Frank Spierings FrankSpierings

## brute.ps1
$charset  = @()
$charset += ([char]'0'..[char]'9') |% {[char]$_}
$charset += ([char]'a'..[char]'z') |% {[char]$_}
$charset += ([char]'A'..[char]'Z') |% {[char]$_}
$charset  = $charset | Select-Object -uniq

function Get-NextPassword() {
    param(
        $Password
    )

## Readme.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              3 stars
            
          
                FrankSpierings
                / Readme.md
            
            
              Last active
              March 18, 2024 19:31
            
              
                Angr on a static stripped binary
              
          
    Project


This is to demonstrate how to work with angr on a static/stripped binary

Source


Source angrtest.c

#include <stdio.h>

  
## pretty_print_ntlm_impacket.py
import datetime
import json
from impacket.structure import Structure
from enum import Flag, Enum


class NegotiateFlags(Flag):
    NTLMSSP_NEGOTIATE_56                       = 0x80000000
    NTLMSSP_NEGOTIATE_KEY_EXCH                 = 0x40000000
    NTLMSSP_NEGOTIATE_128                      = 0x20000000

## http-ntlm.py
from impacket.ntlm import getNTLMSSPType1, getNTLMSSPType3
import requests
import base64

# Replace these values with your IIS server details
target_url = "http://localhost"
username = "username"
password = "password"
domain = ''

## mitmproxy-http-ntlm.py
from mitmproxy import http, ctx
from impacket.ntlm import getNTLMSSPType1, getNTLMSSPType3
import requests
import logging
import base64

username = "username"
password = "password"
domain = ''

## README.MD

      
              1 file
            
          
              3 forks
            
          
              4 comments
            
          
              15 stars
            
          
                FrankSpierings
                / README.MD
            
            
              Last active
              February 5, 2024 15:25
            
              
                Apple Device Enrollment Program (DEP) - ByPass MDM Policy using Checkra1n exploit
              
          
    Pre-requirements


Install a socket daemon to multiplex connections from and to iOS devices, run: brew install usbmuxd
Start the socket daemon iproxy 2222 44
Install checkra1n exploit locally, run: brew install checkra1n
When SSH password authentication is requested, use: alpline.

Wipe iPad and restore Firmware


Clear all settings, or use DFU to clear and restore the iPad: https://www.theiphonewiki.com/wiki/DFU_Mode (Use iTunes to restore (and wipe) the iPad)


## frida-hook-generator.py
from pyclibrary import CParser
import re


hook_template = '''
(function() {
	var name = '__NAME__';
	var address = Module.findExportByName(null, name);
	if (address != null) {
		console.log('[!] Hooking: ' + name + ' @ 0x' + address.toString(16));

## README.md

      
              1 file
            
          
              40 forks
            
          
              1 comment
            
          
              157 stars
            
          
                FrankSpierings
                / README.md
            
            
              Last active
              January 20, 2024 20:45
            
              
                Linux Container Escapes and Hardening
              
          
    Container security notes

Internet references

Kernel and architecture


namespaces - overview of Linux namespaces
http://man7.org/linux/man-pages/man7/namespaces.7.html


mount_namespaces - overview of Linux mount namespaces


## openssl-frida.js
const utils = {
	colors: {
		red: function(string) {
			return '\x1b[31m' + string + '\x1b[0m';
		},

		green: function(string) {
			return '\x1b[32m' + string + '\x1b[0m';
		},

## deploy-applocker.ps1
# Requires system privileges!
# Thank you: https://github.com/sandytsang/MSIntune/blob/master/Intune-PowerShell/AppLocker/Delete-AppLockerEXE.ps1

$path = "<PATH TO APPLOCKER XML'S>"

$xmls = (ls -filter '*.xml' $path |% {$_.FullName})

$Appx, $Dll, $Exe, $Msi, $Script = $null

$xmls |% {
	$charset = @()
	$charset += ([char]'0'..[char]'9') \|% {[char]$_}
	$charset += ([char]'a'..[char]'z') \|% {[char]$_}
	$charset += ([char]'A'..[char]'Z') \|% {[char]$_}
	$charset = $charset \| Select-Object -uniq

	function Get-NextPassword() {
	param(
	$Password
	)
	import datetime
	import json
	from impacket.structure import Structure
	from enum import Flag, Enum


	class NegotiateFlags(Flag):
	NTLMSSP_NEGOTIATE_56 = 0x80000000
	NTLMSSP_NEGOTIATE_KEY_EXCH = 0x40000000
	NTLMSSP_NEGOTIATE_128 = 0x20000000
	from impacket.ntlm import getNTLMSSPType1, getNTLMSSPType3
	import requests
	import base64

	# Replace these values with your IIS server details
	target_url = "http://localhost"
	username = "username"
	password = "password"
	domain = ''
	from mitmproxy import http, ctx
	from impacket.ntlm import getNTLMSSPType1, getNTLMSSPType3
	import requests
	import logging
	import base64

	username = "username"
	password = "password"
	domain = ''
	from pyclibrary import CParser
	import re


	hook_template = '''
	(function() {
	var name = '__NAME__';
	var address = Module.findExportByName(null, name);
	if (address != null) {
	console.log('[!] Hooking: ' + name + ' @ 0x' + address.toString(16));
	const utils = {
	colors: {
	red: function(string) {
	return '\x1b[31m' + string + '\x1b[0m';
	},

	green: function(string) {
	return '\x1b[32m' + string + '\x1b[0m';
	},
	# Requires system privileges!
	# Thank you: https://github.com/sandytsang/MSIntune/blob/master/Intune-PowerShell/AppLocker/Delete-AppLockerEXE.ps1

	$path = "<PATH TO APPLOCKER XML'S>"

	$xmls = (ls -filter '*.xml' $path \|% {$_.FullName})

	$Appx, $Dll, $Exe, $Msi, $Script = $null

	$xmls \|% {