Andrea Fortuna andreafortuna

## CVE-2019-14271_PoC.c
#include ...

#define ORIGINAL_LIBNSS "/original_libnss_files.so.2"
#define LIBNSS_PATH "/lib/x86_64-linux-gnu/libnss_files.so.2"

bool is_priviliged();

__attribute__ ((constructor)) void run_at_link(void)
{
     char * argv_break[2];

## ServiceAccounts.ps1
<#
    Service account report scrip that reads service configuration from
    all Windows servers in the current domain and generate a report listing all
    domain accounts used as service logon account.

    By Andrea Fortuna (andrea@andreafortuna.org)

    *** Based on "report-service-accounts.ps1" by Gleb Yourchenko (fnugry@null.net) ***
#>

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                andreafortuna
                / keybase.md
            
            
              Created May 21, 2019
            
          
      View keybase.md
  
      
    Keybase proof
I hereby claim:

I am andreafortuna on github.
I am andrea_fortuna (https://keybase.io/andrea_fortuna) on keybase.
I have a public key whose fingerprint is F08A 2478 ACEB D77B 8A11  6A43 A705 D2DA 05FF 95C5

To claim this, I am signing this object:

  
## GPPDecrypt.ps1
 param (
    [string]$cpassword
 )

function Get-DecryptedCpassword {
        [CmdletBinding()]
        Param (
            [string] $Cpassword
        )

## GPPDecrypt.py
#!/usr/bin/env python3
import base64
from Crypto.Cipher import AES


def decrypt(encrypt_str):
        padding = "=" * (4 - len(encrypt_str) % 4)
        encrypt_str = encrypt_str + padding
        encrypt_str = base64.b64decode(encrypt_str)
        # Public available AES key on https://msdn.microsoft.com/en-us/library/2c15cbf0-f086-4c74-8b70-1f2fa45dd4be.aspx?f=255&MSPPError=-2147217396

## Optionsbleed.py
#!/usr/bin/env python3
# -*- coding: utf-8 -*-

# Optionsbleed proof of concept test
# by Hanno Böck

import argparse
import urllib3
import re

## screenshot.sh
#!/bin/bash
TS=`date +%s`.png
/usr/bin/import ~/Immagini/$TS > ~/logs/ss.log 2>&1
xclip -selection clipboard -t image/png -i ~/Images/$TS  >> ~/logs/ss.log 2>&1
notify-send "Screenshot saved into ~/Immagini/$TS and into clipboard" -t 3

## notpetyavaccine.ps1
$extensions = "", ".dat", ".dll"
$baseFileName = "C:\windows\perfc"

foreach ($extension in $extensions)
{
    $outFile = "{0}{1}" -f $baseFileName, $extension

    Write-Host ("Creating file: {0}" -f $baseFileName)
    New-Item $outFile -ItemType file -Value "Road block for Petya." -Force


## brightness.sh
#!/bin/bash

# Simple script to modify screen brightness
# USAGE:
# brightness.sh +20 (Increase brightness by 20%)

basedir="/sys/class/backlight/"

# get the backlight handler
handler=$basedir$(ls $basedir)"/"

## vbfilesystembodyfile.sh
#!/bin/bash
#Simple script for VirtuaBox filesystem bodyfile creation
# Usage: vbfilesystembodyfile.sh <VM name>

disk=`echo $( sudo VBoxManage showvminfo $1|grep "vdi\|vmdk"|head -n 1|cut -d ":" -f 2|cut -d "(" -f 1)|xargs`
VBoxManage clonemedium $disk ./$1.raw --format=raw
offset=$(mmls $1.raw -a | grep `mmls $1.raw -a | grep "000:" |  cut -d " " -f 9 | sort -r | head -1` | cut -d " " -f 6 | bc)
fls -o $offset  -r -m / $1.raw > $1.bodyfile
rm $1.raw
	#include ...

	#define ORIGINAL_LIBNSS "/original_libnss_files.so.2"
	#define LIBNSS_PATH "/lib/x86_64-linux-gnu/libnss_files.so.2"

	bool is_priviliged();

	__attribute__ ((constructor)) void run_at_link(void)
	{
	char * argv_break[2];
	<#
	Service account report scrip that reads service configuration from
	all Windows servers in the current domain and generate a report listing all
	domain accounts used as service logon account.

	By Andrea Fortuna (andrea@andreafortuna.org)

	* Based on "report-service-accounts.ps1" by Gleb Yourchenko (fnugry@null.net) *
	#>
	param (
	[string]$cpassword
	)

	function Get-DecryptedCpassword {
	[CmdletBinding()]
	Param (
	[string] $Cpassword
	)
	#!/usr/bin/env python3
	import base64
	from Crypto.Cipher import AES


	def decrypt(encrypt_str):
	padding = "=" * (4 - len(encrypt_str) % 4)
	encrypt_str = encrypt_str + padding
	encrypt_str = base64.b64decode(encrypt_str)
	# Public available AES key on https://msdn.microsoft.com/en-us/library/2c15cbf0-f086-4c74-8b70-1f2fa45dd4be.aspx?f=255&MSPPError=-2147217396
	#!/usr/bin/env python3
	# -- coding: utf-8 --

	# Optionsbleed proof of concept test
	# by Hanno Böck

	import argparse
	import urllib3
	import re
	#!/bin/bash
	TS=`date +%s`.png
	/usr/bin/import ~/Immagini/$TS > ~/logs/ss.log 2>&1
	xclip -selection clipboard -t image/png -i ~/Images/$TS >> ~/logs/ss.log 2>&1
	notify-send "Screenshot saved into ~/Immagini/$TS and into clipboard" -t 3
	$extensions = "", ".dat", ".dll"
	$baseFileName = "C:\windows\perfc"

	foreach ($extension in $extensions)
	{
	$outFile = "{0}{1}" -f $baseFileName, $extension

	Write-Host ("Creating file: {0}" -f $baseFileName)
	New-Item $outFile -ItemType file -Value "Road block for Petya." -Force
	#!/bin/bash

	# Simple script to modify screen brightness
	# USAGE:
	# brightness.sh +20 (Increase brightness by 20%)

	basedir="/sys/class/backlight/"

	# get the backlight handler
	handler=$basedir$(ls $basedir)"/"
	#!/bin/bash
	#Simple script for VirtuaBox filesystem bodyfile creation
	# Usage: vbfilesystembodyfile.sh <VM name>

	disk=`echo $( sudo VBoxManage showvminfo $1\|grep "vdi\\|vmdk"\|head -n 1\|cut -d ":" -f 2\|cut -d "(" -f 1)\|xargs`
	VBoxManage clonemedium $disk ./$1.raw --format=raw
	offset=$(mmls $1.raw -a \| grep `mmls $1.raw -a \| grep "000:" \| cut -d " " -f 9 \| sort -r \| head -1` \| cut -d " " -f 6 \| bc)
	fls -o $offset -r -m / $1.raw > $1.bodyfile
	rm $1.raw