securitytube
/ DllMainThread.c
Created
November 1, 2014 11:10
Launch Shellcode as a Thread via DllMain rather than a new process
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Dll Hijacking via Thread Creation | |
| // Author - Vivek Ramachandran | |
| // Learn Pentesting Online -- http://PentesterAcademy.com/topics and http://SecurityTube-Training.com | |
| // Free Infosec Videos -- http://SecurityTube.net | |
| #include <windows.h> | |
| #define SHELLCODELEN 2048 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import base64 | |
| import json | |
| from Crypto.Cipher import AES | |
| from phpserialize import loads | |
| def decrypt(payload): | |
| data = json.loads(base64.b64decode(payload)) |
cutaway
/ extract_java_server_faces_viewstate.py
Last active
June 25, 2021 08:39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| Name: extract_java_server_faces_viewstate | |
| Purpose: Extract and parse the Java Server Faces viewstate | |
| Date: 20150620 | |
| Author: Don C. Weber (@cutaway) of InGuardians, Inc. | |
| Resources: | |
| http://wiki.apache.org/myfaces/Secure_Your_Application |
Manouchehri
/ EXT0BB6Q.bin.r2.strings.txt
Created
October 27, 2015 17:57
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0x0 16 15 SAMSUNG_SSD_BIN | |
| 0x10 20 19 0.01STH00001OEM_GEN | |
| 0x2c 14 13 2013121819:43 | |
| 0x579 8 7 pG\vIHh | |
| 0x59b 16 15 pG\a pG\b pG\t pG | |
| 0x5ae 7 6 P \nJQh | |
| 0x689 5 4 pG@ | |
| 0x6b2 5 4 LF3H | |
| 0x6f8 5 4 "H80 | |
| 0x750 7 6 H\a\fI\f9 |
babldev
/ decode_flask_cookie.py
Last active
December 15, 2023 12:02
Decode a Flask Session cookie, given the cookie and secret key
Tosyn
/ phalconphp_php7_ubuntu_16_04.sh
Last active
October 28, 2021 10:43
PhalconPhp with PHP7 Installation on Ubuntu 16.04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # PhalconPhp with PHP7 installation on ubuntu:16.04 | |
| sudo apt-get update | |
| sudo apt-get install -y php7.0-fpm \ | |
| php7.0-cli \ | |
| php7.0-curl \ | |
| php7.0-gd \ |
andrewgross
/ travis_webhook_checker.py
Last active
November 5, 2020 15:10
Django View to check travis CI webhook signatures. Requires Django, python-requests and pyOpenSSL packages
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| from __future__ import unicode_literals | |
| import base64 | |
| import json | |
| import logging | |
| from urlparse import parse_qs | |
| import requests |
ngaro
/ dirty_passwd_adjust_cow.c
Last active
June 12, 2024 22:19
A dirty cow exploit that automatically finds the current user in passwd and changes it's uid to 0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <sys/mman.h> | |
| #include <fcntl.h> | |
| #include <pthread.h> | |
| #include <unistd.h> | |
| #include <sys/stat.h> | |
| #include <string.h> | |
| #include <stdint.h> | |
| #include <stdlib.h> | |
| #include <sys/types.h> |
c3c
/ redis-lua-linux-x86-poc.py
Created
February 24, 2017 09:29
Redis Lua 5.1 sandbox escape 32-bit Linux exploit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Redis Lua 5.1 sandbox escape 32-bit Linux exploit | |
| ## Original exploit by corsix and sghctoma | |
| ## Author: @c3c | |
| ## It's possible to abuse the Lua 5.1 sandbox to obtain RCE by loading modified bytecode | |
| ## This concept is fully explained on corsix' gist at https://gist.github.com/corsix/6575486 | |
| ## This version uses pieces of the 32-bit Windows exploit made by corsix and the 64-bit Linux exploit made by sghctoma; as expected, a few offsets were different | |
| ## sghctoma's exploit uses the arbitrary memory read to leak pointers to libc and find the address of "system" http://paper.seebug.org/papers/Security%20Conf/Defcon/2015/DEFCON-23-Tamas-Szakaly-Shall-We-Play-A-Game.pdf | |
| ## This code is much the same, except the process is done using pwntools' DynELF | |
| ## Furthermore, attempting to leak addresses in libc appears to cause segfaults on my 32-bit Linux, in which case, you will need to obtain the remote libc version |
jacefreeman
/ gist:a83d0e95ce1c1dc949fe72284d04f265
Created
April 14, 2017 00:34
Vyos OpenVPN Client Configuration for ExpressVPN
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Download the OVPN file from ExpressVPN for the server you wish to access https://www.expressvpn.com/setup#manual | |
| # Create files for certs and keys, use vi or nano, example is vi | |
| cd /config/auth | |
| sudo vi ca.cert | |
| # type i and paste in your client certificate after <cert> up to </cert> | |
| # type :wq | |
| sudo vi cert.crt | |
| # type i and paste in your certificate authority after <ca> up to </ca> |