mkdir chromium && cd chromium
fetch --nohooks chromium --nosvn=True
gclient sync --with_branch_heads --nohooks # May not even need this.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is a super **SIMPLE** example of how to create a very basic powershell webserver | |
# 2019-05-18 UPDATE — Created by me and and evalued by @jakobii and the comunity. | |
# Http Server | |
$http = [System.Net.HttpListener]::new() | |
# Hostname and port to listen on | |
$http.Prefixes.Add("http://localhost:8080/") | |
# Start the Http Server |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/ | |
# generate server.xml with the following command: | |
# openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes | |
# run as follows: | |
# python simple-https-server.py | |
# then in your browser, visit: | |
# https://localhost:4443 | |
import BaseHTTPServer, SimpleHTTPServer | |
import ssl |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/* | |
* This code is copied from | |
* http://www.warpconduit.net/2013/04/14/highly-secure-data-encryption-decryption-made-easy-with-php-mcrypt-rijndael-256-and-cbc/ | |
* to demonstrate an attack against it. Specifically, we simulate a timing leak | |
* in the MAC comparison which, in a Mac-then-Encrypt (MtA) design, we show | |
* breaks confidentiality. | |
* | |
* Slight modifications such as making it not serialize/unserialize and removing |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
echo -----BEGIN CERTIFICATE----- > encoded.txt | |
echo Just Base64 encode your binary data | |
echo TVoAAA== >> encoded.txt | |
echo -----END CERTIFICATE----- >> encoded.txt | |
certutil -decode encoded.txt decoded.bin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ sudo nano /etc/systemd/system/startup.service | |
[Unit] | |
Description=Startup | |
[Service] | |
ExecStart=/usr/local/bin/startup.sh | |
[Install] | |
WantedBy=default.target |
Abstract
This is a document explaining how to locate WaitForSingleObject(..., INFINITE)
within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches. It goes through the analysis of a windows/shell_reverse_tcp payload, touching issues like stack alignment, WaitForSingleObject locating & patching. It has been written when I realised there are many topics on the Offensive-Security OSCE/CTP forums touching problem of finding this particular Windows API. Since RE is one of my stronger FU's I decided to write down my explanation of the subject.
Contents:
Open the debugger VM's .vmx file. delete the existing serial0 lines (used for printing, not needed) add these lines:
serial0.present = "TRUE"
serial0.pipe.endPoint = "client"
serial0.fileType = "pipe"
serial0.yieldOnMsrRead = "TRUE"
serial0.tryNoRxLoss = "FALSE"
serial0.startConnected = "TRUE"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<configuration> | |
<system.webServer> | |
<handlers accessPolicy="Read, Script, Write"> | |
<add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" /> | |
</handlers> | |
<security> | |
<requestFiltering> | |
<fileExtensions> | |
<remove fileExtension=".config" /> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
ABOUT="piactl 0.10 | |
Copyright (c) 2018-2020 Peeter P. Mõtsküla <peeterpaul@motskula.net> | |
https://gist.github.com/ppmotskula/4288167460de27d22225e4959c44c6c4 | |
License: MIT License (https://opensource.org/licenses/MIT) | |
piactl helps you to install, configure and control CNIL's PIA software | |
(https://www.cnil.fr/en/open-source-pia-software-helps-carry-out-data-protection-impact-assesment) |
OlderNewer