This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
namespace DiabloHorn.PowerShell.ParseCommandLine | |
{ | |
/* | |
https://powershell.one/powershell-internals/parsing-and-tokenization/simple-tokenizer | |
https://learn.microsoft.com/en-us/powershell/scripting/developer/hosting/windows-powershell01-sample?view=powershell-7.4 | |
*/ | |
using System; | |
using System.Collections.ObjectModel; | |
//dotnet add package System.Management.Automation (inside folder with .csproj) | |
using System.Management.Automation; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
#DiabloHorn https://diablohorn.com | |
#raw python pcap creater | |
#based on | |
# http://askldjd.com/2014/01/15/a-reasonably-fast-python-ip-sniffer/ | |
#additional references | |
# http://www.kanadas.com/program-e/2014/08/raw_socket_communication_on_li.html | |
import sys | |
import time |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#DiabloHorn - https://diablohorn.com | |
#easy opengrok analysis of all decompiled source | |
# sudo docker run -v /home/me/Desktop/libanalysis/srces:/src -p 9000:8080 itszero/opengrok | |
# http://localhost:9000/source/ | |
OUTPUTDIR="srces" | |
DECOMPATH="/home/me/tools/javadecomp" | |
DECOMBIN="cfr_0_130.jar" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
""" | |
DiabloHorn - https://diablohorn.com | |
POC server to inject packets towards 'infected' machine | |
intended to bypass IP whitelisting | |
""" | |
import time | |
import socket | |
from scapy.all import * |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# DiabloHorn - https://diablohorn.com | |
# scan target IP from an interface with no IP configured | |
# POC - scapy | |
# pkt = Ether(dst='00:0c:29:f6:a5:65',src='00:08:19:2c:e0:15') / IP(dst='172.16.218.178',src='172.16.218.255') / TCP(dport=445,flags='S') | |
# sendp(pkt,iface='eth0') | |
import sys | |
from scapy.all import * |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Example minimalistic plugin framework | |
# https://www.guidodiepen.nl/2019/02/implementing-a-simple-plugin-framework-in-python/ | |
import logging | |
class BasePlugin(object): | |
""" | |
Example class just to remember about logging stuff | |
We want to override the default formatting of the main logger, | |
without removing it alltogether |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
""" | |
DiabloHorn - https://diablohorn.com | |
Brute force the Milestone XProtect Web Client interface | |
python xprotect-brute.py http://127.0.0.1:8081/XProtectMobile/Communication --userlist u.txt --pwdlist p.txt --httpproxy http://127.0.0.1:9090 | |
""" | |
import sys | |
import base64 | |
import argparse |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Thank you @donnymaasland for this file | |
# memo to self: | |
# sudo docker-compose up | |
version: "3" | |
services: | |
elasticsearch: | |
image: elasticsearch:7.6.2 | |
ports: | |
- 9200:9200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# DiabloHorn https://diablohorn.com | |
# blank out bytes taking into account the PE file format | |
# input file: base64 malware.exe | rev > enc.txt | |
import sys | |
import os | |
#pip install pefile | |
import pefile | |
import argparse | |
import logging |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
""" | |
DiabloHorn - https://diablohorn.com | |
References | |
https://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/ | |
https://deadcode.me/blog/2016/09/02/Blind-Java-Deserialization-Commons-Gadgets.html | |
https://deadcode.me/blog/2016/09/18/Blind-Java-Deserialization-Part-II.html | |
http://gursevkalra.blogspot.nl/2016/01/ysoserial-commonscollections1-exploit.html | |
https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ | |
https://www.slideshare.net/codewhitesec/exploiting-deserialization-vulnerabilities-in-java-54707478 |
NewerOlder