Skip to content

Instantly share code, notes, and snippets.

View pich4ya's full-sized avatar

LongCat pich4ya

View GitHub Profile
@pich4ya
pich4ya / htb_clicker.py
Last active April 20, 2024 14:21
Exploit for HackTheBox Clicker Machine (https://app.hackthebox.com/machines/564)
# @author Pichaya Morimoto ([email protected])
# Exploit for HackTheBox Clicker Machine (https://app.hackthebox.com/machines/564)
import requests
import random
import string
import urllib.parse
from base64 import b64encode,b64decode
requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)
proxies = {'http':'http://127.0.0.1:8080','https':'http://127.0.0.1:8080'}
@pich4ya
pich4ya / bloodhound-python_issues.txt
Created April 16, 2024 05:13
Common solutions for Bloodhound-python errors, problems and issues
# @author Pichaya Morimoto ([email protected])
# Compiled list of my common bloodhound-python problems & solutions
Bloodhound-python Error #0
You do not get info like GPO and permission abuse edges.
You need to add option -> -c All,LoggedOn
Bloodhound-python Error #1
raise NoNameservers(request=self.request, errors=self.errors)
dns.resolver.NoNameservers: All nameservers failed to answer the query _ldap._tcp.pdc._msdcs.DCHOSTNAME. IN SRV: Server 10.3.3.7 TCP port 53 answered SERVFAIL
@pich4ya
pich4ya / brain_check.py
Last active January 23, 2024 16:02
brain_check.py
# A numeric lock has a 3 digit key
# "682" - One number is correct and well placed
# "614" - One number is correct but wrongly placed
# "206" - Two number are correct but wrongly placed
# "738" - Nothing is correct
# "780" - One number is correct but wrongly placed
from z3 import *
# Create three integer variables for the lock digits
@pich4ya
pich4ya / apk_getString_R_string.py
Last active October 6, 2023 19:53
This script can be used to replace strings.xml values in a target Java file
# @author Pichaya Morimoto ([email protected])
# I tried all jadx options for debof, but it did not work.
# This script can be used to replace strings.xml values in a target Java file
# if (!Intrinsics.areEqual(param, context.getString(R.string.m1))) { -> if (!Intrinsics.areEqual(param, "monday")) {
# Prompted and modified with ChatGPT for FlareOn 10's ItsOnFire
# Usage: python apk_getString_R_string.py resources/res/values/strings.xml sources/com/secure/itsonfire/MessageWorker.java
# Usage: python apk_getString_R_string.py resources/res/values/strings.xml sources
import xml.etree.ElementTree as ET
import re
import sys
@pich4ya
pich4ya / vultr_nuke.sh
Created July 7, 2023 11:47
Spawn a Vultr VPS instance with zsh script
#!/usr/bin/env zsh
# @author Pichaya Morimoto ([email protected])
# Ansible's Vultr module is suck. I have built my own.
# Nuke all my Vultr instances
ssh_key=$(cat ~/.ssh/id_ed25519_vultr.pub)
echo $ssh_key
# List Instances
curl "https://api.vultr.com/v2/instances" \
-X GET \
@pich4ya
pich4ya / lookingglass_ssh.txt
Created March 17, 2023 15:34
TryHackMe "Looking Glass" - Find the right port with binary search
#!/bin/zsh
# @author Pichaya Morimoto ([email protected])
# https://tryhackme.com/room/lookingglass
# 10.10.169.23
function ssh_connect {
ssh [email protected] -p $1 2>/dev/null | grep -q 'Higher' && echo "Higher" && exit 0
echo "Lower"
}
@pich4ya
pich4ya / weedshop_exploit.py
Last active July 3, 2023 07:12
Weed Shop RCE Exploit
#!/usr/bin/env python
# @author Pichaya Morimoto ([email protected])
# 2023-03-07
# Weed Shop RCE Exploit
import requests
def create_dbfile(filename):
# Vulnerability 1: IP Spoofing
# File: function.php
@pich4ya
pich4ya / chrome_remote_debug_lfi.py
Created March 6, 2023 11:49
Chrome Debugger Local File Inclusion (No CVE, a security misconfiguration if the port is accessible for the attacker)
#!/usr/bin/env python
# @author Pichaya Morimoto ([email protected])
# Ported from https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/gather/chrome_debugger.rb
# pip install requests websocket-client python-socks
# This exploit code can be used to read arbitrary files on the victim machine with
# chrome/chromium --remote-debugging-port=9222, usually runs as a test automation tool in any software testing phase
import requests
import json
import urllib3
import websocket
@pich4ya
pich4ya / rust_cross-compile_guide.txt
Last active March 6, 2023 07:00
rust cross-compile for Windows (x86_64) and Linux (x86_64) on M1/M2
# @author Pichaya Morimoto ([email protected])
# The note at https://gist.github.com/shqld/256e2c4f4b97957fb0ec250cdc6dc463 is incomplete.
brew uninstall rust
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
rustup target add x86_64-pc-windows-gnu
rustup target add x86_64-unknown-linux-gnu
rustup target list |grep installed
### Build Windows x86_64
@pich4ya
pich4ya / proxychains-ng_m1.txt
Created March 6, 2023 03:25
Install proxychains-ng on macOS m1/m2 arm64e natively without Rosetta 2 (2023)
# @author Pichaya Morimoto ([email protected])
Problem:
```bash
brew install proxychains-ng
proxychains4 ncat 1.2.3.4 # not working
```
There are public workarounds like https://benobi.one/posts/running_brew_on_m1_for_x86/