Robin David RobinDavid
RobinDavid
/ pydbg_firefox.py
Created
February 25, 2014 17:39
Pydbg: sample to hook a firefox function to retrieve credentials (Gray Hat Python book)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Example taken from Gray Hat Python (book) | |
| This script present a way to hook a DLL library in Firefox. For this example the script hook nspr4.dll which encrypt datas for SSL connection. | |
| So we will be able to get the text before it is encrypted. Moreover we catch a pattern "password" to get all login/password before they are ciphered. | |
| ''' | |
| from pydbg import * | |
| from pydbg.defines import * | |
| import utils |
RobinDavid
/ code_injector.py
Created
February 25, 2014 17:45
sample of shellcode injection into a process (Gray Hat Python)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Example taken from Gray Hat Python | |
| The script inject a shellcode which tasks is to kill the given process, so that the process will not be killed by our process directly. | |
| ''' | |
| import sys | |
| from ctypes import * | |
| # We set the EXECUTE access mask so that our shellcode will execute in the memory block we have allocated | |
| PAGE_EXECUTE_READWRITE = 0x00000040 |
RobinDavid
/ dll_injection.py
Created
February 25, 2014 17:49
Sample ddl injection (Gray Hat Python)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| from ctypes import * | |
| PAGE_READWRITE = 0x04 | |
| PROCESS_ALL_ACCESS = ( 0x000F0000 | 0x00100000 | 0xFFF ) | |
| VIRTUAL_MEM = ( 0x1000 | 0x2000 ) | |
| kernel32 = windll.kernel32 #Get the wanted dll | |
| pid = sys.argv[1] #Gather sent parameters |
RobinDavid
/ chroot.sh
Created
February 25, 2014 17:51
script to create an nice chroot to a given folder
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ROOT=$1 | |
| mount procfs -t proc $ROOT/proc/ | |
| mount sysfs -t sysfs | |
| mount -o bin /dev $ROOT/dev/ | |
| mount -o bin /dev/pts $ROOT/dev/pts | |
| mount --bind /etc/resolv.conf $ROOT/etc/resolv.conf | |
| chroot $ROOT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; Credits from : http://blog.stalkr.net/2014/10/tiny-elf-3264-with-nasm.html | |
| ; nasm -f bin -o tiny64 tiny64.asm | |
| BITS 64 | |
| org 0x400000 | |
| ehdr: ; Elf64_Ehdr | |
| db 0x7f, "ELF", 2, 1, 1, 0 ; e_ident | |
| times 8 db 0 | |
| dw 2 ; e_type | |
| dw 0x3e ; e_machine |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; From: http://blog.stalkr.net/2014/10/tiny-elf-3264-with-nasm.html | |
| ; nasm -f bin -o tiny32 tiny32.asm | |
| BITS 32 | |
| org 0x08048000 | |
| ehdr: ; Elf32_Ehdr | |
| db 0x7F, "ELF", 1, 1, 1, 0 ; e_ident | |
| times 8 db 0 | |
| dw 2 ; e_type | |
| dw 3 ; e_machine |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <iostream> | |
| int main(void) | |
| { | |
| unsigned long long var_RFLAGS = 0; | |
| __asm__ ( | |
| "pushfq;" // Put RFLAGS into stack | |
| "pop %%rax;" // Pop them in rax | |
| "mov %%rax, %0" : :"m" (var_RFLAGS) // Retrieve them in a variable |
RobinDavid
/ cpuid.cpp
Created
January 18, 2015 20:15
Retrieve MMX and SSE support using the CPUID assembly command.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <iostream> | |
| using namespace std; | |
| int main(int argc,char* argv[]) | |
| { | |
| unsigned int cpeinfo; | |
| unsigned int cpsse3; | |
| __asm__( | |
| "mov $01,%%eax;" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| sed -i 's,^\(NETDOWN=\).*,\1'no',' /etc/init.d/halt | |
| aptitude install ethtool -y | |
| echo 'pre-down /usr/sbin/ethool -s eth0 wol g' >> /etc/network/interface |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #Do all the partition stuff | |
| #Let's consider we install to sda1 | |
| mkdir /media/debian | |
| mount /dev/sda1 /media/debian |