DiabloHorn DiabloHorn
DiabloHorn
/ ManualPayloadGenerate.java
Created
September 9, 2017 18:46
Java class to generate a Groovy serialized payload
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| DiabloHorn - https://diablohorn.com | |
| For learning purposes we build the groovy payload ourselves instead of using | |
| ysoserial. This helps us better understand the chain and the mechanisms | |
| involved in exploiting this bug. | |
| compile with: | |
| javac -cp <path to groovy lib> ManualPayloadGenerate.java | |
| Example: | |
| javac -cp DeserLab/DeserLab-v1.0/lib/groovy-all-2.3.9.jar ManualPayloadGenerate.java |
DiabloHorn
/ gdb-session.fish
Created
April 23, 2019 23:22
— forked from logc/gdb-session.fish
How to add a new structure to a GDB session
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ❯ gcc -g minimal.c -o minimal | |
| ❯ sudo gdb minimal | |
| Password: | |
| (gdb) break main | |
| Breakpoint 1 at 0x100000f90: file minimal.c, line 3. | |
| (gdb) run | |
| Starting program: /private/tmp/c-repl/minimal |
DiabloHorn
/ whitelist_finder.py
Created
February 18, 2018 15:26
Identify whitelisted IP addresses using spoofing techniques in conjunction with arp poisoning
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| #DiabloHorn - https://diablohorn.com | |
| #Find whitelisted IP addresses on a network & application level | |
| import sys | |
| import logging | |
| import threading | |
| import argparse | |
| from scapy.all import * |
DiabloHorn
/ ChangePassword.java
Created
January 23, 2018 00:18
— forked from zach-klippenstein/ChangePassword.java
The keystore password on Java keystore files is utterly pointless. You can reset it without knowing it, as shown by this code. Note that private keys are still secure, as far as I know.
The JKS implementation is copyright Casey Marshall (rsdio@metastatic.org), and the original source is available at http://metastatic.org/source/JKS.java. I've in…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.util.*; | |
| import java.io.*; | |
| import java.security.*; | |
| public class ChangePassword | |
| { | |
| private final static JKS j = new JKS(); | |
| public static void main(String[] args) throws Exception | |
| { |
DiabloHorn
/ file_processor.py
Created
January 16, 2018 01:09
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| #DiabloHorn - https://diablohorn.com | |
| import sys | |
| import os | |
| import csv | |
| import argparse | |
| import shutil | |
| try: | |
| import magic |
DiabloHorn
/ Makefile.target
Created
December 12, 2017 19:12
Reference files to expose a QEMU guest memory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- Mode: makefile -*- | |
| BUILD_DIR?=$(CURDIR)/.. | |
| include ../config-host.mak | |
| include config-target.mak | |
| include config-devices.mak | |
| include $(SRC_PATH)/rules.mak | |
| $(call set-vpath, $(SRC_PATH):$(BUILD_DIR)) |
DiabloHorn
/ xprotect-brute-js.user.js
Created
August 14, 2017 23:37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ==UserScript== | |
| // @name xprotect-brute-js | |
| // @namespace ns-xprotect-brute-js | |
| // @description Brute force Milestone XProtect Web Client | |
| // @include http://localhost:8081/index.html | |
| // @version 1 | |
| // @grant none | |
| // ==/UserScript== | |
| //DiabloHorn - https://diablohorn.com | |
| var foundcreds = 0; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| DiabloHorn - https://diablohorn.com | |
| POC client on 'infected' machines to receive injected packets | |
| intended to bypass IP whitelisting | |
| """ | |
| import sys | |
| import time | |
| import socket | |
| from threading import Thread |
NewerOlder