I hereby claim:
- I am zeroSteiner on github.
- I am zerosteiner (https://keybase.io/zerosteiner) on keybase.
- I have a public key whose fingerprint is BD67 B5AC B947 C9D7 3035 9ECD C00D 6B6A A5E1 5412
To claim this, I am signing this object:
Spencer McIntyre zeroSteiner
zeroSteiner
/ x86_kernel_ret.asm
Created
February 10, 2015 16:15
x86 Kernel Return to nt!KiSystemServicePostCall
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [BITS 32] | |
| ; This shellcode is meant to be executed in the kernel just after the token has | |
| ; been stolen. It walks up the stack looking for the first frame which returns | |
| ; to userland and returns into the one just before it. This is presumably | |
| ; nt!KiSystemServicePostCall which will clean up the operation before returning | |
| ; to userland. | |
| ; This shell code clobbers ecx, ebx and sets eax to 0 for the return value. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| # | |
| # tools/cli_mailer.py | |
| # | |
| # Redistribution and use in source and binary forms, with or without | |
| # modification, are permitted provided that the following conditions are | |
| # met: | |
| # | |
| # * Redistributions of source code must retain the above copyright |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require "json" | |
| require "rex/ui" | |
| module Msf | |
| class Plugin::ModuleSuggestor < Msf::Plugin | |
| class ModuleSuggestorCommandDispatcher | |
| include Msf::Ui::Console::CommandDispatcher | |
| def name | |
| "Module Suggestor" |
zeroSteiner
/ safeseh_inspect.py
Created
December 16, 2014 18:20
Safe Exception Handler Analysis Tool
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| # | |
| # safeseh_inspect.py | |
| # | |
| # Copyright 2014 Spencer McIntyre | |
| # | |
| # Redistribution and use in source and binary forms, with or without | |
| # modification, are permitted provided that the following conditions are | |
| # met: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import base64 | |
| import hashlib | |
| import hmac | |
| host_id = '11111111-2222-3333-4444-555555555555' | |
| host_secret_hash = 'hmac:TI/gifEUGbMsEhiZSLY0PcTX4xyPzpvcb7b6seOhOYc=' | |
| secret_pin = '123456' | |
| if 'hmac:' + base64.b64encode(hmac.new(host_id, secret_pin, hashlib.sha256).digest()) == host_secret_hash: | |
| print('[+] secret hashes match!') |
zeroSteiner
/ _msfconsole
Last active
February 22, 2023 10:09
ZSH completions for Metasploit Utilities
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #compdef msfconsole | |
| # ------------------------------------------------------------------------------ | |
| # Copyright (c) 2014 Spencer McIntyre | |
| # All rights reserved. | |
| # | |
| # Redistribution and use in source and binary forms, with or without | |
| # modification, are permitted provided that the following conditions are met: | |
| # * Redistributions of source code must retain the above copyright | |
| # notice, this list of conditions and the following disclaimer. | |
| # * Redistributions in binary form must reproduce the above copyright |
zeroSteiner
/ meterpreter_patch_check.md
Last active
August 29, 2015 14:01
Meterpreter Check If A Patch Is Installed
Drop into IRB:
meterpreter > irb
[*] Starting IRB shell
[*] The 'client' variable holds the meterpreter client
>>
Then paste in the following, replacing the KB identifiers at the end with the desired ones.
zeroSteiner
/ jarvis.py
Last active
November 7, 2017 20:55
Jarvis is a module which provides easy access to convenience functions.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| # | |
| # jarvis.py | |
| # | |
| # Redistribution and use in source and binary forms, with or without | |
| # modification, are permitted provided that the following conditions are | |
| # met: | |
| # | |
| # * Redistributions of source code must retain the above copyright |
zeroSteiner
/ disable_emet.asm
Created
October 14, 2013 15:50
This stub will cripple EMET 4.0 by setting the ExploitAction to AuditOnly and configuring it to not log events. The api_call function originated from Stephen Fewer.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [BITS 32] | |
| ; This stub will cripple EMET 4.0 by setting the ExploitAction to AuditOnly | |
| ; and configuring it to not log events. The api_call function originated from | |
| ; Stephen Fewer. | |
| global _start | |
| _start: | |
| xor ebx,ebx ; Zero EBX |