Skip to content

Instantly share code, notes, and snippets.

DiabloHorn DiabloHorn

Block or report user

Report or block DiabloHorn

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@DiabloHorn
DiabloHorn / pyrawcap.py
Created Mar 9, 2017
Python sniffer using only raw sockets
View pyrawcap.py
#!/usr/bin/env python
#DiabloHorn https://diablohorn.com
#raw python pcap creater
#based on
# http://askldjd.com/2014/01/15/a-reasonably-fast-python-ip-sniffer/
#additional references
# http://www.kanadas.com/program-e/2014/08/raw_socket_communication_on_li.html
import sys
import time
@DiabloHorn
DiabloHorn / poc_client.py
Created Apr 9, 2017
Client part of IP whitelist bypass POC
View poc_client.py
#!/usr/bin/env python
"""
DiabloHorn - https://diablohorn.com
POC client on 'infected' machines to receive injected packets
intended to bypass IP whitelisting
"""
import sys
import time
import socket
from threading import Thread
@DiabloHorn
DiabloHorn / poc_server.py
Created Apr 9, 2017
Server part of IP whitelist bypass POC
View poc_server.py
#!/usr/bin/env python
"""
DiabloHorn - https://diablohorn.com
POC server to inject packets towards 'infected' machine
intended to bypass IP whitelisting
"""
import time
import socket
from scapy.all import *
View xprotect-brute.py
#!/usr/bin/env python
"""
DiabloHorn - https://diablohorn.com
Brute force the Milestone XProtect Web Client interface
python xprotect-brute.py http://127.0.0.1:8081/XProtectMobile/Communication --userlist u.txt --pwdlist p.txt --httpproxy http://127.0.0.1:9090
"""
import sys
import base64
import argparse
View xprotect-brute-js.user.js
// ==UserScript==
// @name xprotect-brute-js
// @namespace ns-xprotect-brute-js
// @description Brute force Milestone XProtect Web Client
// @include http://localhost:8081/index.html
// @version 1
// @grant none
// ==/UserScript==
//DiabloHorn - https://diablohorn.com
var foundcreds = 0;
@DiabloHorn
DiabloHorn / deserlab_exploit.py
Created Sep 9, 2017
Exploit for the DeserLab vulnerable implementation
View deserlab_exploit.py
#!/usr/bin/env python
"""
DiabloHorn - https://diablohorn.com
References
https://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/
https://deadcode.me/blog/2016/09/02/Blind-Java-Deserialization-Commons-Gadgets.html
https://deadcode.me/blog/2016/09/18/Blind-Java-Deserialization-Part-II.html
http://gursevkalra.blogspot.nl/2016/01/ysoserial-commonscollections1-exploit.html
https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
https://www.slideshare.net/codewhitesec/exploiting-deserialization-vulnerabilities-in-java-54707478
@DiabloHorn
DiabloHorn / ManualPayloadGenerate.java
Created Sep 9, 2017
Java class to generate a Groovy serialized payload
View ManualPayloadGenerate.java
/*
DiabloHorn - https://diablohorn.com
For learning purposes we build the groovy payload ourselves instead of using
ysoserial. This helps us better understand the chain and the mechanisms
involved in exploiting this bug.
compile with:
javac -cp <path to groovy lib> ManualPayloadGenerate.java
Example:
javac -cp DeserLab/DeserLab-v1.0/lib/groovy-all-2.3.9.jar ManualPayloadGenerate.java
@DiabloHorn
DiabloHorn / ipless-scan.py
Created Oct 26, 2017
Perform a port scan without having an IP configured on your network interface
View ipless-scan.py
#!/usr/bin/env python
# DiabloHorn - https://diablohorn.com
# scan target IP from an interface with no IP configured
# POC - scapy
# pkt = Ether(dst='00:0c:29:f6:a5:65',src='00:08:19:2c:e0:15') / IP(dst='172.16.218.178',src='172.16.218.255') / TCP(dport=445,flags='S')
# sendp(pkt,iface='eth0')
import sys
from scapy.all import *
@DiabloHorn
DiabloHorn / pe-aware-split.py
Created Nov 12, 2017
Split file while preserving PE format
View pe-aware-split.py
#!/usr/bin/env python
# DiabloHorn https://diablohorn.com
# blank out bytes taking into account the PE file format
# input file: base64 malware.exe | rev > enc.txt
import sys
import os
#pip install pefile
import pefile
import argparse
import logging
@DiabloHorn
DiabloHorn / Makefile.target
Created Dec 12, 2017
Reference files to expose a QEMU guest memory
View Makefile.target
# -*- Mode: makefile -*-
BUILD_DIR?=$(CURDIR)/..
include ../config-host.mak
include config-target.mak
include config-devices.mak
include $(SRC_PATH)/rules.mak
$(call set-vpath, $(SRC_PATH):$(BUILD_DIR))
You can’t perform that action at this time.