Skip to content

Instantly share code, notes, and snippets.

View namishelex01's full-sized avatar
🎯
Focusing

Namish namishelex01

🎯
Focusing
View GitHub Profile
@namishelex01
namishelex01 / Deep-Diving-Bluetooth
Last active August 1, 2018 13:07
Learning about Bluetooth architecture and Protocols
Bluetooth technology
> bluetooth basic rate/enhanced data rate
>> High speed
> Low energy
> Attribute protocol/ generic attribute profile
------------
V2.1 - 2007 + EDR | secure device pairing by button press
V3.0 - 2009 + HS | MAC/PHY
V4.0 - 2010 + LE
@namishelex01
namishelex01 / Shellcode-Introduction
Last active August 17, 2018 07:24
Short wiki of Shellcode
[This is the gist version of the wiki page of Shellcode.]
[For elaborated explaination, please visit:- en.wikipedia.org/wiki/Shellcode]
SHELLCODE is a small piece of code used as the payload in the exploitation of a spftware vulnerability
Its called shellcode because it typically starts a command shell from which attacker can control the compromised machines
TYPES:
Local - Used by attacker who has limited access to a machine but can exploit a vulnerability
Remote - Used to target a remote machine, if the shellcode establishes the connection, it called reverse-shell or connect-back shell.
If attacker establishes the connection, shellcode is called bindshell because it binds certain port of victim's machine
Download & execute - Type of remote shellcode that downloads and executes some form of malware on target system
Staged - When amount of data that an attacker can inject into the target process is too limited to execute useful shellcode directly, it may be possible to execute it in stages
@namishelex01
namishelex01 / Top Vulnerabilities WebApp
Created August 31, 2018 11:24
I'm listing top vulnerabilities of most used CMS frameworks
> WordPress Plugin Quizlord 2.0 - XSS
> WordPress Plugin Jibu Pro 1.7 - XSS
> phpMyAdmin 4.7.x - XSRF
> WordPress Plugin Plainview Activity Monitor 20161228 - (Authenticated) Command Injection
> Responsive FileManager < 9.13.4 - Directory Traversal
> LiteCart 2.1.2 - Arbitrary File Upload
> Gleez CMS 1.2.0 - XSRF (Add Admin)
> WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQLi
> UltimatePOS 2.5 - RCE
> Twitter-Clone 1 - 'code' SQLi
Wmic syntax - [global switches] <command>
The following global switches are available:
--------------------------------------------------------------------------
/NAMESPACE NAMESPACE - Path for the namespace the alias is to operate against. Namespaces are always relative i.e. if the namespace does not begin with a '\\' it will be assumed to be relative to the current namespace.
USAGE:
/NAMESPACE:<namespace>
--------------------------------------------------------------------------
Introduction
> Distributed DB used by TCP/IP applications to map bt Hostnames & IP addrs and provide email routing information
> Why DNS? An app must convert hostname->IP addr before it can as TCP/UDP to, open connection/send datagram
> Access to DNS is through a "Resolver", its a part of application not OS
> UNIX hosts has two library functions
- gethostname(3) : Hostname -> IP addr
@namishelex01
namishelex01 / play-with-pdfs.py
Created July 19, 2021 12:57
Merge pdfs, create pdf from images(jpg, png, etc)
import PyPDF2
from PIL import Image
def mergePdfs():
pdfs = ['sf_1.pdf', 'sf_2.pdf']
merger = PyPDF2.PdfFileMerger()
for pdf in pdfs:
merger.append(pdf)
[Learning Exploit Development from fuzzysecurity.com]
Tools Needed:-
> Immunity debugger
> Mona.py
> Pvefindaddr.py
> Metasploit
> Virtual Box
Overflows to play with:-
1. Buffer overflow - A memory location receives more data than it was meant to
https[:]//docs.microsoft.com/en-us/archive/msdn-magazine/2002/march/inside-windows-an-in-depth-look-into-the-win32-portable-executable-file-format-part-2
https[:]//blahcat.github.io/2019/03/17/small-dumps-in-the-big-pool/
https[:]//www.fuzzysecurity.com/tutorials/16.html
https://blog.ropnop.com/hosting-clr-in-golang/
https[:]//evasions.checkpoint.com/
http[:]//www.catb.org/esr/faqs/hacker-howto.html
https[:]//vx-underground.org/
http[:]//sq.ro/malwarez.htm#
https[:]//github.com/d30sa1/RootKits-List-Download
https[:]//github.com/christian-roggia/open-myrtus
-------------------------------------
INITIAL ACCESS
-------------------------------------
$ Drive-by Compromise
A drive-by compromise is when an adversary gains access to a system through a user visiting a website over the normal course of browsing.
Multiple ways of delivering exploit code to a browser exist, including:
> A legitimate website injected with JavaScript, iFrames, XSS.
> Malicious ads
> Built-in web application interfaces (e.g. forum posts, comments, and other user controllable web content)