Hugo Caron y0ug

## password_set.sh
#!/bin/bash
# 2014-09-20 12:26 CEST
# y0ug

USERNAME=${1-y0ug}
IP=$(ip addr show dev eth0 | sed -nr 's/.*inet ([^/]+).*/\1/p')
GPG_KEYID=0x72F6A9E3
ROOT_PASSWD=$(apg -m32 -n1)
USER_PASSWD=$(apg -m32 -n1)
echo "root:$ROOT_PASSWD" | chpasswd

## SafeArrayRedim.cpp
/*
 * reversed SafeArrayRedim() in oldaut32.dll (Windows XP)
 * for CVE-2014-6332
 */

typedef struct tagSAFEARRAY
{
	USHORT         cDims;         // number of dimensions
	USHORT         fFeatures;     // type of elements
	ULONG          cbElements;    // byte size per element

## cve-2014-6332_win7_ie11_poc.html
<html>
<head>
<!--
CVE-2014-6332 PoC to get meterpreter shell or bypass IE protected mode
- Tested on IE11 + Windows 7 64-bit

References:
- original PoC - http://www.exploit-db.com/exploits/35229/
- http://blog.trendmicro.com/trendlabs-security-intelligence/a-killer-combo-critical-vulnerability-and-godmode-exploitation-on-cve-2014-6332/
- http://security.coverity.com/blog/2014/Nov/eric-lippert-dissects-cve-2014-6332-a-19-year-old-microsoft-bug.html

## rsabd.py
#!/usr/bin/env python

import sys
import gmpy

import curve25519

from struct import pack
from hashlib import sha256
from binascii import hexlify, unhexlify

## gpgmutt.md

      
              1 file
            
          
              26 forks
            
          
              9 comments
            
          
              225 stars
            
          
                bnagy
                / gpgmutt.md
            
            
              Last active
              July 7, 2024 08:18
            
              
                Mutt, Gmail and GPG
              
          
    GPG / Mutt / Gmail

About

This is a collection of snippets, not a comprehensive guide. I suggest you start with Operational PGP.
Here is an incomplete list of things that are different from other approaches:

I don't use keyservers. Ever.
Yes, I use Gmail instead of some bespoke hipster freedom service


## JavaScript RAT
## uploaded by @JohnLaTwC
## sample hash: 1d37e2a657ccc595c7a5544df6fd2d35739455f3fdbc2d2700835873130befde
<html>
<head>
<script language="JScript">
window.resizeTo(1, 1);
window.moveTo(-2000, -2000);
window.blur();

try

## RDP_Eavesdropping_Hijacking
RDP Eavesdropping and Hijacking
*******************************
I spent some time this evening looking at ways to eavesdrop and hijack RDP sessions.  Here is a gist of (semi) interesting findings
that is not very new...

===========
Inspiration
===========
As you may already know...

## bountyscan_setup.sh
#!/bin/bash
export DEBIAN_FRONTEND=noninteractive;
echo "[*] Starting Install... [*]"
echo "[*] Upgrade installed packages to latest [*]"
echo -e "\nRunning a package upgrade...\n"
apt-get -qq update && apt-get -qq dist-upgrade -y
apt full-upgrade -y
apt-get autoclean

echo "[*] Install stuff I use all the time [*]"

## gist:9300f5f9276b2df884c80da3e2c54ffc

      
              1 file
            
          
              1 fork
            
          
              3 comments
            
          
              11 stars
            
          
                gasolin
                / gist:9300f5f9276b2df884c80da3e2c54ffc
            
            
              Last active
              July 15, 2023 10:13
            
              
                Install Android Simulator
              
          
    Install Android SDK on macOS

Install homebrew https://brew.sh/

brew cask install adoptopenjdk8
brew cask install android-sdk


## short-wordlist.txt
/.s3cfg
/phpunit.xml
/nginx.conf
/.vimrc
/LICENSE.md
/yarn.lock
/Gulpfile
/Gulpfile.js
/composer.json
/.npmignore
	#!/bin/bash
	# 2014-09-20 12:26 CEST
	# y0ug

	USERNAME=${1-y0ug}
	IP=$(ip addr show dev eth0 \| sed -nr 's/.inet ([^/]+)./\1/p')
	GPG_KEYID=0x72F6A9E3
	ROOT_PASSWD=$(apg -m32 -n1)
	USER_PASSWD=$(apg -m32 -n1)
	echo "root:$ROOT_PASSWD" \| chpasswd
	/*
	* reversed SafeArrayRedim() in oldaut32.dll (Windows XP)
	* for CVE-2014-6332
	*/

	typedef struct tagSAFEARRAY
	{
	USHORT cDims; // number of dimensions
	USHORT fFeatures; // type of elements
	ULONG cbElements; // byte size per element
	<html>
	<head>
	<!--
	CVE-2014-6332 PoC to get meterpreter shell or bypass IE protected mode
	- Tested on IE11 + Windows 7 64-bit

	References:
	- original PoC - http://www.exploit-db.com/exploits/35229/
	- http://blog.trendmicro.com/trendlabs-security-intelligence/a-killer-combo-critical-vulnerability-and-godmode-exploitation-on-cve-2014-6332/
	- http://security.coverity.com/blog/2014/Nov/eric-lippert-dissects-cve-2014-6332-a-19-year-old-microsoft-bug.html
	#!/usr/bin/env python

	import sys
	import gmpy

	import curve25519

	from struct import pack
	from hashlib import sha256
	from binascii import hexlify, unhexlify
	## uploaded by @JohnLaTwC
	## sample hash: 1d37e2a657ccc595c7a5544df6fd2d35739455f3fdbc2d2700835873130befde
	<html>
	<head>
	<script language="JScript">
	window.resizeTo(1, 1);
	window.moveTo(-2000, -2000);
	window.blur();

	try
	RDP Eavesdropping and Hijacking
	*******************************
	I spent some time this evening looking at ways to eavesdrop and hijack RDP sessions. Here is a gist of (semi) interesting findings
	that is not very new...

	===========
	Inspiration
	===========
	As you may already know...
	#!/bin/bash
	export DEBIAN_FRONTEND=noninteractive;
	echo "[] Starting Install... []"
	echo "[] Upgrade installed packages to latest []"
	echo -e "\nRunning a package upgrade...\n"
	apt-get -qq update && apt-get -qq dist-upgrade -y
	apt full-upgrade -y
	apt-get autoclean

	echo "[] Install stuff I use all the time []"
	/.s3cfg
	/phpunit.xml
	/nginx.conf
	/.vimrc
	/LICENSE.md
	/yarn.lock
	/Gulpfile
	/Gulpfile.js
	/composer.json
	/.npmignore