| #include <idc.idc> | |
| static FuncDump(f, start) | |
| { | |
| auto ea, str, count, ref; | |
| auto end; | |
| auto teststr; | |
| ea = start; |
| import hmac, hashlib | |
| # Data from I²C trace at https://hackaday.io/project/19480-raspberry-pi-camera-v21-reversed/log/52547-i2c-logic-analyzer-trace | |
| # Secret key from VideoCore blob | |
| # serial[8], serial[7:4], serial[3:0] | |
| serial = bytes.fromhex("EE8C196D8301230B59") | |
| # rPi -> camera random number | |
| numIn = bytes.fromhex("5805F3C898C3133154498E082F2E703516F2DBD1") |
| ''' | |
| Title: SSHtranger Things | |
| Author: Mark E. Haase <mhaase@hyperiongray.com> | |
| Homepage: https://www.hyperiongray.com | |
| Date: 2019-01-17 | |
| CVE: CVE-2019-6111, CVE-2019-6110 | |
| Advisory: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt | |
| Tested on: Ubuntu 18.04.1 LTS, OpenSSH client 7.6p1 | |
| We have nicknamed this "SSHtranger Things" because the bug is so old it could be |
| #!/usr/bin/python | |
| import sys, json, urllib, urllib2 | |
| #Define the Bloodhound Database | |
| url = 'http://bloodhound-server:7474/db/data/cypher/' | |
| #Define the Bloodhound Credentials | |
| #echo neo4j:bloodhound | base64 | |
| base64auth = 'bmVvNGo6Ymxvb2Rob3VuZA==' | |
| request = urllib2.Request(url) |
| import requests | |
| import sys | |
| from bs4 import BeautifulSoup | |
| import json | |
| import re | |
| def sanitize_data(data): | |
| return data.replace('\r\n', '').replace('\n', '').replace(' ', '').replace(' ', '') | |
| if len(sys.argv) < 2: |
| """ | |
| Tomcat bruteforce | |
| Author: @itsecurityco | |
| """ | |
| import os | |
| import sys | |
| import getopt | |
| import base64 | |
| import requests |
| #!/usr/bin/perl -w | |
| # iterate over each file | |
| foreach $y (@ARGV) | |
| { | |
| open FH, $y; | |
| while ($x = <FH>) |
credit: @GossiTheDog: "If you want to setup FUZZBUNCH (the Equation exploit framework) you need Win7 VM + Python 2.6 + Pywin 2.6, then python fb.py for shell"
h/t @x0rz @DEYCrypt @hackerfantastic
context: https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation
writeup: https://www.trustedsec.com/blog/equation-group-dump-analysis-full-rce-win7-fully-patched-cobalt-strike/
decrypted files: https://github.com/x0rz/EQGRP_Lost_in_Translation
| first, create a bash script, put this in it. | |
| #!/bin/bash | |
| while IFS='' read -r line || [[ -n "$line" ]]; do | |
| curl --user-agent "$line" <the url you want to troll> | |
| done < "$1" | |
| Name it something dumb. logshove.sh | |
| Next create a file with no url-encodable chars. Make sure every line is the same length. don't use spaces. I used periods. |
| <?php | |
| /* | |
| Updated version, 2016-12-02: fixed shellcode so it *actually* works on QEMU | |
| usermode emulation (seems I pushed an old version), and removed debug output. | |
| ------------------------- | |
| NB: THIS PoC ONLY WORKS IN QEMU USERMODE EMULATION! | |
| If anyone wants to fix this, go ahead (no pun intended). | |
| However, I don't have a vulnerable product and am unwilling to acquire one. |
