mgeeky
/ shellcodediff2.py
Created
March 22, 2016 18:05
My old patch of Immunity Debugger's shellcodediff.py script that added support for external binary shellcode files.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| (c) Immunity, Inc. 2004-2008 | |
| U{Immunity Inc.<http://www.immunityinc.com>} | |
| Shellcode diff | |
| - Corrected by <MGeeky> to support BINARY |
mgeeky
/ simple_infector.c
Last active
March 22, 2016 18:08
Poorly coded, but doing it's job - simple PE infection utility, leveraging append-section technique. (one of those codes when my code style fu was not the way it meant to be, apologize for that)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <cstdio> | |
| /////////////////////////////////////////////// | |
| IMAGE_DOS_HEADER *g_iDosHdr; | |
| IMAGE_FILE_HEADER *g_iFileHdr; | |
| IMAGE_OPTIONAL_HEADER *g_iOptionalHdr; | |
| IMAGE_SECTION_HEADER g_iNewSectHdr, |
mgeeky
/ urlencoded2dict.py
Created
March 31, 2016 12:31
Convert urlencoded string into dictonary (json)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def urlencoded2dict(txt): | |
| s = '{' + re.sub("([^=]+)=([^&]*)&?", r'"\1":"\2", ', txt) + '}' | |
| return json.loads(s.replace(', }', '}')) |
mgeeky
/ deobfuscate.py
Last active
April 13, 2024 08:57
Locky JS deobfuscation script utilizing Didier Stevens' translate.py tool.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Script intended to ease malicious JS deobfuscation. | |
| # | |
| # Deobfuscates Locky Javascript transformations to a human readable JS | |
| # (most likely it will work with other malware obfuscation transformations as well) | |
| # | |
| # Try this out with: | |
| # $ python translate.py -f locky.js -s deobfuscate.py Deobfuscate | |
| # |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Simple multi-threaded ZIP cracker. | |
| # | |
| # MGeeky, 2016 | |
| # | |
| require 'archive/zip' | |
| require 'tmpdir' | |
| require 'fileutils' |
mgeeky
/ sshcommand.py
Created
April 18, 2016 14:44
sshcommand.py - ripped out from Violent Python - by TJ O'Connor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Pexpect driven SSH Command sending script. | |
| # Based on: | |
| # Violent Python, by TJ O'Connor | |
| # | |
| import pexpect | |
| from sys import argv, exit | |
| PROMPT = ['#', '>>>', '> ', '\$ '] |
mgeeky
/ sshbrute.py
Created
April 18, 2016 14:44
sshbrute.py - ripped out from Violent Python - by TJ O'Connor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Pxssh driven SSH brute-forcing script. | |
| # Based on: | |
| # Violent Python, by TJ O'Connor | |
| # | |
| import pxssh | |
| import time | |
| import optparse | |
| from sys import argv, exit, stdout |
mgeeky
/ ajax_crawl.js
Last active
May 5, 2016 15:38
AJAX Crawling bookmarklet - useful bookmarklet for fetching accessible, in-scope URLs from the webpage (and it's sitemap.xml) in order to let them be captured in local proxy like Burp. This in turn is useful for populating local proxy's history and it's website resources tree. Must-have during website pentesting.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Copy the below line to your bookmarklet: */ | |
| javascript:(function(){MAX_URLS_TO_FETCH = 512; limit_reached = false; function decodeHtml(html) {txt = document.createElement('textarea'); txt.innerHTML = html; return txt.value; } String.prototype.endsWith = function(suffix) {return this.indexOf(suffix, this.length - suffix.length) !== -1; }; function normalizeUri(uri) {if (!uri || uri.length < 1) {return ''; } if(uri.toLowerCase().startsWith('javascript:') || uri.toLowerCase().startsWith('mailto:') || uri.toLowerCase().startsWith('phone:') || uri.toLowerCase().startsWith('tel:') || uri.toLowerCase().startsWith('phone:') || uri.toLowerCase().startsWith('#') ) {return ''; } orig = location.origin; if (uri.startsWith('http') && !uri.startsWith(orig)) {if (uri.substr(uri.indexOf(':')).startsWith(orig.substr(orig.indexOf(':')))) {return uri; } return ''; } if (uri.startsWith(orig)) {return uri; } if (uri.startsWith('//')) {return location.protocol + uri; } if (uri.startsWith('"') || uri.startsWith("'") ) {return '' |
mgeeky
/ bluetoothObexSpam.py
Created
May 29, 2016 16:05
Script intended to flood bluetooth enabled devices with incoming OBEX Object Push requests containing attacker-specified file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Bluetooth scanner with ability to spam devices | |
| # with incoming OBEX Object Push requests containing | |
| # specified file. | |
| # | |
| # Mariusz B. / MGeeky, 16' | |
| # | |
| # Partially based on `Violent Python` snippets. | |
| # Modules required: | |
| # python-bluez |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CloseFile | |
| CreateFile | |
| CreateFileMapping | |
| DeviceIoControl | |
| FileSystemControl | |
| FlushBuffersFile | |
| Load Image | |
| LockFile | |
| NotifyChangeDirectory | |
| Process Create |