- This is to demonstrate how to work with
angr
on a static/stripped binary
- Source
angrtest.c
#include <stdio.h>
$charset = @() | |
$charset += ([char]'0'..[char]'9') |% {[char]$_} | |
$charset += ([char]'a'..[char]'z') |% {[char]$_} | |
$charset += ([char]'A'..[char]'Z') |% {[char]$_} | |
$charset = $charset | Select-Object -uniq | |
function Get-NextPassword() { | |
param( | |
$Password | |
) |
import datetime | |
import json | |
from impacket.structure import Structure | |
from enum import Flag, Enum | |
class NegotiateFlags(Flag): | |
NTLMSSP_NEGOTIATE_56 = 0x80000000 | |
NTLMSSP_NEGOTIATE_KEY_EXCH = 0x40000000 | |
NTLMSSP_NEGOTIATE_128 = 0x20000000 |
from impacket.ntlm import getNTLMSSPType1, getNTLMSSPType3 | |
import requests | |
import base64 | |
# Replace these values with your IIS server details | |
target_url = "http://localhost" | |
username = "username" | |
password = "password" | |
domain = '' |
from mitmproxy import http, ctx | |
from impacket.ntlm import getNTLMSSPType1, getNTLMSSPType3 | |
import requests | |
import logging | |
import base64 | |
username = "username" | |
password = "password" | |
domain = '' |
brew install usbmuxd
iproxy 2222 44
checkra1n
exploit locally, run: brew install checkra1n
alpline
.from pyclibrary import CParser | |
import re | |
hook_template = ''' | |
(function() { | |
var name = '__NAME__'; | |
var address = Module.findExportByName(null, name); | |
if (address != null) { | |
console.log('[!] Hooking: ' + name + ' @ 0x' + address.toString(16)); |
namespaces - overview of Linux namespaces http://man7.org/linux/man-pages/man7/namespaces.7.html
mount_namespaces - overview of Linux mount namespaces
const utils = { | |
colors: { | |
red: function(string) { | |
return '\x1b[31m' + string + '\x1b[0m'; | |
}, | |
green: function(string) { | |
return '\x1b[32m' + string + '\x1b[0m'; | |
}, |
# Requires system privileges! | |
# Thank you: https://github.com/sandytsang/MSIntune/blob/master/Intune-PowerShell/AppLocker/Delete-AppLockerEXE.ps1 | |
$path = "<PATH TO APPLOCKER XML'S>" | |
$xmls = (ls -filter '*.xml' $path |% {$_.FullName}) | |
$Appx, $Dll, $Exe, $Msi, $Script = $null | |
$xmls |% { |