This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import svgwrite | |
import volatility.conf as conf | |
import volatility.registry as registry | |
import volatility.plugins.volshell as shell | |
registry.PluginImporter() | |
config = conf.ConfObject() | |
import volatility.commands as commands | |
import volatility.addrspace as addrspace | |
import volatility.utils as utils | |
registry.register_global_options(config, commands.Command) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.IO; | |
using System.IO.Compression; | |
using System.Text; | |
using System.Collections.Generic; | |
using System.Configuration.Install; | |
using System.Runtime.InteropServices; | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# | |
# Title: lookupadmins.py | |
# Author: @ropnop | |
# Description: Python script using Impacket to query members of the builtin Administrators group through SAMR | |
# Similar in function to Get-NetLocalGroup from Powerview | |
# Won't work against Windows 10 Anniversary Edition unless you already have local admin | |
# See: http://www.securityweek.com/microsoft-experts-launch-anti-recon-tool-windows-10-server-2016 | |
# | |
# Heavily based on original Impacket example scripts written by @agsolino and available here: https://github.com/CoreSecurity/impacket |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Domain: TEST.local | |
User Enumeration: | |
Windows: | |
net user | |
net user /domain | |
net user [username] | |
net user [username] /domain | |
wmic useraccount | |
Mac: | |
dscl . ls /Users |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
a4b.amazonaws.com | |
access-analyzer.amazonaws.com | |
account.amazonaws.com | |
acm-pca.amazonaws.com | |
acm.amazonaws.com | |
airflow-env.amazonaws.com | |
airflow.amazonaws.com | |
alexa-appkit.amazon.com | |
alexa-connectedhome.amazon.com | |
amazonmq.amazonaws.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Net; | |
using System.Diagnostics; | |
using System.Reflection; | |
using System.Configuration.Install; | |
using System.Runtime.InteropServices; | |
/* | |
Author: Casey Smith, Twitter: @subTee | |
License: BSD 3-Clause |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// WCTF 2018 "searchme" task exploit | |
// | |
// Author: Mateusz "j00ru" Jurczyk | |
// Date: 6 July 2018 | |
// Tested on: Windows 10 1803 (10.0.17134.165) | |
// | |
// See also: https://j00ru.vexillium.org/2018/07/exploiting-a-windows-10-pagedpool-off-by-one/ | |
#include <Windows.h> | |
#include <winternl.h> | |
#include <ntstatus.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# x0rg - Xorg Local Root Exploit | |
# Released under the Snitches Get Stitches Public Licence. | |
# props to prdelka / fantastic for the shadow vector. | |
# Gr33tz to everyone in #lizardhq and elsewhere <3 | |
# ~infodox (25/10/2018) | |
# FREE LAURI LOVE! | |
echo "x0rg" | |
echo "[+] First, we create our shell and library..." | |
cat << EOF > /tmp/libhax.c |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from ghidra.app.emulator import EmulatorHelper | |
from ghidra.program.model.symbol import SymbolUtilities | |
# Tested with Ghidra v9.1 and v9.1.1, future releases are likely to simplify | |
# and/or expand the EmulatorHelper class in the API. | |
# == Helper functions ====================================================== | |
def getAddress(offset): | |
return currentProgram.getAddressFactory().getDefaultAddressSpace().getAddress(offset) |