This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Checks system calls for command injection patterns | |
#@author | |
#@category HackOvert | |
#@keybinding | |
#@menupath | |
#@toolbar | |
from ghidra.app.decompiler import DecompileOptions | |
from ghidra.app.decompiler import DecompInterface | |
from ghidra.program.model.pcode import Varnode |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
from __future__ import print_function | |
import sys | |
import os | |
import re | |
import ctypes | |
import argparse | |
ulseek = ctypes.cdll['libc.so.6'].lseek | |
ulseek.restype = ctypes.c_uint64 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.IO; | |
using System.IO.Compression; | |
using System.Text; | |
using System.Collections.Generic; | |
using System.Configuration.Install; | |
using System.Runtime.InteropServices; | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// WCTF 2018 "searchme" task exploit | |
// | |
// Author: Mateusz "j00ru" Jurczyk | |
// Date: 6 July 2018 | |
// Tested on: Windows 10 1803 (10.0.17134.165) | |
// | |
// See also: https://j00ru.vexillium.org/2018/07/exploiting-a-windows-10-pagedpool-off-by-one/ | |
#include <Windows.h> | |
#include <winternl.h> | |
#include <ntstatus.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
Gets a PowerShell Credential (PSCredential) from the Windows Credential Manager | |
.DESCRIPTION | |
This module will return a [PSCredential] object from a credential stored in Windows Credential Manager. The | |
Get-StoredCredential function can only access Generic Credentials. | |
Alias: GSC |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# x0rg - Xorg Local Root Exploit | |
# Released under the Snitches Get Stitches Public Licence. | |
# props to prdelka / fantastic for the shadow vector. | |
# Gr33tz to everyone in #lizardhq and elsewhere <3 | |
# ~infodox (25/10/2018) | |
# FREE LAURI LOVE! | |
echo "x0rg" | |
echo "[+] First, we create our shell and library..." | |
cat << EOF > /tmp/libhax.c |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
Gets a PowerShell Credential (PSCredential) from the Windows Credential Manager | |
.DESCRIPTION | |
Adapted from: http://stackoverflow.com/questions/7162604/get-cached-credentials-in-powershell-from-windows-7-credential-manager | |
.PARAMETER TargetName | |
The name of the target login informations in the Windows Credential Manager |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# general | |
alias aws.whoami='aws iam get-user --query User.Arn --output text' | |
alias az.whoami='az ad signed-in-user show --query userPrincipalName --output tsv' | |
# In ~/.aws/credencials|config leave [default] profile empty and name it each one of it so `aws-env -l` can list all of them | |
# aws.profile # show current profile | |
# aws.profile profile-name # set profile name | |
# Double tab completion works | |
aws.profile () | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from ghidra.app.emulator import EmulatorHelper | |
from ghidra.program.model.symbol import SymbolUtilities | |
# Tested with Ghidra v9.1 and v9.1.1, future releases are likely to simplify | |
# and/or expand the EmulatorHelper class in the API. | |
# == Helper functions ====================================================== | |
def getAddress(offset): | |
return currentProgram.getAddressFactory().getDefaultAddressSpace().getAddress(offset) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#-*- coding:utf-8 -*- | |
''' | |
DEF CON 2017 Quals - Godzilla (Reverse) | |
Timing attack on RSA decryption. | |
Based on http://www.cs.jhu.edu/~fabian/courses/CS600.624/Timing-full.pdf | |
Another solutions: | |
https://gist.github.com/nneonneo/367240ae2d8e705bb9173a49a7c8b0cd by b2xiao | |
https://gist.github.com/Riatre/caac24840b176cf843b3f66ad9a5eeaf by riatre |