Skip to content

Instantly share code, notes, and snippets.

#!/usr/bin/python
from smb.SMBConnection import SMBConnection
import random, string
from smb import smb_structs
smb_structs.SUPPORT_SMB2 = False
import sys
# Just a python version of a very simple Samba exploit.
# Dictionary of common PE file sections and descriptions.
# Taken from here: http://www.hexacorn.com/blog/2016/12/15/pe-section-names-re-visited/
common_sections_dict = {".00cfg":"Control Flow Guard CFG section added by newer versions of Visual Studio", \
".apiset":"a section present inside the apisetschema.dll", \
".arch":"Alpha-architecture section", \
".autoload_text":"cygwin/gcc; the Cygwin DLL uses a section to avoid copying certain data on fork.", \
".bindat":"Binary data also used by one of the downware installers based on LUA", \
".bootdat":"section that can be found inside Visual Studio files; contains palette entries", \
".bss":"Uninitialized Data Section", \
#!/usr/bin/python
import requests
import os
import subprocess
import psutil
import time
import sys
# A quick and dirty exploit of ManageEngine Desktop Central StatusUpdate Arbitrary File Upload
# Based off - https://www.exploit-db.com/exploits/34594/
import zipfile
import random
import itertools
import time
"""
Solves a challenge on pentester academy's Labs. Inefficiently writes
passwords to the screen, only be cause it was used as a debugging method to
figure out how python3 was jacking up the string encoding. Might clean up
into a usable program someday, so that's why I am saving it here...
#!/usr/bin/python3
import time
from datetime import datetime
import smtplib
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from pathlib import Path
'''
Not very user friendly at this point....
import pefile
# Inspriation from here - https://malwology.com/2018/08/24/python-for-malware-analysis-getting-started/
# Dictionary of packer sections and descriptions.
# Taken from here: http://www.hexacorn.com/blog/2016/12/15/pe-section-names-re-visited/
packer_dict = {".aspack":"Aspack packer", \
# Dictionary of packer sections and descriptions.
# Taken from here: http://www.hexacorn.com/blog/2016/12/15/pe-section-names-re-visited/
# Useful in python code :)
packer_dict = {".aspack":"Aspack packer", \
".adata":"Aspack packer/Armadillo packer", \
"ASPack":"Aspack packer", \
".ASPack":"ASPAck Protector", \
".boom":"The Boomerang List Builder (config+exe xored with a single byte key 0x77)", \
#!/usr/bin/python
# Modified from - http://www.cis.syr.edu/~wedu/seed/Labs_16.04/Networking/DNS_Local/DNS_Local.pdf
# If you suspect your victim doesn't have DNSSEC enabled, send them a link to www.example.net,
# and run this script on the IP that is the authoritative name server for that domain. The script will reply
# back with the original answer plus also state it's authoritative the high jacked domains and send an A
# record pointing back to itself.
from scapy.all import *
def spoof_dns(pkt):
if (DNS in pkt and 'www.example.net' in pkt[DNS].qd.qname):
' Kill Calculator
procToKill = "Calculator.exe"
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery( _
"SELECT * FROM Win32_Process",,48)
For Each objItem in colItems
If objItem.Name = procToKill Then
Set objShare = objWMIService.Get("Win32_Process.Handle=" & objItem.ProcessID)
Wscript.Echo "-----------------------------------"
dim list
Set list = CreateObject("System.Collections.ArrayList")
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery( _
"SELECT * FROM Win32_Process",,48)
For Each objItem in colItems
list.Add objItem.ProcessId
Next