Cr4sh

#!/usr/bin/env python2

'''
********************************************************************************

  AT commands fuzzer based on ATFuzzer code base.

    * https://github.com/Imtiazkarimik23/ATFuzzer
    * https://relentless-warrior.github.io/wp-content/uploads/2019/11/atfuzz.pdf

Cr4sh

function UAC-TokenMagic {
<#
.SYNOPSIS
	Based on James Forshaw's three part post on UAC, linked below, and possibly a technique
	used by the CIA!
	
	Essentially we duplicate the token of an elevated process, lower it's mandatory
	integrity level, use it to create a new restricted token, impersonate it and
	use the Secondary Logon service to spawn a new process with High IL. Like
	playing hide-and-go-seek with tokens! ;))

Cr4sh

function Masquerade-PEB {
<#
.SYNOPSIS
    Masquerade-PEB uses NtQueryInformationProcess to get a handle to powershell's
    PEB. From there itreplaces a number of UNICODE_STRING structs in memory to
    give powershell the appearance of a different process. Specifically, the
    function will overwrite powershell's "ImagePathName" & "CommandLine" in
    _RTL_USER_PROCESS_PARAMETERS and the "FullDllName" & "BaseDllName" in the
    _LDR_DATA_TABLE_ENTRY linked list.
    

Cr4sh

import sys, os, select, socket

from struct import pack, unpack
from socketserver import ThreadingMixIn, TCPServer, StreamRequestHandler
from optparse import OptionParser, make_option

from config import Conf

BUFF_SIZE = 0x1000

Cr4sh

# UPnP Port Mapper

import os
import sys
import re
import urllib2
from xml import sax
from xml.sax import handler
from xml.sax.handler import feature_namespaces
import socket

Cr4sh

#!/usr/bin/env python

###############################################################
#
#  Debug messages monitor for Qualcomm cellular modems.
#
#  This program talks to the baseband firmware over the 
#  diag protocol serial port.
#
#  Written by:

Cr4sh

[+] Opening /dev/ttyUSB1
[+] Device model: 9607.gen
[+] Revision: 100

[20.05.19/23:39:56] [0000] wmgrcore.c(274) : wmgr_reset_old_data: Client: 6, duration:917, reservation_time: 3656507, result: 2, collision_type: 0
[20.05.19/23:39:56] [000e] wtr2965_trx_wcdma_rx_class.cpp(779) : wtr2965_trx_wcdma_rx_class::set_port path 0, band 4,port 22
[20.05.19/23:39:56] [000e] wtr2965_trx_wcdma_rx_class.cpp(4097) : wtr2965_RX_gain: valid=0, st0=0, st1=1, st2=3, st3=4
[20.05.19/23:39:56] [005d] mcpm_resrc_modem_blk.c(991) : Reg Val: 65536; : Expected val: 65536; waitcount: 0; ID: 0x2
[20.05.19/23:39:56] [005d] mcpm_resrc_modem_blk.c(1749) : MCPM_MODEM_BLK: Committed MEM_SLP_CNTL 0x2, Reg states mem_slp: 0x200->0x20300 clamps: io 0x15->0x40 mem 0x1->0x2
[20.05.19/23:39:56] [000e] wtr2965_trx_wcdma_rx_class.cpp(534) : wtr2965_trx_wcdma_rx_class::set_chan is successful for RFM_DEVICE_0

Cr4sh

/*
 *********************************************************************

  Part of UEFI DXE driver code that injects Hyper-V VM exit handler
  backdoor into the Device Guard enabled Windows 10 Enterprise.
  
  Execution starts from new_ExitBootServices() -- a hook handler 
  for EFI_BOOT_SERVICES.ExitBootServices() which being called by
  winload!OslFwpKernelSetupPhase1(). After DXE phase exit winload.efi
  transfers exeution to previously loaded Hyper-V kernel (hvix64.sys)

Cr4sh

import sys, os, time
import grequests

CHECK_URL = 'http://www.google.com'
CHECK_TIMEOUT = 120
CHECK_CONNECTS = 200
VERBOSE = False

class AsyncRequest(grequests.AsyncRequest):

Cr4sh

import sys, os, socket
from struct import pack, unpack
from hexdump import hexdump

class OpenOcd:

    COMMAND_TOKEN = '\x1a'

    def __init__(self, verbose=False):