This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
DiabloHorn - https://diablohorn.com | |
For learning purposes we build the groovy payload ourselves instead of using | |
ysoserial. This helps us better understand the chain and the mechanisms | |
involved in exploiting this bug. | |
compile with: | |
javac -cp <path to groovy lib> ManualPayloadGenerate.java | |
Example: | |
javac -cp DeserLab/DeserLab-v1.0/lib/groovy-all-2.3.9.jar ManualPayloadGenerate.java |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
❯ gcc -g minimal.c -o minimal | |
❯ sudo gdb minimal | |
Password: | |
(gdb) break main | |
Breakpoint 1 at 0x100000f90: file minimal.c, line 3. | |
(gdb) run | |
Starting program: /private/tmp/c-repl/minimal |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
#DiabloHorn - https://diablohorn.com | |
#Find whitelisted IP addresses on a network & application level | |
import sys | |
import logging | |
import threading | |
import argparse | |
from scapy.all import * |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.util.*; | |
import java.io.*; | |
import java.security.*; | |
public class ChangePassword | |
{ | |
private final static JKS j = new JKS(); | |
public static void main(String[] args) throws Exception | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
#DiabloHorn - https://diablohorn.com | |
import sys | |
import os | |
import csv | |
import argparse | |
import shutil | |
try: | |
import magic |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# -*- Mode: makefile -*- | |
BUILD_DIR?=$(CURDIR)/.. | |
include ../config-host.mak | |
include config-target.mak | |
include config-devices.mak | |
include $(SRC_PATH)/rules.mak | |
$(call set-vpath, $(SRC_PATH):$(BUILD_DIR)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// ==UserScript== | |
// @name xprotect-brute-js | |
// @namespace ns-xprotect-brute-js | |
// @description Brute force Milestone XProtect Web Client | |
// @include http://localhost:8081/index.html | |
// @version 1 | |
// @grant none | |
// ==/UserScript== | |
//DiabloHorn - https://diablohorn.com | |
var foundcreds = 0; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
""" | |
DiabloHorn - https://diablohorn.com | |
POC client on 'infected' machines to receive injected packets | |
intended to bypass IP whitelisting | |
""" | |
import sys | |
import time | |
import socket | |
from threading import Thread |
NewerOlder