Skip to content

Instantly share code, notes, and snippets.

DiabloHorn DiabloHorn

Block or report user

Report or block DiabloHorn

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@DiabloHorn
DiabloHorn / gdb-session.fish
Created Apr 23, 2019 — forked from logc/gdb-session.fish
How to add a new structure to a GDB session
View gdb-session.fish
❯ gcc -g minimal.c -o minimal
❯ sudo gdb minimal
Password:
(gdb) break main
Breakpoint 1 at 0x100000f90: file minimal.c, line 3.
(gdb) run
Starting program: /private/tmp/c-repl/minimal
@DiabloHorn
DiabloHorn / mass_analysis_jar.sh
Created Jun 11, 2018
Decompile multiple jar files for analysis
View mass_analysis_jar.sh
#!/bin/bash
#DiabloHorn - https://diablohorn.com
#easy opengrok analysis of all decompiled source
# sudo docker run -v /home/me/Desktop/libanalysis/srces:/src -p 9000:8080 itszero/opengrok
# http://localhost:9000/source/
OUTPUTDIR="srces"
DECOMPATH="/home/me/tools/javadecomp"
DECOMBIN="cfr_0_130.jar"
@DiabloHorn
DiabloHorn / whitelist_finder.py
Created Feb 18, 2018
Identify whitelisted IP addresses using spoofing techniques in conjunction with arp poisoning
View whitelist_finder.py
#!/usr/bin/env python
#DiabloHorn - https://diablohorn.com
#Find whitelisted IP addresses on a network & application level
import sys
import logging
import threading
import argparse
from scapy.all import *
@DiabloHorn
DiabloHorn / ChangePassword.java
Created Jan 23, 2018 — forked from zach-klippenstein/ChangePassword.java
The keystore password on Java keystore files is utterly pointless. You can reset it without knowing it, as shown by this code. Note that private keys are still secure, as far as I know. The JKS implementation is copyright Casey Marshall (rsdio@metastatic.org), and the original source is available at http://metastatic.org/source/JKS.java. I've in…
View ChangePassword.java
import java.util.*;
import java.io.*;
import java.security.*;
public class ChangePassword
{
private final static JKS j = new JKS();
public static void main(String[] args) throws Exception
{
View file_processor.py
#!/usr/bin/env python
#DiabloHorn - https://diablohorn.com
import sys
import os
import csv
import argparse
import shutil
try:
import magic
@DiabloHorn
DiabloHorn / Makefile.target
Created Dec 12, 2017
Reference files to expose a QEMU guest memory
View Makefile.target
# -*- Mode: makefile -*-
BUILD_DIR?=$(CURDIR)/..
include ../config-host.mak
include config-target.mak
include config-devices.mak
include $(SRC_PATH)/rules.mak
$(call set-vpath, $(SRC_PATH):$(BUILD_DIR))
@DiabloHorn
DiabloHorn / pe-aware-split.py
Created Nov 12, 2017
Split file while preserving PE format
View pe-aware-split.py
#!/usr/bin/env python
# DiabloHorn https://diablohorn.com
# blank out bytes taking into account the PE file format
# input file: base64 malware.exe | rev > enc.txt
import sys
import os
#pip install pefile
import pefile
import argparse
import logging
@DiabloHorn
DiabloHorn / ipless-scan.py
Created Oct 26, 2017
Perform a port scan without having an IP configured on your network interface
View ipless-scan.py
#!/usr/bin/env python
# DiabloHorn - https://diablohorn.com
# scan target IP from an interface with no IP configured
# POC - scapy
# pkt = Ether(dst='00:0c:29:f6:a5:65',src='00:08:19:2c:e0:15') / IP(dst='172.16.218.178',src='172.16.218.255') / TCP(dport=445,flags='S')
# sendp(pkt,iface='eth0')
import sys
from scapy.all import *
@DiabloHorn
DiabloHorn / ManualPayloadGenerate.java
Created Sep 9, 2017
Java class to generate a Groovy serialized payload
View ManualPayloadGenerate.java
/*
DiabloHorn - https://diablohorn.com
For learning purposes we build the groovy payload ourselves instead of using
ysoserial. This helps us better understand the chain and the mechanisms
involved in exploiting this bug.
compile with:
javac -cp <path to groovy lib> ManualPayloadGenerate.java
Example:
javac -cp DeserLab/DeserLab-v1.0/lib/groovy-all-2.3.9.jar ManualPayloadGenerate.java
@DiabloHorn
DiabloHorn / deserlab_exploit.py
Created Sep 9, 2017
Exploit for the DeserLab vulnerable implementation
View deserlab_exploit.py
#!/usr/bin/env python
"""
DiabloHorn - https://diablohorn.com
References
https://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/
https://deadcode.me/blog/2016/09/02/Blind-Java-Deserialization-Commons-Gadgets.html
https://deadcode.me/blog/2016/09/18/Blind-Java-Deserialization-Part-II.html
http://gursevkalra.blogspot.nl/2016/01/ysoserial-commonscollections1-exploit.html
https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
https://www.slideshare.net/codewhitesec/exploiting-deserialization-vulnerabilities-in-java-54707478
You can’t perform that action at this time.