Skip to content

Instantly share code, notes, and snippets.

Avatar
🐰

xpn xpn

🐰
View GitHub Profile
View keybase.md

Keybase proof

I hereby claim:

  • I am xpn on github.
  • I am xpn (https://keybase.io/xpn) on keybase.
  • I have a public key whose fingerprint is 6822 0B71 BB92 8ABC 8171 4C0F 6B0B E64F 9AF4 238C

To claim this, I am signing this object:

@xpn
xpn / gist:8640962
Created Jan 26, 2014
Metasploit capture/mssql .Net Client
View gist:8640962
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Data;
using System.Data.SqlClient;
namespace metasploit_sql_test
{
View fuzzme.c
#include <stdio.h>
#include <fcntl.h>
#include <unistd.h>
#include <string.h>
void print_success(void *input) {
if (*(char *)(input+1) == 'Y') {
printf("GOT: %s\n", input);
return;
}
View bigpicture-exploit.py
from pwn import *
import struct
WIDTH = 1
HEIGHT = 1000000
LOCAL = False
if LOCAL:
FREE_HOOK_OFFSET = -1230952
@xpn
xpn / wannacry_file_extensions.txt
Created May 12, 2017
A list of file extensions searched and encrypted by the WannaCry ransomware
View wannacry_file_extensions.txt
.der
.pfx
.key
.crt
.csr
.p12
.pem
.odt
.ott
.sxw
@xpn
xpn / apt33_dropshot_decoder.py
Created Sep 20, 2017
IDAPython encrypted string decoder for DROPSHOT - APT33
View apt33_dropshot_decoder.py
import idc
import idaapi
from idautils import *
decryptTable = 0x41BA3C
decryptTableEnd = 0x41BA77
decryptFunction = 0x4012A0
# Get the translation table
bytes = idaapi.get_many_bytes(decryptTable, decryptTable-decryptTableEnd)
@xpn
xpn / jenkins_passwords.rb
Created Oct 15, 2017
Recover jenkins credentials in meterpreter
View jenkins_passwords.rb
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'nokogiri'
require 'digest'
require 'openssl'
require 'base64'
View pipe_jmp_call_additive.py
# r2pipe script using ESIL to decode the msfvenom jmp_call_additive XOR encoder
import r2pipe
import sys
def dump(addr):
pass
def startEsil():
r.cmd('e io.cache=true')
View tc_ioctl_open_test_poc.py
#!/usr/bin/env python
import sys
from ctypes import *
FILE_DEVICE_UNKNOWN = 0x00000022
METHOD_BUFFERED = 0
FILE_ANY_ACCESS = 0
TC_MAX_PATH = 260