luca-m

# A shortcut function that simplifies usage of xclip.
# - Accepts input from either stdin (pipe), or params.
# ------------------------------------------------
cb() {
  local _scs_col="\e[0;32m"; local _wrn_col='\e[1;31m'; local _trn_col='\e[0;33m'
  # Check that xclip is installed.
  if ! type xclip > /dev/null 2>&1; then
    echo -e "$_wrn_col""You must have the 'xclip' program installed.\e[0m"
  # Check user is not root (root doesn't have access to user xorg server)
  elif [[ "$USER" == "root" ]]; then

luca-m

#!/usr/bin/env python

# This software is Copyright (c) 2012-2013 Dhiru Kholia <dhiru at openwall.com>
# and is licensed under the same license as used by the OleFileIO_PL library,
# which is included below.

# olefile (formerly OleFileIO_PL) version 0.41 2014-11-25
#
# Module to read/write Microsoft OLE2 files (also called Structured Storage or
# Microsoft Compound Document File Format), such as Microsoft Office 97-2003

luca-m

# https://blogs.msdn.microsoft.com/benjaminperkins/2017/04/03/dumping-modules-from-a-memory-dump-for-decompilation/

.load C:\Program Files\dotnet\shared\Microsoft.NETCore.App\2.0.5\sos.dll

!for_each_module .if ($spat ("${@#ImageName}","*.exe")) { !SaveModule ${@#Base} D:\MemoryDumps\anything\exes\${@#ModuleName}.exe } .else { !SaveModule ${@#Base} D:\MemoryDumps\anything\dlls\${@#ModuleName}.dll }

luca-m

# @Fumik0_
# Lazy batch deobfuscator
# https://twitter.com/fumik0_/status/1043407064188506112
 
import re
 
def show_me(value,alph):
  command = ''
  tokens = re.findall('\d+,\d+',value)
  for i in tokens:

luca-m

 alias stats='sort | uniq -c| sort -n | sed "s/^\s+//g"'
 alias histo='while read n d; do (printf "%s\t%$((n/3))s\n" "$d" = | tr ' ' '=' ); done' 

luca-m

function checkIPrange(){
    START_IP=$(sipcalc $1 | grep "Usable range" | cut -f3 | tr "-" "\t" | cut -f2)
    END_IP=$(sipcalc $1 | grep "Usable range" | cut -f3 | tr "-" "\t" | cut -f3)
    echo "[+] Start: " $START_IP
    echo "[+] End: " $END_IP
    sudo systemctl start tor
    proxychains -q curl -s https://check.torproject.org/ | grep "Congratulations. This browser is configured to use Tor" >/dev/null
    if [ $? -ne 0 ]; then
        echo "No Tor!"
        return 1;

luca-m

#!/usr/bin/env python
# coding: UTF-8
# Adobe Flash versions 28.0.0.137 and below remote code execution proof of concept exploit.
# https://packetstormsecurity.com/files/147041/Adobe-Flash-28.0.0.137-Remote-Code-Execution.html
import BaseHTTPServer
import sys
from SimpleHTTPServer import SimpleHTTPRequestHandler

print "@Syfi2k"
print "[+] https://cxsecurity.com/issue/WLB-2018040041 "

luca-m

# Author: Matt Graeber, SpecterOps
ls C:\* -Recurse -Include '*.exe', '*.dll' -ErrorAction SilentlyContinue | % {
    try {
        $Assembly = [Reflection.Assembly]::ReflectionOnlyLoadFrom($_.FullName)

        if ($Assembly.GetReferencedAssemblies().Name -contains 'System.Management.Automation') {
            $_.FullName
        }
    } catch {}
}

luca-m

#!/bin/bash
## Credits: https://github.com/4shadoww

mkdir dump-cache
rm dump-cache/*.dump
grep rw-p /proc/$1/maps | sed -n 's/^\([0-9a-f]*\)-\([0-9a-f]*\) .*$/\1 \2/p' | while read start stop; do gdb --batch --pid $1 -ex "dump memory dump-cache/$1-$start-$stop.dump 0x$start 0x$stop"; done
cat dump-cache/*.dump > $1-dump

luca-m

syntax match nonascii "[^\x00-\x7F]"
highlight nonascii guibg=Red ctermbg=2 termbg=2