Skip to content

Instantly share code, notes, and snippets.

Avatar

b4sh1t1

View GitHub Profile
@b4sh1t1
b4sh1t1 / iranian_apit_groups_possible_commands.md
Created Sep 20, 2021 — forked from MSAdministrator/iranian_apit_groups_possible_commands.md
Iranian APT Groups & Possible Commands Used By These Groups
View iranian_apit_groups_possible_commands.md

Overview

The following content is generated using a preview release of Swimlane's pyattck.

This snippet of data is scoped to the following actor groups:

  • APT33
  • APT34
  • APT39
  • Charming Kitten
@b4sh1t1
b4sh1t1 / SimpleHTTPServerWithUpload.py
Created Sep 13, 2021 — forked from UniIsland/SimpleHTTPServerWithUpload.py
Simple Python Http Server with Upload
View SimpleHTTPServerWithUpload.py
#!/usr/bin/env python
"""Simple HTTP Server With Upload.
This module builds on BaseHTTPServer by implementing the standard GET
and HEAD requests in a fairly straightforward manner.
"""
@b4sh1t1
b4sh1t1 / Readme.md
Created Aug 26, 2021 — forked from LoadLow/Readme.md
Bypass shell_exec or system disabled functions by using GCONV (PHP rce to system())
View Readme.md

This is based on https://hugeh0ge.github.io/2019/11/04/Getting-Arbitrary-Code-Execution-from-fopen-s-2nd-Argument/

Credits: @hugeh0ge

It uses iconv, in php, in order to execute the same payload.

Uses cases :

  • You control the first parameter of iconv (in_charset), you can set an env var and you can upload arbitrary files (.so library file and the gconv-modules file) and you know their path.
  • You have a php RCE but system, shell_exec, curl_exec and other functions are disabled but you can setenv (and LD_PRELOAD is blacklisted).
@b4sh1t1
b4sh1t1 / Various-Macro-Based-RCEs.md
Created Aug 13, 2021 — forked from mgeeky/Various-Macro-Based-RCEs.md
Various Visual Basic Macros-based Remote Code Execution techniques to get your meterpreter invoked on the infected machine.
View Various-Macro-Based-RCEs.md

This is a note for myself describing various Visual Basic macros construction strategies that could be used for remote code execution via malicious Document vector. Nothing new or fancy here, just a list of techniques, tools and scripts collected in one place for a quick glimpse of an eye before setting a payload.

All of the below examples had been generated for using as a remote address: 192.168.56.101.

List:

  1. Page substiution macro for luring user to click Enable Content
  2. The Unicorn Powershell based payload
View conti.cna
#AntiVirus Query
#Author: @r3dQu1nn
#Queries the Registry for AV installed
#Thanks to @i_am_excite and @merrillmatt011 for the help
#Props to @zerosum0x0 for the wmic find!
#Long ass one-liner :)
$powershellcmd = "\$av_list = @(\"BitDefender\", \"Kaspersky\", \"McAfee\", \"Norton\", \"Avast\", \"WebRoot\", \"AVG\", \"ESET\", \"Malware\", \"Windows Defender\");\$av_install = Get-ItemProperty HKLM:\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*;\$av_install1 = Get-ItemProperty HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*;\$regkey = 'HKLM:\\SOFTWARE\\Microsoft\\Windows Defender\\Signature Updates\\';\$av_loop2 = foreach (\$av1 in \$av_list){foreach (\$key in \$av_install){if (\$key.DisplayName -match \$av1 -eq \$TRUE){% {\"{0}|{1}|{2}\" -f \$key.DisplayName.ToString(), \$key.DisplayVersion.ToString(), \$key.InstallDate.ToString()}}}};\$proc_temp = Get-Process;\$av_loop = foreach (\$av in \$av_list){foreach (\$zz in \$proc_temp){if (\$zz.path -match \$av -eq \$TRUE)
View gd-gif.php
<?php
//php gd-gif.php image.gif gd-image.gif
$gif = imagecreatefromgif($argv[1]);
imagegif($gif, $argv[2]);
imagedestroy($gif);
?>
@b4sh1t1
b4sh1t1 / TorPrivoxyPython.md
Created Oct 15, 2020 — forked from DusanMadar/TorPrivoxyPython.md
A step-by-step guide how to use Python with Tor and Privoxy
View TorPrivoxyPython.md

A step-by-step guide how to use Python with Tor and Privoxy

Tested on Ubuntu 18.04 Docker container. The Dockerfile is a single line FROM ubuntu:18.04. Alternatively, you can simply run docker run -it ubuntu:18.04 bash.

NOTE: stopping services didn't work for me for some reason. That's why there is kill $(pidof <service name>) after each failed service <service name> stop to kill it.

References

This guide is basically a compilation of all the resources listed below.