Skip to content

Instantly share code, notes, and snippets.

View tehmoon's full-sized avatar

tehmoon

23 followers · 15 following
View GitHub Profile
@tehmoon
tehmoon / main.go
Last active March 1, 2018 02:16
Tests with socketpair in go
package main
import (
"io"
"syscall"
"os"
"errors"
)
func main() {
@tehmoon
tehmoon / format0.md
Last active March 30, 2018 16:56
protostar exploits write ups

Format0 introduces format string vulnerabilities.

The vuln relies on the fact that user input is not sanitized and can be used as format string fed into the printf family.

In this example sprintf() is used. It takes at least 2 arguments, the destination's string and the source's string. The idea is to do a classic buffer overflow and write 0xdeadbeef to target.

Here's the following exploit:

@tehmoon
tehmoon / main.go
Created March 20, 2018 01:29
Reallocate stdin after injecting file/buffer to cmd
package main
import (
"os"
"os/exec"
"io"
"strings"
"github.com/kr/pty"
)
@tehmoon
tehmoon / main.go
Created April 11, 2018 01:45
Simple https server in go with self-signed certificate
package main
import (
"net/http"
"fmt"
"io"
"os"
"log"
"crypto/x509"
"crypto/x509/pkix"
@tehmoon
tehmoon / client.go
Last active April 15, 2018 01:31
Reverse shell client/server in go!
package main
import (
"io"
"os"
"net/http"
"net/http/httputil"
"net"
"golang.org/x/crypto/ssh/terminal"
@tehmoon
tehmoon / compiling_on_alpine.md
Last active September 9, 2018 17:57
Go stuff

This is specific to Alpine using the go apk.

Compiling go binaries in same arch:

go build -buildmode exe -ldflags '-linkmode external -extldflags "-static"' .

Compiling go binaries in other arch:

@tehmoon
tehmoon / git.md
Last active August 22, 2018 19:40
Git/github stuff

extract the whole forked branch from merge commit:

git log @~1..@^2

Get all the tags that contain the commit:

git tag --contain
@tehmoon
tehmoon / flags.go
Last active April 26, 2018 00:54
Bootstrap go
package main
import (
"flag"
"fmt"
"os"
)
type Flags struct {
}
@tehmoon
tehmoon / powershell.md
Last active November 14, 2018 17:19
Windows stuff

Run as:

powershell -ExecutionPolicy bypass Start-Process  .\log-exporter.exe, -Verb, RunAs, -ArgumentList "-u `"blih`""

Escape string + get current user:

$blih = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
@tehmoon
tehmoon / main.go
Created May 30, 2018 01:41
PoC payload dump exec in golang
package main
/*
The goal of this PoC is to try to exec a payload built within the binary.
I kind of use the same idea as for protobuf, compile the target into executable
then copy the payload inside the program, do the reverse operation and exec it.
It works like this:
- compile your binary to the target arch
- use cryptocli dd -in <binary> -encoders gzip,byte-string -out <temp_file>