retweets 6 likes -
1 reply 5 retweets 15 likes
-
Replying to @0xdade @MalwareTechBlog
Okay, how about this one (hxxp to avoid twitter munging, http works in Zoom): \\?\hxxp://youtube.com/watch?v=123124124&title=ZXhwbG9pdAo=\..\..\..\..\Users\dade\Docume~1\exploit.bat I should have been a phisher
4 replies 9 retweets 31 likes -
Replying to @taviso @MalwareTechBlog
This one is really good. Can click anywhere and it triggers, amazing.pic.twitter.com/qxRkdlbTLs
4 replies 5 retweets 22 likes -
-
Payload available here:https://gist.github.com/pwnsdx/4622e18a4ffbb315bc30fbd75e8e97ec …
4 replies 37 retweets 62 likes -
Within confid base64 "type" param can be replaced by dropbox to make it look like it come from Dropbox also thumbnailUrl can also be tweaked to display a custom icon
2 replies 1 retweet 9 likes -
Have you tried clicking one of these from a different computer? It doesn't work the way you expect it to. There's a download button, it's not one click. It prompts you where to save it. Then you can choose to open it.
2 replies 0 retweets 0 likes
That demo worked for me, fwiw.
-
-
Oh yeah, I was testing file upload which produces a nearly identical looking box so I got confused. The zoommeeting link worked perfectly for me, both on the computer I ran the link from as well as a secondary computer. Really clean.
0 replies 1 retweet 3 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
