Skip to content

Instantly share code, notes, and snippets.

# Convert-ADName.ps1
# Written by Bill Stewart (bstewart@iname.com)
# PowerShell wrapper script for the NameTranslate COM object.
#requires -version 2
<#
.SYNOPSIS
Translates Active Directory names between various formats.
@ktwombley
ktwombley / gist:3a61d591035d700664acb763bbe0271c
Created March 5, 2019 15:58
request headers for frameworks-b740280f.js
accept-ranges: bytes
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 3600
age: 2943
content-type: application/javascript
date: Tue, 05 Mar 2019 15:51:12 GMT
etag: "d77d08ee576a53dbb1217d83bf33efde"
last-modified: Fri, 01 Mar 2019 22:13:28 GMT
server: AmazonS3
#!/usr/bin/env python
# Based on https://www.openwall.com/lists/oss-security/2018/08/16/1
# untested CVE-2018-10933
import sys, paramiko
import logging
username = sys.argv[1]
hostname = sys.argv[2]
command = sys.argv[3]
find /proc -type d -user ${username} -prune 2>/dev/null | sed -e 's/\/proc\///' | while read thepid; do echo ${thepid} && touch /sdcard/dumps/${thepid}.mem && cat /proc/${thepid}/maps | awk '{if (a) print a; a=$0}' | awk -F'[ -]' '{print "0x"$1" 0x"$2}' | while read start finish; do echo ${thepid} ${start} $(dc ${start} 0x1000 div p) $(((${finish}-${start})/4096)) && /data/local/busybox dd if=/proc/${thepid}/mem bs=4096 seek=$(dc ${start} 0x1000 div p) skip=$(dc ${start} 0x1000 div p) count=$(((${finish}-${start})/4096)) conv=noerror,notrunc,sync,fsync of=/sdcard/dumps/${thepid}.mem 2>/dev/null; done; done
# On android with busybox available at /data/local/busybox, will dump the process RAM of any process owned by $username into /sdcard/dumps/$thepid.mem. make that directory before starting.
@ktwombley
ktwombley / keybase.md
Last active August 29, 2015 14:08
keybase.md

Keybase proof

I hereby claim:

  • I am ktwombley on github.
  • I am daoist (https://keybase.io/daoist) on keybase.
  • I have a public key whose fingerprint is 75CB 8F44 0ACF 32B8 AEED 4819 AF69 C534 D60A C573

To claim this, I am signing this object: