Skip to content

Instantly share code, notes, and snippets.

View Und3rf10w's full-sized avatar

Und3rf10w

605 followers · 63 following
View GitHub Profile
@Und3rf10w
Und3rf10w / herpaderping.py
Created October 29, 2020 19:18
You should fork and finish this
import ctypes
from ctypes import wintypes
import struct
source_file_name = "mimikatz.exe"
target_file_name = "calc.exe"
replacement_file_name = "Chrome.exe"
nullptr = ctypes.c_void_p(0)
@Und3rf10w
Und3rf10w / head.tex
Last active March 29, 2021 21:24
Pandoc markdown export for https://obsidian.md/
% change background color for inline code in
% markdown files. The following code does not work well for
% long text as the text will exceed the page boundary
% Taken from: https://jdhao.github.io/2019/05/30/markdown2pdf_pandoc/
\definecolor{bgcolor}{HTML}{E0E0E0}
\let\oldtexttt\texttt
\renewcommand{\texttt}[1]{
\colorbox{bgcolor}{\oldtexttt{#1}}
}
@Und3rf10w
Und3rf10w / http.py
Last active July 16, 2021 09:35
Asyncio tarpits taken from https://nullprogram.com/blog/2019/03/22/
import asyncio
import random
async def handler(_reader, writer):
writer.write(b'HTTP/1.1 200 OK\r\n')
try:
while True:
await asyncio.sleep(5)
header = random.randint(0, 2**32)
value = random.randint(0, 2**32)
@Und3rf10w
Und3rf10w / boostnote_to_obisidan_image_path_fix.py
Last active August 8, 2020 08:22
Very quick and dirty script to fix image paths in boostnote for exporting them to obsidian. You may have to run this multiple times on the same file until you no longer get FileNotFoundErrors
import re
import argparse
from shutil import copyfile
boostnote_attachment_base_dir = "/path/to/Boostnote/attachments/"
obsidian_note_attachment_dir = "/path/to/obsidian/notes/attachments/dir"
orig_image_dir = "/path/where/original/boostnote/photos/are/stored"
parser = argparse.ArgumentParser()
required_args = parser.add_argument_group("Required Arguments")
required_args.add_argument("-f", required=True, dest="input_file", help="Obsidian Markdown file to fix")
@Und3rf10w
Und3rf10w / Prestzo_Powerlevel10k_Windows_Terminal.MD
Last active December 31, 2019 13:32
How to Set up Prezto and Powerlevel10k for Kali on Windows Subsystem For Linux

Overview

This guide assumes you already have Windows Terminal preview installed, Windows Subsystem for Linux activated, and kali installed. This configuration will likely work for any debian based distro, but we're going to use kali soely for an example.

On your windows machine

The only thing you need to do is install the "DejaVuSansMonoForPowerline NF" font onto your windows machine. You can grab the zip that contains this font here. You will want to specifically install the font called DejaVu Sans Mono for Powerline Nerd Font Complete Mono Windows Compatible.ttf.

On your windows terminal

Open your kali shell in the windows terminal. In the tabbed area, click the down arrow and select "Settings". This should open a notepad with the configuration file for the Windows Terminal. Scroll down to the section that has your kali installation and add a new directive with the following line:

@Und3rf10w
Und3rf10w / hexify_file.py
Created October 26, 2019 17:31
Convert a binary file to a hexbyte string
#!/usr/bin/env python3
import binascii
import argparse
from os import path
parser = argparse.ArgumentParser(description ='Convert input raw binary file to a hex byte string')
parser.add_argument('-i', '--input', dest='input_file', required=True, help="The input file to convert")
parser.add_argument('-o', '--output', dest='output_file', required=False, help="The output file to write to")
args = parser.parse_args()
@Und3rf10w
Und3rf10w / Hello_world.asm
Last active June 24, 2022 21:19
Sektor7 In memory shellcode injeciton from https://blog.sektor7.net/#!res/2018/pure-in-memory-linux.md
bits 64
global_start
_start:
jmp short message
print:
pop rsi
xor rax,rax
mov al, 1
@Und3rf10w
Und3rf10w / HowToDetectTechniqueX_Demos.ps1
Created September 6, 2019 22:38 — forked from mattifestation/HowToDetectTechniqueX_Demos.ps1
Demo code from my DerbyCon talk: "How do I detect technique X in Windows?" Applied Methodology to Definitively Answer this Question
#region Attack validations
wmic /node:169.254.37.139 /user:Administrator /password:badpassword process call create notepad.exe
Invoke-WmiMethod -ComputerName 169.254.37.139 -Credential Administrator -Class Win32_Process -Name Create -ArgumentList notepad.exe
$CimSession = New-CimSession -ComputerName 169.254.37.139 -Credential Administrator
Invoke-CimMethod -CimSession $CimSession -ClassName Win32_Process -MethodName Create -Arguments @{ CommandLine = 'notepad.exe' }
$CimSession | Remove-CimSession
winrm --% invoke Create wmicimv2/Win32_Process @{CommandLine="notepad.exe"} -remote:169.254.37.139 -username:Administrator -password:badpassword
@Und3rf10w
Und3rf10w / introspection-query.graphql
Created August 14, 2019 22:45 — forked from craigbeck/introspection-query.graphql
Introspection query for GraphQL
query IntrospectionQuery {
__schema {
queryType { name }
mutationType { name }
subscriptionType { name }
types {
...FullType
}
directives {
@Und3rf10w
Und3rf10w / stresstest.py
Created April 23, 2019 21:05
A python script to generate system load and network connections with the idea to be used for rootkit debugging
#!/usr/bin/python
import socket
import sys
from os import getpid
from multiprocessing import Pool
from multiprocessing import cpu_count
def f(x):
while True:
x*x