I hereby claim:
- I am zeroSteiner on github.
- I am zerosteiner (https://keybase.io/zerosteiner) on keybase.
- I have a public key whose fingerprint is BD67 B5AC B947 C9D7 3035 9ECD C00D 6B6A A5E1 5412
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
[BITS 32] | |
; This shellcode is meant to be executed in the kernel just after the token has | |
; been stolen. It walks up the stack looking for the first frame which returns | |
; to userland and returns into the one just before it. This is presumably | |
; nt!KiSystemServicePostCall which will clean up the operation before returning | |
; to userland. | |
; This shell code clobbers ecx, ebx and sets eax to 0 for the return value. |
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
# | |
# tools/cli_mailer.py | |
# | |
# Redistribution and use in source and binary forms, with or without | |
# modification, are permitted provided that the following conditions are | |
# met: | |
# | |
# * Redistributions of source code must retain the above copyright |
require "json" | |
require "rex/ui" | |
module Msf | |
class Plugin::ModuleSuggestor < Msf::Plugin | |
class ModuleSuggestorCommandDispatcher | |
include Msf::Ui::Console::CommandDispatcher | |
def name | |
"Module Suggestor" |
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
# | |
# safeseh_inspect.py | |
# | |
# Copyright 2014 Spencer McIntyre | |
# | |
# Redistribution and use in source and binary forms, with or without | |
# modification, are permitted provided that the following conditions are | |
# met: |
import base64 | |
import hashlib | |
import hmac | |
host_id = '11111111-2222-3333-4444-555555555555' | |
host_secret_hash = 'hmac:TI/gifEUGbMsEhiZSLY0PcTX4xyPzpvcb7b6seOhOYc=' | |
secret_pin = '123456' | |
if 'hmac:' + base64.b64encode(hmac.new(host_id, secret_pin, hashlib.sha256).digest()) == host_secret_hash: | |
print('[+] secret hashes match!') |
#compdef msfconsole | |
# ------------------------------------------------------------------------------ | |
# Copyright (c) 2014 Spencer McIntyre | |
# All rights reserved. | |
# | |
# Redistribution and use in source and binary forms, with or without | |
# modification, are permitted provided that the following conditions are met: | |
# * Redistributions of source code must retain the above copyright | |
# notice, this list of conditions and the following disclaimer. | |
# * Redistributions in binary form must reproduce the above copyright |
Drop into IRB:
meterpreter > irb
[*] Starting IRB shell
[*] The 'client' variable holds the meterpreter client
>>
Then paste in the following, replacing the KB identifiers at the end with the desired ones.
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
# | |
# jarvis.py | |
# | |
# Redistribution and use in source and binary forms, with or without | |
# modification, are permitted provided that the following conditions are | |
# met: | |
# | |
# * Redistributions of source code must retain the above copyright |
[BITS 32] | |
; This stub will cripple EMET 4.0 by setting the ExploitAction to AuditOnly | |
; and configuring it to not log events. The api_call function originated from | |
; Stephen Fewer. | |
global _start | |
_start: | |
xor ebx,ebx ; Zero EBX |