DiabloHorn DiabloHorn
DiabloHorn
/ PSCmdLineParser.cs
Created
March 31, 2024 22:14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| namespace DiabloHorn.PowerShell.ParseCommandLine | |
| { | |
| /* | |
| https://powershell.one/powershell-internals/parsing-and-tokenization/simple-tokenizer | |
| https://learn.microsoft.com/en-us/powershell/scripting/developer/hosting/windows-powershell01-sample?view=powershell-7.4 | |
| */ | |
| using System; | |
| using System.Collections.ObjectModel; | |
| //dotnet add package System.Management.Automation (inside folder with .csproj) | |
| using System.Management.Automation; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| #DiabloHorn https://diablohorn.com | |
| #raw python pcap creater | |
| #based on | |
| # http://askldjd.com/2014/01/15/a-reasonably-fast-python-ip-sniffer/ | |
| #additional references | |
| # http://www.kanadas.com/program-e/2014/08/raw_socket_communication_on_li.html | |
| import sys | |
| import time |
DiabloHorn
/ mass_analysis_jar.sh
Created
June 11, 2018 17:14
Decompile multiple jar files for analysis
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #DiabloHorn - https://diablohorn.com | |
| #easy opengrok analysis of all decompiled source | |
| # sudo docker run -v /home/me/Desktop/libanalysis/srces:/src -p 9000:8080 itszero/opengrok | |
| # http://localhost:9000/source/ | |
| OUTPUTDIR="srces" | |
| DECOMPATH="/home/me/tools/javadecomp" | |
| DECOMBIN="cfr_0_130.jar" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| DiabloHorn - https://diablohorn.com | |
| POC server to inject packets towards 'infected' machine | |
| intended to bypass IP whitelisting | |
| """ | |
| import time | |
| import socket | |
| from scapy.all import * |
DiabloHorn
/ ipless-scan.py
Created
October 26, 2017 21:41
Perform a port scan without having an IP configured on your network interface
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # DiabloHorn - https://diablohorn.com | |
| # scan target IP from an interface with no IP configured | |
| # POC - scapy | |
| # pkt = Ether(dst='00:0c:29:f6:a5:65',src='00:08:19:2c:e0:15') / IP(dst='172.16.218.178',src='172.16.218.255') / TCP(dport=445,flags='S') | |
| # sendp(pkt,iface='eth0') | |
| import sys | |
| from scapy.all import * |
DiabloHorn
/ example-plugin-logging.py
Created
February 28, 2021 15:12
Example base class to build plugins with logging
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Example minimalistic plugin framework | |
| # https://www.guidodiepen.nl/2019/02/implementing-a-simple-plugin-framework-in-python/ | |
| import logging | |
| class BasePlugin(object): | |
| """ | |
| Example class just to remember about logging stuff | |
| We want to override the default formatting of the main logger, | |
| without removing it alltogether |
DiabloHorn
/ xprotect-brute.py
Created
August 13, 2017 18:26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| DiabloHorn - https://diablohorn.com | |
| Brute force the Milestone XProtect Web Client interface | |
| python xprotect-brute.py http://127.0.0.1:8081/XProtectMobile/Communication --userlist u.txt --pwdlist p.txt --httpproxy http://127.0.0.1:9090 | |
| """ | |
| import sys | |
| import base64 | |
| import argparse |
DiabloHorn
/ docker-compose.yaml
Last active
May 1, 2020 23:05
docker compose to run elasticsearch and kibana
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Thank you @donnymaasland for this file | |
| # memo to self: | |
| # sudo docker-compose up | |
| version: "3" | |
| services: | |
| elasticsearch: | |
| image: elasticsearch:7.6.2 | |
| ports: | |
| - 9200:9200 |
DiabloHorn
/ pe-aware-split.py
Created
November 12, 2017 17:47
Split file while preserving PE format
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # DiabloHorn https://diablohorn.com | |
| # blank out bytes taking into account the PE file format | |
| # input file: base64 malware.exe | rev > enc.txt | |
| import sys | |
| import os | |
| #pip install pefile | |
| import pefile | |
| import argparse | |
| import logging |
DiabloHorn
/ deserlab_exploit.py
Created
September 9, 2017 18:37
Exploit for the DeserLab vulnerable implementation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| DiabloHorn - https://diablohorn.com | |
| References | |
| https://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/ | |
| https://deadcode.me/blog/2016/09/02/Blind-Java-Deserialization-Commons-Gadgets.html | |
| https://deadcode.me/blog/2016/09/18/Blind-Java-Deserialization-Part-II.html | |
| http://gursevkalra.blogspot.nl/2016/01/ysoserial-commonscollections1-exploit.html | |
| https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ | |
| https://www.slideshare.net/codewhitesec/exploiting-deserialization-vulnerabilities-in-java-54707478 |
NewerOlder