pikpikcu

0
1
11
12
13
14
15
16
17
2

pikpikcu

Assembly Language / Reversing / Malware Analysis -resources

⭐Assembly Language

pikpikcu

#Tool based on a resolver.rb by @melvinsh
#Original Repository: https://github.com/melvinsh/subresolve
#Modified by @ehsahil for Personal Use.
require 'socket'
require 'colorize'

begin
  file = File.open(ARGV[0], "r")
rescue
  puts "Usage: ruby recon.rb wordlist"

pikpikcu

#!/usr/bin/env bash

# Step 1: Fill in EMAIL, TOKEN, DOMAIN and SUBDOMAIN. Your API token is here: https://www.cloudflare.com/a/account/my-account
#         Make sure the token is the Global token, or has these permissions: #zone:read, #dns_record:read, #dns_records:edit
#         If you want to set the root domain instead of a subdomain, set SUBDOMAIN to "@"
# Step 2: Create an A record on Cloudflare with the subdomain you chose
# Step 3: Run "./ddns.sh -l" to get the zone_id and rec_id of the record you created.
#         Fill in ZONE_ID and REC_ID below
#         This step is optional, but will save you 2 requests every time you run this script
# Step 4: Run "./ddns.sh". It should tell you that record was updated or that it didn't need updating.

pikpikcu

echo "Blind SSRF testing - append to parameters and add new parameters @hussein98d"
echo "Usage: bash script.sh domain.com http://server-callbak"
echo "This script uses https://github.com/ffuf/ffuf, https://github.com/lc/gau, https://github.com/tomnomnom/waybackurls"
if [ -z "$1" ]; then
  echo >&2 "ERROR: Domain not set"
  exit 2
fi
if [ -z "$2" ]; then
  echo >&2 "ERROR: Sever link not set"
  exit 2

pikpikcu

#!/bin/bash
if [ $# -eq 0 ]
  then
    echo $'Usage:\n\tcheck-smb-v3.11.sh TARGET_IP_or_CIDR'
    exit 1
fi

echo "Checking if there's SMB v3.11 in" $1 "..."

nmap -p445 --script smb-protocols -Pn -n $1 | grep -P '\d+\.\d+\.\d+\.\d+|^\|.\s+3.11' | tr '\n' ' ' | replace 'Nmap scan report for' '@' | tr "@" "\n" | grep 3.11 | tr '|' ' ' | tr '_' ' ' | grep -oP '\d+\.\d+\.\d+\.\d+'

pikpikcu

CVE-2020-8597 - Buffer Overflow in pppd

In this short tutorial we will go over how to reproduce the crash from CVE-2020-8597. This is a stack-based buffer overflow in the pppd binary.

We will use our own pppd binary compiled from source, using the latest version: 2.4.8.

To accomplish this goal, we will need two Virtual Machines connected by a virtual serial port. I typically use VirtualBox since it is open source, but the same sort of configuration should work on other hypervisors.

I spun up two VMs:

pikpikcu

Executing Python in MSSQL

MSSQL 2017 includes Microsoft Machine Learning Services, which allows for the execution of Python and R scripts within MSSQL via sp_execute_external_script. This is an expansion of the functionality available in MSSQL 2016, which allowed for the execution of R scripts with SQL Server R Services. Examples of how to abuse this functionality with R scripts are available elsewhere.

To execute Python code:

• Machine Learning Services (In-Database) and Python must have been selected during installation
• External scripts must be enabled
  • EXEC sp_configure 'external scripts enabled', 1
  • RECONFIGURE WITH OVERRIDE
  • Restart the database server
• The user must have EXECUTE ANY EXTERNAL SCRIPT

pikpikcu

"          _                      _          "
"   _     /||       .   .        ||\     _   "
"  ( }    \||D    '   '     '   C||/    { %  "
" | /\__,=_[_]   '  .   . '       [_]_=,__/\ |"
" |_\_  |----|                    |----|  _/_|"
" |  |/ |    |                    |    | \|  |"
" |  /_ |    |                    |    | _\  |"

	It is all fun and games until someone gets hacked!

pikpikcu

#!/bin/bash

#####
#
# St8out - Extra one-liner for reconnaissance
#
# Usage: ./st8out.sh target.com
#
# Resources:
# - https://github.com/j3ssie/metabigor