This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import paramiko, re, time | |
script_target = '/srv/nfs/cortana/logs/cmd/modify_host.py' | |
script_data= '''data = open('/etc/hosts').read() | |
name = open('/etc/hostname').read().strip() | |
new_data = data.replace('python-workx64-replaceme', name) | |
open('/etc/hosts', 'w').write(new_data)''' | |
open(script_target, 'w').write(script_data) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Hunting for MD5s on a Disk Image Using pyhashdd and Linux | |
0) Figure out how to mount the image (YMMV) depending on image type. Here we mount a raw disk image. | |
```fdisk msedge_disk.img``` | |
output: | |
``` | |
Welcome to fdisk (util-linux 2.27.1). | |
Changes will remain in memory only, until you decide to write them. | |
Be careful before using the write command. | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Simple Breakpoint hooks for Immunity debug | |
# Important note that all data related to BP hooking and handling | |
# must be re-entrant, meaning extraneous global values in Python | |
# classes and script environment are bad. Lesson learned | |
# to use this script, put in the PyCommands directory of Immunity Debug | |
# !simplebphook <hex_base_address_of_exe> | |
# | |
# | |
# To (easily) get the BP_BASE_ADDRS, set breakpoints on all |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# command for running socat on the remote system in a separate terminal or window | |
# sudo socat -v openssl-listen:443,reuseaddr,cert=$HOME/socat_ssl_server/server.pem,verify=0,fork tcp4:127.0.0.1:6000 | |
# code for capturing SSL stripped traffic | |
import socket | |
host = ('', 6000) | |
s = socket.socket() | |
s.bind(host) | |
s.listen(100) | |
def get_it(s): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Simple memory dump script for Immunity debug | |
# to use this script, put in the PyCommands directory of Immunity Debug | |
# !dumpit <file name prefix> | |
# | |
# | |
# Dump memory in SZ_LOC list to "C:\\{name}-{address}-manual-dump.bin" | |
import immlib | |
SZ_LOCS = [ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Adam Pridgen | |
# Licensed to the Apache Software Foundation (ASF) under one | |
# or more contributor license agreements. See the NOTICE file | |
# distributed with this work for additional information | |
# regarding copyright ownership. The ASF licenses this file | |
# to you under the Apache License, Version 2.0 (the | |
# "License"); you may not use this file except in compliance | |
# with the License. You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from x64dbgpy import pluginsdk | |
# Put this script in the Python path, and | |
# execute the following Python snippets in | |
# the Python dialog in x64dbg: | |
# | |
# from stop_cpuid_detect import * | |
# trace_cpuid(n=1000) | |
# the above code will trace through the program |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import string | |
from pymongo import MongoClient | |
from datetime import datetime | |
import traceback | |
import argparse | |
import sys | |
from threading import Thread, Lock | |
import logging | |
import time | |
from virus_total_apis import PublicApi as VTPublic |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import traceback | |
from datetime import datetime | |
import ssl | |
import socket | |
from OpenSSL import SSL | |
from multiprocessing import Pool | |
CN_S = 'commonName' | |
O_S = 'organizationName' | |
C_S = 'countryName' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from pymongo import MongoClient | |
import json, os, time, signal, threading, sys | |
from datetime import datetime, timedelta | |
from gglsbl import SafeBrowsingList | |
from datetime import datetime | |
from datetime import datetime, timedelta | |
from virus_total_apis import PrivateApi, PublicApi | |
import argparse | |
import sys |