Enrique Elias Nissim n3k

## mkpsrevshell.py
#!/usr/bin/env python3
#
# generate reverse powershell cmdline with base64 encoded args
#

import sys
import base64

def help():
    print("USAGE: %s IP PORT" % sys.argv[0])

## pkexec.c
/*
 * For original see haxx.in/files/blasty-vs-pkexec.c
 *
 * this version is just using some awful hack to
 * avoid having to call gcc on the target box.
 * this versions fragile - must be named payload.so
 * might add better detection later, whatever.
 * all credit to bl4sty for the actual exploit,
 * I just made some changes for my usecase.
 * you will have to change the interp for diff

## awk_netstat.sh
# Gawk version
# Remote
grep -v "rem_address" /proc/net/tcp  | awk  '{x=strtonum("0x"substr($3,index($3,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($3,i,2))}{print x":"strtonum("0x"substr($3,index($3,":")+1,4))}'

# Local
grep -v "rem_address" /proc/net/tcp | awk  '{x=strtonum("0x"substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($2,i,2))}{print x":"strtonum("0x"substr($2,index($2,":")+1,4))}'

# No Gawk
# Local
grep -v "rem_address" /proc/net/tcp  | awk 'function hextodec(str,ret,n,i,k,c){

## content_discovery_all.txt
`
~/
~
×™×


___
__
_

## all.txt

.
..
........
@
*
*.*
*.*.*
ðŸŽ

## enableDCI.txt
Enable DCI debugging on Gigabyte-BKi5HA-7200
--------------------------------------------

The Gigabyte-BKi5HA-7200 (Kabylake i5-7200 processor) can be debugged with only a USB debug cable, a
special cable that crosses only the data signals and has the power signals
removed. You can buy these cables at i.e. https://www.datapro.net/products/usb-3-0-super-speed-a-a-debugging-cable.html
The hurdle you have to overcome  before you can access DCI however is that you
need to set some bits in hardware that first enable DCI and also enable the debug port so that DCI can control the cores.
There are lots of guides in howto patch the BIOS but only these two really describes all the steps using only freely accessible tools:

## heartbleed.py
#!/usr/bin/python

# Modified by Travis Lee
# Last Updated: 4/21/14
# Version 1.16
#
# -changed output to display text only instead of hexdump and made it easier to read
# -added option to specify number of times to connect to server (to get more data)
# -added option to send STARTTLS command for use with SMTP/POP/IMAP/FTP/etc...
# -added option to specify an input file of multiple hosts, line delimited, with or without a port specified (host:port)

## setup-theos-linux.sh
# Script is available at https://github.com/supermamon/install-theos
# Or if you trust me run
curl -LO https://git.io/install-theos && bash install-theos

## c0w.c
/*
* A PTRACE_POKEDATA variant of CVE-2016-5195
* should work on RHEL 5 & 6
*
* (un)comment correct payload (x86 or x64)!
* $ gcc -pthread c0w.c  -o c0w
* $ ./c0w
* DirtyCow root privilege escalation
* Backing up /usr/bin/passwd.. to /tmp/bak
* mmap fa65a000
	#!/usr/bin/env python3
	#
	# generate reverse powershell cmdline with base64 encoded args
	#

	import sys
	import base64

	def help():
	print("USAGE: %s IP PORT" % sys.argv[0])
	/*
	* For original see haxx.in/files/blasty-vs-pkexec.c
	*
	* this version is just using some awful hack to
	* avoid having to call gcc on the target box.
	* this versions fragile - must be named payload.so
	* might add better detection later, whatever.
	* all credit to bl4sty for the actual exploit,
	* I just made some changes for my usecase.
	* you will have to change the interp for diff
	# Gawk version
	# Remote
	grep -v "rem_address" /proc/net/tcp \| awk '{x=strtonum("0x"substr($3,index($3,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($3,i,2))}{print x":"strtonum("0x"substr($3,index($3,":")+1,4))}'

	# Local
	grep -v "rem_address" /proc/net/tcp \| awk '{x=strtonum("0x"substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($2,i,2))}{print x":"strtonum("0x"substr($2,index($2,":")+1,4))}'

	# No Gawk
	# Local
	grep -v "rem_address" /proc/net/tcp \| awk 'function hextodec(str,ret,n,i,k,c){
	Enable DCI debugging on Gigabyte-BKi5HA-7200
	--------------------------------------------

	The Gigabyte-BKi5HA-7200 (Kabylake i5-7200 processor) can be debugged with only a USB debug cable, a
	special cable that crosses only the data signals and has the power signals
	removed. You can buy these cables at i.e. https://www.datapro.net/products/usb-3-0-super-speed-a-a-debugging-cable.html
	The hurdle you have to overcome before you can access DCI however is that you
	need to set some bits in hardware that first enable DCI and also enable the debug port so that DCI can control the cores.
	There are lots of guides in howto patch the BIOS but only these two really describes all the steps using only freely accessible tools:
	#!/usr/bin/python

	# Modified by Travis Lee
	# Last Updated: 4/21/14
	# Version 1.16
	#
	# -changed output to display text only instead of hexdump and made it easier to read
	# -added option to specify number of times to connect to server (to get more data)
	# -added option to send STARTTLS command for use with SMTP/POP/IMAP/FTP/etc...
	# -added option to specify an input file of multiple hosts, line delimited, with or without a port specified (host:port)
	# Script is available at https://github.com/supermamon/install-theos
	# Or if you trust me run
	curl -LO https://git.io/install-theos && bash install-theos
	/*
	* A PTRACE_POKEDATA variant of CVE-2016-5195
	* should work on RHEL 5 & 6
	*
	* (un)comment correct payload (x86 or x64)!
	* $ gcc -pthread c0w.c -o c0w
	* $ ./c0w
	* DirtyCow root privilege escalation
	* Backing up /usr/bin/passwd.. to /tmp/bak
	* mmap fa65a000