Skip to content

Instantly share code, notes, and snippets.

View merlinxcy's full-sized avatar
🎯
Focusing

Xeldax merlinxcy

🎯
Focusing
176 followers · 278 following
View GitHub Profile
@merlinxcy
merlinxcy / reflect.py
Created October 18, 2023 07:37 — forked from 1kastner/reflect.py
A simple echo server to inspect http web requests
#!/usr/bin/env python
# Reflects the requests from HTTP methods GET, POST, PUT, and DELETE
# Written by Nathan Hamiel (2010)
from http.server import HTTPServer, BaseHTTPRequestHandler
from optparse import OptionParser
class RequestHandler(BaseHTTPRequestHandler):
def do_GET(self):
@merlinxcy
merlinxcy / server.py
Created October 9, 2022 10:06 — forked from mdonkers/server.py
Simple Python 3 HTTP server for logging all GET and POST requests
#!/usr/bin/env python3
"""
Very simple HTTP server in python for logging requests
Usage::
./server.py [<port>]
"""
from http.server import BaseHTTPRequestHandler, HTTPServer
import logging
class S(BaseHTTPRequestHandler):
@merlinxcy
merlinxcy / mostly_painless_cuckoo_sandbox_install.md
Created July 7, 2022 08:23 — forked from 7MinSec/mostly_painless_cuckoo_sandbox_install.md
Mostly painless Cuckoo Sandbox install

How to Build a Cuckoo Sandbox Malware Analysis System

I had a heck of a time getting a Cuckoo sandbox running, and below I hope to help you get one up and running relatively quickly by detailing out the steps and gotchas I stumbled across along the way. I mention this in the references at the end of this gist, but what you see here is heavily influenced by this article from Nviso

Build your Linux Cuckoo VM

  1. Setup a Ubuntu 16.04 64-bit desktop VM (download here) in VMWare with the following properties:
  • 100GB hard drive
  • 2 procs
  • 8 gigs of RAM
@merlinxcy
merlinxcy / kerberos_attacks_cheatsheet.md
Created September 17, 2021 02:27 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@merlinxcy
merlinxcy / Ubuntu中设置JAVA_HOME路径.sh
Created June 15, 2021 06:21
Ubuntu中设置JAVA_HOME路径
export JAVA_HOME=/usr/lib/jvm/jdk-13
export JRE_HOME=${JAVA_HOME}/jre
export CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib
export PATH=${JAVA_HOME}/bin:$PATH
@merlinxcy
merlinxcy / gist:46dc0bb819101566baa70e5bc3b73f5d
Created June 2, 2020 08:15
brute_onepass_for_csrf_Token.sh
#!/bin/bash
HOST=192.168.10.130
ACTIVATE=activate.php
ME=$(basename $0)
function token() {
local COOKIE=""
if [ -e cookie ]; then
COOKIE=" -b cookie"
@merlinxcy
merlinxcy / InstallUtil-Shellcode-cs
Created March 10, 2020 04:15 — forked from lithackr/InstallUtil-Shellcode-cs
From https://gist.github.com/subTee/408d980d88515a539672
using System;
using System.Net;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
/*
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
@merlinxcy
merlinxcy / RegsvcsRegasm_regsvcs.cs
Last active March 3, 2020 06:14
using System;
using System.EnterpriseServices;
using System.Runtime.InteropServices;
/*
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
Create Your Strong Name Key -> key.snk
@merlinxcy
merlinxcy / test.asm
Created December 20, 2019 07:58
study asm
; global _start
; section .text
; _start:
; jmp short call_shellcode
; shellcode:
; pop esi
; xor ebx,ebx
; mov byte[esi+9],bl
; mov dword[esi+10],esi
@merlinxcy
merlinxcy / jadx.sh
Created December 16, 2019 02:52
reverse the dex history
root@kali:~/temp# cat test.sh
#!/bin/sh
for i in `ls *.jar`;do
~/tools/jadx/bin/jadx -d out-$i $i
echo $i
done;
root@kali:~/temp# cat test2.sh
#!/bin/sh
for i in `ls *.dex`;do
~/tools/jadx/bin/jadx -d out-$i $i