Install the CodeQL extension and configure the CLI!
This is not strictly mandatory, but you probably want something like this:
buherator v-p-b
v-p-b
/ exchange-ssrf-fileleak.py
Last active
December 7, 2023 20:13
ZDI-CAN-22101 / ZDI-23-1581 - Exchange SSRF PoC exploit with response retrieval for Burp Suite
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| from burp import IBurpExtender | |
| from burp import IHttpListener | |
| import json | |
| # ZDI-CAN-22101 / ZDI-23-1581 - Exchange SSRF PoC exploit with response retrieval for Burp Suite | |
| # by buherator, original research by Piotr Bazydło (@chudypb) | |
| # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import csv | |
| import sys | |
| import tabulate # https://pypi.org/project/tabulate/ | |
| with open(sys.argv[1], newline='') as csvfile: | |
| reader = csv.DictReader(csvfile) | |
| print(tabulate.tabulate(reader, tablefmt="textile", headers="keys")) |
v-p-b
/ kaitai-dump-offsets.py
Created
April 16, 2023 10:34
Dump substructure offsets from objects parsed by Kaitai Struct
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This function recurively traverses a KaitaiStruct objects and dumps the offsets of the substructures encountered. | |
| # | |
| # This is similar to how the WebIDE points you to specific substructers in the parsed tree when you click on some | |
| # byte in the hex editor. | |
| # Unfortunately I couldn't use any IDE tools for this capability, because [JavaScript sucks](https://github.com/kaitai-io/kaitai_struct/issues/183) | |
| # You should generate the Kaitai parser with the `--read-pos` command line option | |
| # The behavior is documented with this issue: https://github.com/kaitai-io/kaitai_struct/issues/331 | |
| import string |
v-p-b
/ xkcd-mi-lenne-ha-bugz.txt
Last active
December 4, 2022 10:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Randall Munroe - Mi lenne, ha? | |
| ISBN: 978-963-293-368-9 | |
| Athenaeum Kiadó, 2014. | |
| Változatlan utánnyomás, 2 | |
| Felelős szerkesztő: Kónya Orsolya | |
| Felelős vezető: Tóth Béláné | |
| Fordította: Varga Krisztina | |
| 16. oldal: "A rejtélyes [csen]d bizonyára megzavarná őket" | |
| Typo |
v-p-b
/ 55862-2102-EVC.py.b64
Created
March 11, 2021 21:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aW1wb3J0IHJlcXVlc3RzCmZyb20gdXJsbGliMy5leGNlcHRpb25zIGltcG9ydCBJbnNlY3VyZVJl | |
| cXVlc3RXYXJuaW5nCmltcG9ydCByYW5kb20KaW1wb3J0IHN0cmluZwppbXBvcnQgc3lzCgoKZGVm | |
| IGlkX2dlbmVyYXRvcihzaXplPTYsIGNoYXJzPXN0cmluZy5hc2NpaV9sb3dlcmNhc2UgKyBzdHJp | |
| bmcuZGlnaXRzKToKICAgIHJldHVybiAnJy5qb2luKHJhbmRvbS5jaG9pY2UoY2hhcnMpIGZvciBf | |
| IGluIHJhbmdlKHNpemUpKQoKaWYgbGVuKHN5cy5hcmd2KSA8IDI6CglwcmludCgiVXNhZ2U6IHB5 | |
| dGhvbiBQb0MucHkgPHRhcmdldD4gPGVtYWlsPiIpCglwcmludCgiRXhhbXBsZTogcHl0aG9uIFBv | |
| Qy5weSBtYWlsLmV2aWwuY29ycCBoYXhvckBldmlsLmNvcnAiKQoJZXhpdCgpCnJlcXVlc3RzLnBh | |
| Y2thZ2VzLnVybGxpYjMuZGlzYWJsZV93YXJuaW5ncyhjYXRlZ29yeT1JbnNlY3VyZVJlcXVlc3RX | |
| YXJuaW5nKQp0YXJnZXQgPSBzeXMuYXJndlsxXQplbWFpbCA9IHN5cy5hcmd2WzJdCnJhbmRvbV9u | |
| YW1lID0gaWRfZ2VuZXJhdG9yKDMpICsgIi5qcyIKdXNlcl9hZ2VudCA9ICJNb3ppbGxhLzUuMCAo |
v-p-b
/ call_tree_strings.py
Created
October 4, 2020 18:49
Stupid little Ghidra script to find identifiable strings referenced from a function or its descendants
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Stupid little script to find identifiable strings referenced from a function or its descendants | |
| #@author buherator | |
| #@category Test | |
| #@keybinding | |
| #@menupath | |
| #@toolbar | |
| from ghidra.util.task import TaskMonitor | |
| from docking.widgets import OptionDialog | |
| from ghidra.program.model.symbol import RefType |
v-p-b
/ CodeQL_Workspace_without_starter.md
Last active
July 25, 2020 20:26
Setting up a CodeQL workspace without the starter repository
v-p-b
/ Ghidra_Decompiler_Notes.md
Last active
June 27, 2020 19:33
My current target uses a deterministic pattern when calling C++ constructors, so I can use the CFG to identify object instantiation. Here are my notes about how to use Ghidra's decompiler to get the sizes of objects to be created:
We can use the parameter of operator_new() to find the size of the objects. Instead of parsing the instructions of the relevant basic blocks (and hoping that we don't run into some unexpected instruction sequences generated by the compiler) we can use the decompiler to get the association between the call to operator_new() and its parameter.
Ghidra/Features/Decompiler/ghidra_scripts/ShowCCallsScript.java contains a nice example of how to use the Decompiler API. First, an instance of DecompInterface must be created, as shown in setUpDecompiler(). Note that this method doesn't call openProgram() on the returned DecomInterface object, that is necessary to run decompilation! The decompileFunction() method works as expected - the returned DecompileResults object con
v-p-b
/ AV2019.txt
Last active
March 5, 2021 16:31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://seclists.org/fulldisclosure/2019/Aug/1 | |
| https://medium.com/tenable-techblog/comodo-from-sandbox-to-system-cve-2019-3969-b6a34cc85e67 | |
| https://blog.silentsignal.eu/2019/06/24/self-defenseless-exploring-kasperskys-local-attack-surface/ | |
| https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-Escalation-to-SYSTEM | |
| https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM | |
| https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM | |
| http://rce4fun.blogspot.com/2019/08/comodo-antivirus-sandbox-race-condition.html | |
| https://medium.com/bugbountywriteup/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968 | |
| https://posts.specterops.io/cve-2019-12757-local-privilege-escalation-in-symantec-endpoint-protection-1f7fd5c859c6 | |
| https://nafiez.github.io/security/poc/2019/11/22/POC-conference-present.html |
v-p-b
/ S2_Jasper_RCE.jrxml
Created
December 6, 2018 15:14
JasperReports Remote Code Execution with a single .JRXML file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE jasperReport PUBLIC "-//JasperReports//DTD Report Design//EN" "http://jasperreports.sourceforge.net/dtds/jasperreport.dtd"> | |
| <jasperReport name="FirstJasper" columnCount="2" pageWidth="595" pageHeight="842" columnWidth="270" columnSpacing="15" leftMargin="20" rightMargin="20" topMargin="30" bottomMargin="30"> | |
| <style name="Arial_Normal" isDefault="true" fontName="Arial" fontSize="8" isBold="false" isItalic="false" isUnderline="false" isStrikeThrough="false" pdfFontName="Helvetica" pdfEncoding="Cp1252" isPdfEmbedded="false"/> | |
| <style name="Arial_Bold" isDefault="false" fontName="Arial" fontSize="8" isBold="true" isItalic="false" isUnderline="false" isStrikeThrough="false" pdfFontName="Helvetica-Bold" pdfEncoding="Cp1252" isPdfEmbedded="false"/> | |
| <style name="Arial_Italic" isDefault="false" fontName="Arial" fontSize="8" isBold="false" isItalic="true" isUnderline="false" isStrikeThrough="false" pdfFontName="Helvetica-Oblique" pdfEncoding="Cp1252" isPdfEmbedded="fa |
NewerOlder