Skip to content

Instantly share code, notes, and snippets.

View Shotokhan's full-sized avatar

Marco Carlo Feliciano Shotokhan

28 followers · 28 following
View GitHub Profile
@Shotokhan
Shotokhan / ssh-ls.ps1
Created June 6, 2023 09:52
List user@host SSH saved profiles in Windows SSH config for current user
$inputData = Get-Content "C:\Users\$Env:UserName\.ssh\config"
$pattern = 'User\s+([^\s]+)|Host\s+([^\s]+)'
$reg_matches = [regex]::Matches($inputData, $pattern, 'Multiline')
$hosts = @{}
$currentHost = ""
foreach ($match in $reg_matches) {
if ($match.Groups[1].Success) {
@Shotokhan
Shotokhan / bof_cheatsheet.md
Created May 29, 2023 07:02
Buffer overflow cheatsheet for eCPPT / OSCP

Buffer overflow cheatsheet for pentesters

This will be a cheatsheet for exploitation of binary services, aimed at pentesters preparing for exams like eCPPT and OSCP (look at other resources for training about binary exploitation in general, like pwnable.kr).

BOF Windows (no protections, stack buffer overflow)

Suppose you find an open port, you don't know what service is on it but then you realize that there is a custom binary, by interacting with it with netcat. You may have obtained the binary for that service by interacting with other services (e.g., a path traversal vulnerability in a web application) or from external sources (e.g., OSINT).

Preparing a local environment for testing the service

At this point, you can't make the service crash by fuzzing it on the target server, you need a reliable exploit. So, you fire up your Windows 7 VM with debugging tools installed (Immunity with mona). You copy the binary there, open it with Immunity, then you run it (Debug -> Run).

@Shotokhan
Shotokhan / vanilla_bof.py
Created May 29, 2023 07:00
Script for exploiting (Windows) vanilla stack buffer overflows quickly (eCPPT / OSCP)
from pwn import *
import argparse
import logging
import base64
import binascii
def pattern_create(length = 8192):
pattern = ''
parts = ['A', 'a', '0']
@Shotokhan
Shotokhan / mva.py
Last active January 10, 2022 09:41
Mean Value Analysis (queuing theory) in Python, with memoization and example usage for a plot. The example is a closed network with a Exp(5) CPU and a Exp(2) I/O device; each job, after executing on the CPU, requires I/O with probability q=1/3, then it returns to CPU in any case.
import matplotlib.pyplot as plt
def draw_plots(cpu_times, IO_times):
assert len(cpu_times) == len(IO_times)
x = [i for i in range(len(cpu_times))]
ymax = max(max(cpu_times), max(IO_times))
xlabel = "Number of users"
plt.subplot(1,2,1)
plt.plot(x, cpu_times)
@Shotokhan
Shotokhan / tupling_with_Cwin.py
Created January 3, 2022 16:24
Tupling logs (temporal coalescence) in Python, with coalescence window as input
import sys
import os
def _join(ts, event):
line = f"{str(ts)} {event}"
return line
def _split(line):