gradetwo gradetwo

## poly1305.py
'''
Implementation of Poly1305-AES as described by Daniel J. Bernstein in
documents linked from: http://cr.yp.to/mac.html

Implemented by Josiah Carlson <josiah.carlson@gmail.com> on 2011-01-23,
released into the public domain.

Note: this implementation of Poly1305-AES uses Python's built-in long integer
implementation, so is not terribly performant, and likely suffers from a
side-channel attack related to the timing of bigint modulo. It also uses

## argvURLfriendly.py
#!/usr/bin/python

import sys		#for cmd line argv

#take command line args as the input string
input_string = sys.argv
#remove the program name from the argv list
input_string.pop(0)

#convert to google friendly url (with + replacing spaces)

## cbcmac.py
#!/usr/bin/env python

from Crypto.Cipher import AES
from Crypto.Util.strxor import strxor
from binascii import hexlify

K = '0123456789abcdef'
cipher = AES.new(K, AES.MODE_ECB)

# Original Message

## Android unzip file using ZipInputStream
public class unzip extends Activity {
    /** Called when the activity is first created. */

    static final int BUFFER = 2048;
    TextView textView;

@Override
    public void onCreate(Bundle savedInstanceState) {

        textView = new TextView(this);

## README.md

      
              1 file
            
          
              2 forks
            
          
              1 comment
            
          
              14 stars
            
          
                pwntester
                / README.md
            
            
              Last active
              April 19, 2022 11:51
            
              
                JRE8 RCE gadget
              
          
    Pure JRE 8 RCE Deserialization gadget

Based on Chris Frohoff and Wouter Coekaerts ideas:

https://gist.github.com/frohoff/24af7913611f8406eaf3
http://wouter.coekaerts.be/2015/annotationinvocationhandler

Full project (containing dependencies) can be found here:

https://github.com/pwntester/JRE8u20_RCE_Gadget


## reclaimWindows10.ps1
###
###
### UPDATE: For Win 11, I recommend using this tool in place of this script:
### https://christitus.com/windows-tool/
### https://github.com/ChrisTitusTech/winutil
### https://www.youtube.com/watch?v=6UQZ5oQg8XA
### iwr -useb https://christitus.com/win | iex
###
###

## wmi_provider_association.ps1
<#
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
#>

function Get-WmiNamespace {
    [OutputType([String])]
    Param (
        [String]
        [ValidateNotNullOrEmpty()]

## root.sh
#!/bin/bash

# Give the usual warning.
clear;
echo "[INFO] Automated Android root script started.\n\n[WARN] Exploit requires sdk module \"NDK\".\nFor more information, visit the installation guide @ https://goo.gl/E2nmLF\n[INFO] Press Ctrl+C to stop the script if you need to install the NDK module. Waiting 10 seconds...";
sleep 10;
clear;

# Download and extract exploit files.
echo "[INFO] Downloading exploit files from GitHub...";

## Get-InjectedThread.ps1
function Get-InjectedThread
{
    <#

    .SYNOPSIS

    Looks for threads that were created as a result of code injection.

    .DESCRIPTION


## idapython_get_stack_refs.py
import idc, idaapi, idautils, ida_xref

def find_stack_members(func_ea):
    members = {}
    base = None
    frame = idc.GetFrame(func_ea)
    for frame_member in idautils.StructMembers(frame):
        member_offset, member_name, _ = frame_member
        members[member_offset] = member_name
        if member_name == ' r':
	'''
	Implementation of Poly1305-AES as described by Daniel J. Bernstein in
	documents linked from: http://cr.yp.to/mac.html

	Implemented by Josiah Carlson <josiah.carlson@gmail.com> on 2011-01-23,
	released into the public domain.

	Note: this implementation of Poly1305-AES uses Python's built-in long integer
	implementation, so is not terribly performant, and likely suffers from a
	side-channel attack related to the timing of bigint modulo. It also uses
	#!/usr/bin/python

	import sys #for cmd line argv

	#take command line args as the input string
	input_string = sys.argv
	#remove the program name from the argv list
	input_string.pop(0)

	#convert to google friendly url (with + replacing spaces)
	#!/usr/bin/env python

	from Crypto.Cipher import AES
	from Crypto.Util.strxor import strxor
	from binascii import hexlify

	K = '0123456789abcdef'
	cipher = AES.new(K, AES.MODE_ECB)

	# Original Message
	public class unzip extends Activity {
	/** Called when the activity is first created. */

	static final int BUFFER = 2048;
	TextView textView;

	@Override
	public void onCreate(Bundle savedInstanceState) {

	textView = new TextView(this);
	###
	###
	### UPDATE: For Win 11, I recommend using this tool in place of this script:
	### https://christitus.com/windows-tool/
	### https://github.com/ChrisTitusTech/winutil
	### https://www.youtube.com/watch?v=6UQZ5oQg8XA
	### iwr -useb https://christitus.com/win \| iex
	###
	###
	<#
	Author: Matthew Graeber (@mattifestation)
	License: BSD 3-Clause
	#>

	function Get-WmiNamespace {
	[OutputType([String])]
	Param (
	[String]
	[ValidateNotNullOrEmpty()]
	#!/bin/bash

	# Give the usual warning.
	clear;
	echo "[INFO] Automated Android root script started.\n\n[WARN] Exploit requires sdk module \"NDK\".\nFor more information, visit the installation guide @ https://goo.gl/E2nmLF\n[INFO] Press Ctrl+C to stop the script if you need to install the NDK module. Waiting 10 seconds...";
	sleep 10;
	clear;

	# Download and extract exploit files.
	echo "[INFO] Downloading exploit files from GitHub...";
	function Get-InjectedThread
	{
	<#

	.SYNOPSIS

	Looks for threads that were created as a result of code injection.

	.DESCRIPTION
	import idc, idaapi, idautils, ida_xref

	def find_stack_members(func_ea):
	members = {}
	base = None
	frame = idc.GetFrame(func_ea)
	for frame_member in idautils.StructMembers(frame):
	member_offset, member_name, _ = frame_member
	members[member_offset] = member_name
	if member_name == ' r':