Skip to content

Instantly share code, notes, and snippets.

View thomhastings's full-sized avatar

Thom Hastings thomhastings

View GitHub Profile
@9b
9b / pdf2xdp.py
Created June 16, 2012 23:11
PDF => XDP
import base64
import sys
def main():
if len(sys.argv) < 3:
sys.exit('Usage (2 arguments): %s "%s" %s' % (sys.argv[0],"malicious file","outfile"))
else:
f = open(sys.argv[1],"rb")
con = f.read()
f.close()
@stamparm
stamparm / crime.py
Created September 11, 2012 13:19 — forked from koto/crime.py
It's not a crime to build a CRIME
# This is supposedly what CRIME by Juliano Rizzo and Thai Duong will do
# Algorithm by Thomas Pornin, coding by xorninja, improved by @kkotowicz
# http://security.blogoverflow.com/2012/09/how-can-you-protect-yourself-from-crime-beasts-successor/
import string
import zlib
import sys
import random
charset = string.letters + string.digits + "%/+="
@thomhastings
thomhastings / process-permissions.bat
Created October 24, 2012 01:13
Batch Script for process permission analysis
:: process-permissions.bat
:: =======================
:: Batch Script for process permission analysis
:: by Thom Hastings ©2012 New BSD License
::
:: for reference-
:: http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/
:: TODO: http://it-ovid.blogspot.com/2012/02/windows-privilege-escalation.html
@echo off
title %username%@%userdomain% on %logonserver%\%computername% via %comspec% ~c0nS0Le
@ksoona
ksoona / ripoff-git-kali.sh
Last active December 17, 2015 23:49
how I ripped off Kali and stole all their hard work
for LINE in `curl http://git.kali.org/gitweb/?a=project_index | sort`
do
if [ ! -e "kali/`echo $LINE | awk -F. '{print $1}'`" ]
then
git clone git://git.kali.org/$LINE `echo $LINE | awk -F. '{print $1}'`
else
cd $LINE
git pull
cd ..
fi
@alexdantas
alexdantas / wget-all.sh
Created April 24, 2014 22:28
Downloads all files with a specified extension from a website
#!/usr/bin/bash
#
# wget-all: gets all files from a specified file extension
# on a remote host
function usage() {
echo 'Usage:'
echo ' $ wget-all.sh <remote-host> <filename-extension>'
echo
echo 'Example:'

radare2 is a very cool set of tools that you probably don't know how to use! Let's go through a simple exploit CTF challenge to understand how to use it for exploit development.

We'll be focusing on "ropasaurus rex" which is a simple challenge from Plaid CTF After checking out the latest and greatest radare from git, let's get started!

Open up ropasaurusrex in r2 and call analyze on the binary. We can list the functions with "afl"

@phreeza
phreeza / wedding.py
Last active July 2, 2016 16:43
A small terminal based animation I made for a friend's wedding
# This script is released 'as is' into the public domain
from math import cos,sin
import os
from time import sleep
def y(p):
return (sin(p)**3)
def x(p):
return -(13*cos(p)-5*cos(2*p)-2*cos(3*p)-cos(4*t))/16
while True:
for r in range(14):

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

# Powershell script to bypass UAC on Vista+ assuming
# there exists one elevated process on the same desktop.
# Technical details in:
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-1.html
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-2.html
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-3.html
# You need to Install-Module NtObjectManager for this to run.
Import-Module NtObjectManager
@spacepatcher
spacepatcher / Breach Compilation (1.4 billion credentials) in Postgres.md
Last active August 28, 2024 18:34
Breach Compilation (1.4 billion credentials) in Postgres.md

What would you need:

Hardware requirements