Tim Brown timb-machine
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-Sigs($directorypath = $pwd, [string[]]$patternstring = "*.exe") { | |
| foreach ($fileitem in Get-ChildItem $directorypath)) { | |
| if ($patternstring | Where { $fileitem -Like $_ }) { | |
| Get-AuthenticodeSignature $fileitem.FullName | |
| } | |
| if (Test-Path $fileitem.FullName -PathType Container) { | |
| Get-Sigs $fileitem.FullName $patternstring | |
| } | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # socat unix-connect:/var/run/avahi-daemon/socket stdin | |
| FUCK | |
| + FUCK: Go fuck yourself! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ sudo ./biscuit.py | |
| [@] biscuit> scan | |
| ['/dev/ttyUSB0'] | |
| [@] biscuit> select /dev/ttyUSB0 | |
| [@/dev/ttyUSB0] biscuit> open | |
| [@/dev/ttyUSB0 *] biscuit> available | |
| ['modules/local/ATTRACE.py', 'modules/local/BaudRate.py', 'modules/local/RunScript.py', 'modules/local/Terminal.py'] | |
| [@/dev/ttyUSB0 *] biscuit> use modules/local/ATTRACE.py | |
| ATTRACE | |
| [ATTRACE@/dev/ttyUSB0 *] biscuit> show |
timb-machine
/ no-unqualified-linker-paths.diff.txt example
Last active
September 4, 2017 13:54
no-unqualified-linker-paths.diff.txt example
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ LD_LIBRARY_PATH=/test ../glibc-2.19/build-tree/amd64-libc/elf/ld.so ./test-dlopen-LD_LIBRARY_PATH | |
| $ LD_LIBRARY_PATH=test ../glibc-2.19/build-tree/amd64-libc/elf/ld.so ./test-dlopen-LD_LIBRARY_PATH | |
| 19635: not fully qualified, marking insecure=test/ | |
| 19635: not fully qualified, marking insecure=test/ | |
| 19635: not fully qualified, marking insecure=test/ | |
| 19635: not fully qualified, marking insecure=test/ |
timb-machine
/ dakami_rng.html.out example
Created
September 4, 2017 03:22
dakami_rng.html.out example
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ cat dakami_rng.html.out | awk '{print $2}' | grep "[0-9]" | perl -e 'my %foo; while (<>) { $_ =~ s/\x0a//g; $_ =~ s/\x0d//g; if ($foo{$_} == undef) { $foo{$_} = 0 } $foo{$_} ++ }; foreach $key (keys %foo) { print $key . ":" . $foo{$key} . "\n"; }' | more | sort -n: | |
| 0:391 | |
| 1:409 | |
| 2:397 | |
| 3:379 | |
| 4:389 | |
| ... |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <dlfcn.h> | |
| #include <stdio.h> | |
| int main(int argc, char **argv) { | |
| void *libraryhandle; | |
| int (*functionpointer)(void *, void *, void *, void *, void *, void *, void *, void *, void *); | |
| int functionresult; | |
| libraryhandle = dlopen(argv[1], RTLD_NOW); | |
| functionpointer = dlsym(libraryhandle, argv[2]); | |
| functionresult = functionpointer(argv[3] ? argv[3] : NULL, argv[4] ? argv[4] : NULL, argv[5] ? argv[5] : NULL, argv[6] ? argv[6] : NULL, argv[7] ? argv[7] : NULL, argv[8] ? argv[8] : NULL, argv[9] ? argv[9] : NULL, argv[10] ? argv[10] : NULL, argv[11] ? argv[11] : NULL); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| On Linux: | |
| $ date && touch foo && chmod u+xs foo && sudo chown 0:0 foo && ls -l foo && date | |
| Sun 26 Apr 15:10:58 BST 2015 | |
| -rwxr--r-- 1 root root 0 Apr 26 15:10 foo | |
| Sun 26 Apr 15:10:58 BST 2015 | |
| On other OS (iOS in this case): | |
| $ date && touch foo && chmod u+xs foo && sudo chown 0:0 foo && ls -l foo && date |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ id | |
| uid=208(tmb) gid=1(staff) | |
| $ ./sploit 1000000 -1 | |
| maxiumumleak: 1000000 | |
| target: 17760424 | |
| $031097N 04j0a06000000000I404d0Qa109>f086f0801(0000:/05d01005=9dfff0xf6f00deh0000/usr/java5/binLC_ALL=CLC__FASTMSG=trueLOGNAME=rootLOCPATH=/usr/lib/nls/locODMPATH=/etc/objrepos:LDR_CNTRL=MAXDATA=0x80000000USER=rootAUTHSTATE=compatSHELL=/usr/bin/kshODMDIR=/etc/objreposHOME=/TERM=dumbPWD=/TZ=GMT0BSTNLSPATH=/usr/lib/nls/msg/%L/%N:/usr/lib/nls/msg/%L/%N.catLIBPATH=/usr/java14/jre/bin:/usr/java14/jre/bin/classic:/usr/java5/jre/bin:/usr/java5/jre/bin/classic: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ ./sploit 2000 $$ | |
| maximumleak: 2000 | |
| target: 14876824 | |
| ... ...........n .......bash.......4.....Sq...NQ...@..../usr/lib/libiconv.a.shr4.o.....4.....R........> ..../usr/lib/libi18n.a.shr.o.......0.....R....-u.RQ(..#4/usr/lib/nls/loc/en_US.....4.....Q.....>..f....(/usr/lib/libcrypt.a.shr.o......0.....f.......5p...../usr/lib/libdl.a.shr.o.....8...........P.e.0..HV/usr/lib/libcurses.a.shr42.o.utd...<.....M.......)....?./usr/lib/libpthreads.a.shr_xpg5.o......<.....Q....1_.$....! /usr/lib/libpthreads.a.shr_comm.o.ip.............=...x....eh/usr/lib/threads/libc.a.shr.o...rc.teboot.d........2.......S.(..rc.trustedboot.............3.......r. ..rc.wpars...........4......... ..resolv.conf........5......... ..route.....[`.......6.......-....rpc........7......... ..rpc.pcnfsd.c.......8.......D....rpm........9......... ..rsvpd.conf.........:......... ..screenrc...........;.......P. ..securetcpip........<......... ..security...........=.......v. ..sendmail.cf........>......... ..services...........?........ |
timb-machine
/ UNIXSocketScanner.pl example
Created
September 4, 2017 03:43
UNIXSocketScanner.pl example
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ find / -type s | ./UNIXSocketScanner.pl -x 5 -p ./probes -n /usr/share/nmap/nmap-service-probes | |
| ... | |
| /tmp/akonadi-xxx.HoHuFd/mysql.socket | |
| + matches nmap-response-mysql | |
| + matches nmap-probe-NULL | |
| /tmp/akonadi-xxx.HoHuFd/akonadiserver.socket | |
| /tmp/ksocket-xxx/klauncherMT5682.slave-socket | |
| /tmp/ksocket-xxx/kio_http_cache_cleaner | |
| /tmp/ksocket-xxx/kdeinit4__0 | |
| /tmp/.ICE-unix/5725 |
OlderNewer