View mysapsso-decoder.py
#!/usr/bin/python3 | |
# mysapsso.py - Decoding MYSAPSSO2 cookies | |
import sys | |
import fileinput | |
import urllib.parse | |
import base64 | |
import binascii | |
import re | |
import struct |
View mitre_attack_oneliners.sh
# Requires: curl, jq | |
# Download MITRE ATT&CK data from GitHub repository | |
curl -o enterprise-attack.json https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json | |
# List all ATT&CK object types | |
jq -r '[ .objects[].type ] | unique | .[]' enterprise-attack.json | |
# List all ATT&CK technique identifiers | |
jq -r '[ .objects[] | select(.type == "attack-pattern") | .external_references[] | select(.source_name == "mitre-attack") | .external_id ] | sort | .[]' enterprise-attack.json |
View Kill-Ransomware.ps1
# Ransomware Killer v0.1 by Thomas Patzke <thomas@patzke.org> | |
# Kill all parent processes of the command that tries to run "vssadmin Delete Shadows" | |
# IMPORTANT: This must run with Administrator privileges! | |
Register-WmiEvent -Query "select * from __instancecreationevent within 0.1 where targetinstance isa 'win32_process' and targetinstance.CommandLine like '%vssadmin%Delete%Shadows%'" -Action { | |
# Kill all parent processes from detected vssadmin process | |
$p = $EventArgs.NewEvent.TargetInstance | |
while ($p) { | |
$ppid = $p.ParentProcessID | |
$pp = Get-WmiObject -Class Win32_Process -Filter "ProcessID=$ppid" | |
Write-Host $p.ProcessID |
View nmap-open-ports.sh
xmlstarlet sel -t -m '//port/state[@state="open"]/parent::port' -v 'ancestor::host/address/@addr' -o : -v './@portid' -n nmap-output.xml |
View proxy_http_connect-portscanner.sh
for (( p=0; p <= 65535; p++ )); do echo "Probing port $p"; echo -n "Port $p: " >> portscan.log; (echo CONNECT targethost:$p HTTP/1.1; echo) | nc -q 3 proxyhost proxyport | head -1 >> portscan.log; done |
View gist:8919230
readelf -l core | perl -ne 'if (/^\s*LOAD\s+\S+\s+(\S+)\s+\S+\s+(\S+)/) { print "printf \"=== $1 ===\\n\"\nfind $1, +$2, \"Search\"\n" }' > searchmem.gdb | |
gdb executable core < searchmem.gdb |
View .vimrc
set nocompatible | |
set rtp+=~/.vim/bundle/Vundle.vim | |
call vundle#begin() | |
Plugin 'gmarik/Vundle.vim' | |
Plugin 'tpope/vim-fugitive' | |
Plugin 'davidhalter/jedi-vim' | |
Plugin 'vim-latex/vim-latex' | |
Plugin 'vim-syntastic/syntastic' | |
Plugin 'scrooloose/nerdtree' |
View Burp-CSRFRandomName.py
from burp import (IBurpExtender, IBurpExtenderCallbacks, ISessionHandlingAction, IHttpListener) | |
import re | |
class BurpExtender(IBurpExtender, ISessionHandlingAction, IHttpListener): | |
def registerExtenderCallbacks(self, callbacks): | |
self.callbacks = callbacks | |
self.helpers = callbacks.getHelpers() | |
callbacks.setExtensionName("Handling of CSRF Tokens with Random Names") | |
self.callbacks.registerSessionHandlingAction(self) | |
self.callbacks.registerHttpListener(self) |
View CSRFToken.py
from burp import (IBurpExtender, IBurpExtenderCallbacks, ISessionHandlingAction, IHttpListener) | |
import re | |
class BurpExtender(IBurpExtender, ISessionHandlingAction, IHttpListener): | |
def registerExtenderCallbacks(self, callbacks): | |
self.callbacks = callbacks | |
self.helpers = callbacks.getHelpers() | |
callbacks.setExtensionName("Session CSRF Token Handling") | |
self.callbacks.registerSessionHandlingAction(self) | |
self.callbacks.registerHttpListener(self) |
View create_deleter.py
#!/usr/bin/python3 | |
from sys import argv, exit | |
import re | |
hashline_re = re.compile('^SHA1\((.*?)\)= (.*)$') | |
dsthashes = dict() | |
if len(argv) < 4: |
NewerOlder