tr4nc3
cetfor
/ SystemCallAuditor.py
Last active
December 7, 2023 17:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Checks system calls for command injection patterns | |
| #@author | |
| #@category HackOvert | |
| #@keybinding | |
| #@menupath | |
| #@toolbar | |
| from ghidra.app.decompiler import DecompileOptions | |
| from ghidra.app.decompiler import DecompInterface | |
| from ghidra.program.model.pcode import Varnode |
Ayrx
/ memdump.py
Created
April 6, 2014 05:53
— forked from ntrrgc/memdump.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from __future__ import print_function | |
| import sys | |
| import os | |
| import re | |
| import ctypes | |
| import argparse | |
| ulseek = ctypes.cdll['libc.so.6'].lseek | |
| ulseek.restype = ctypes.c_uint64 |
xorrior
/ PELoader.cs
Created
July 12, 2017 01:54
Reflective PE Loader - Compressed Mimikatz inside of InstallUtil
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.IO.Compression; | |
| using System.Text; | |
| using System.Collections.Generic; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
j00ru
/ WCTF_2018_searchme_exploit.cpp
Created
July 18, 2018 14:09
WCTF 2018 "searchme" exploit by Mateusz "j00ru" Jurczyk
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // WCTF 2018 "searchme" task exploit | |
| // | |
| // Author: Mateusz "j00ru" Jurczyk | |
| // Date: 6 July 2018 | |
| // Tested on: Windows 10 1803 (10.0.17134.165) | |
| // | |
| // See also: https://j00ru.vexillium.org/2018/07/exploiting-a-windows-10-pagedpool-off-by-one/ | |
| #include <Windows.h> | |
| #include <winternl.h> | |
| #include <ntstatus.h> |
cdhunt
/ Get-CredentialFromWindowsCredentialManager.ps1
Last active
June 1, 2023 23:48
— forked from toburger/Get-CredentialFromWindowsCredentialManager.ps1
Gets a PowerShell Credential [PSCredential] from the Windows Credential Manager. This only works for Generic Credentials.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Gets a PowerShell Credential (PSCredential) from the Windows Credential Manager | |
| .DESCRIPTION | |
| This module will return a [PSCredential] object from a credential stored in Windows Credential Manager. The | |
| Get-StoredCredential function can only access Generic Credentials. | |
| Alias: GSC |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # x0rg - Xorg Local Root Exploit | |
| # Released under the Snitches Get Stitches Public Licence. | |
| # props to prdelka / fantastic for the shadow vector. | |
| # Gr33tz to everyone in #lizardhq and elsewhere <3 | |
| # ~infodox (25/10/2018) | |
| # FREE LAURI LOVE! | |
| echo "x0rg" | |
| echo "[+] First, we create our shell and library..." | |
| cat << EOF > /tmp/libhax.c |
toburger
/ Get-CredentialFromWindowsCredentialManager.ps1
Created
June 18, 2012 08:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Gets a PowerShell Credential (PSCredential) from the Windows Credential Manager | |
| .DESCRIPTION | |
| Adapted from: http://stackoverflow.com/questions/7162604/get-cached-credentials-in-powershell-from-windows-7-credential-manager | |
| .PARAMETER TargetName | |
| The name of the target login informations in the Windows Credential Manager |
sobi3ch
/ custom-cloud-commands
Last active
February 14, 2023 23:36
whoami in az and aws cli versions + get-policy-document for aws
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # general | |
| alias aws.whoami='aws iam get-user --query User.Arn --output text' | |
| alias az.whoami='az ad signed-in-user show --query userPrincipalName --output tsv' | |
| # In ~/.aws/credencials|config leave [default] profile empty and name it each one of it so `aws-env -l` can list all of them | |
| # aws.profile # show current profile | |
| # aws.profile profile-name # set profile name | |
| # Double tab completion works | |
| aws.profile () | |
| { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from ghidra.app.emulator import EmulatorHelper | |
| from ghidra.program.model.symbol import SymbolUtilities | |
| # Tested with Ghidra v9.1 and v9.1.1, future releases are likely to simplify | |
| # and/or expand the EmulatorHelper class in the API. | |
| # == Helper functions ====================================================== | |
| def getAddress(offset): | |
| return currentProgram.getAddressFactory().getDefaultAddressSpace().getAddress(offset) |
hellman
/ rsa_timing_attack_d_Montgomery.py
Created
May 1, 2017 12:23
DEF CON 2017 Quals - Godzilla (Reverse/Crypto)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #-*- coding:utf-8 -*- | |
| ''' | |
| DEF CON 2017 Quals - Godzilla (Reverse) | |
| Timing attack on RSA decryption. | |
| Based on http://www.cs.jhu.edu/~fabian/courses/CS600.624/Timing-full.pdf | |
| Another solutions: | |
| https://gist.github.com/nneonneo/367240ae2d8e705bb9173a49a7c8b0cd by b2xiao | |
| https://gist.github.com/Riatre/caac24840b176cf843b3f66ad9a5eeaf by riatre |