Skip to content

Instantly share code, notes, and snippets.

kirillwow

Block or report user

Report or block kirillwow

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@kirillwow
kirillwow / Pegasus_mailslot_decrypt.py
Created Jul 23, 2018
Pegasus trojan from 2018 source code leak SMB Mailslot credentials broadcasting.
View Pegasus_mailslot_decrypt.py
import struct
import hashlib
_SERIALIZED_CREDS_BUFFER_LEN = 22
def decrypt_envelop(xored):
dwKey = struct.unpack("<I", xored[:4])[0]
print "dwKey: %08x" % dwKey
@kirillwow
kirillwow / Pegasus_checkin_decrypt.php
Created Jul 23, 2018
Pegasus trojan from 2018 source code leak HTTP check-in. Decryption goes using TARGET_BUILDCHAIN_HASH 0x7393c9a643eb4a76
View Pegasus_checkin_decrypt.php
<?php
function hex_dump($data, $newline="\n")
{
static $from = '';
static $to = '';
static $width = 16; # number of bytes per line
static $pad = '.'; # padding for non-visible characters
You can’t perform that action at this time.