DiabloHorn DiabloHorn
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| #DiabloHorn https://diablohorn.com | |
| #raw python pcap creater | |
| #based on | |
| # http://askldjd.com/2014/01/15/a-reasonably-fast-python-ip-sniffer/ | |
| #additional references | |
| # http://www.kanadas.com/program-e/2014/08/raw_socket_communication_on_li.html | |
| import sys | |
| import time |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| DiabloHorn - https://diablohorn.com | |
| POC client on 'infected' machines to receive injected packets | |
| intended to bypass IP whitelisting | |
| """ | |
| import sys | |
| import time | |
| import socket | |
| from threading import Thread |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| DiabloHorn - https://diablohorn.com | |
| POC server to inject packets towards 'infected' machine | |
| intended to bypass IP whitelisting | |
| """ | |
| import time | |
| import socket | |
| from scapy.all import * |
DiabloHorn
/ xprotect-brute.py
Created
August 13, 2017 18:26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| DiabloHorn - https://diablohorn.com | |
| Brute force the Milestone XProtect Web Client interface | |
| python xprotect-brute.py http://127.0.0.1:8081/XProtectMobile/Communication --userlist u.txt --pwdlist p.txt --httpproxy http://127.0.0.1:9090 | |
| """ | |
| import sys | |
| import base64 | |
| import argparse |
DiabloHorn
/ xprotect-brute-js.user.js
Created
August 14, 2017 23:37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ==UserScript== | |
| // @name xprotect-brute-js | |
| // @namespace ns-xprotect-brute-js | |
| // @description Brute force Milestone XProtect Web Client | |
| // @include http://localhost:8081/index.html | |
| // @version 1 | |
| // @grant none | |
| // ==/UserScript== | |
| //DiabloHorn - https://diablohorn.com | |
| var foundcreds = 0; |
DiabloHorn
/ deserlab_exploit.py
Created
September 9, 2017 18:37
Exploit for the DeserLab vulnerable implementation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| DiabloHorn - https://diablohorn.com | |
| References | |
| https://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/ | |
| https://deadcode.me/blog/2016/09/02/Blind-Java-Deserialization-Commons-Gadgets.html | |
| https://deadcode.me/blog/2016/09/18/Blind-Java-Deserialization-Part-II.html | |
| http://gursevkalra.blogspot.nl/2016/01/ysoserial-commonscollections1-exploit.html | |
| https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ | |
| https://www.slideshare.net/codewhitesec/exploiting-deserialization-vulnerabilities-in-java-54707478 |
DiabloHorn
/ ManualPayloadGenerate.java
Created
September 9, 2017 18:46
Java class to generate a Groovy serialized payload
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| DiabloHorn - https://diablohorn.com | |
| For learning purposes we build the groovy payload ourselves instead of using | |
| ysoserial. This helps us better understand the chain and the mechanisms | |
| involved in exploiting this bug. | |
| compile with: | |
| javac -cp <path to groovy lib> ManualPayloadGenerate.java | |
| Example: | |
| javac -cp DeserLab/DeserLab-v1.0/lib/groovy-all-2.3.9.jar ManualPayloadGenerate.java |
DiabloHorn
/ ipless-scan.py
Created
October 26, 2017 21:41
Perform a port scan without having an IP configured on your network interface
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # DiabloHorn - https://diablohorn.com | |
| # scan target IP from an interface with no IP configured | |
| # POC - scapy | |
| # pkt = Ether(dst='00:0c:29:f6:a5:65',src='00:08:19:2c:e0:15') / IP(dst='172.16.218.178',src='172.16.218.255') / TCP(dport=445,flags='S') | |
| # sendp(pkt,iface='eth0') | |
| import sys | |
| from scapy.all import * |
DiabloHorn
/ pe-aware-split.py
Created
November 12, 2017 17:47
Split file while preserving PE format
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # DiabloHorn https://diablohorn.com | |
| # blank out bytes taking into account the PE file format | |
| # input file: base64 malware.exe | rev > enc.txt | |
| import sys | |
| import os | |
| #pip install pefile | |
| import pefile | |
| import argparse | |
| import logging |
DiabloHorn
/ Makefile.target
Created
December 12, 2017 19:12
Reference files to expose a QEMU guest memory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- Mode: makefile -*- | |
| BUILD_DIR?=$(CURDIR)/.. | |
| include ../config-host.mak | |
| include config-target.mak | |
| include config-devices.mak | |
| include $(SRC_PATH)/rules.mak | |
| $(call set-vpath, $(SRC_PATH):$(BUILD_DIR)) |
OlderNewer