Skip to content

Instantly share code, notes, and snippets.

View 0x27's full-sized avatar
💭
'"/><script>alert(0)</script>

David Davidson 0x27

💭
'"/><script>alert(0)</script>
View GitHub Profile
@hax0kartik
hax0kartik / export_symbol.idc
Last active September 5, 2024 15:05
Export symbols from IDA to a ghidra importable symbol file
#include <idc.idc>
static FuncDump(f, start)
{
auto ea, str, count, ref;
auto end;
auto teststr;
ea = start;
@marcan
marcan / rpi_cam_auth.py
Created January 25, 2019 07:48
Raspberry Pi Camera V2 DRM authentication example
import hmac, hashlib
# Data from I²C trace at https://hackaday.io/project/19480-raspberry-pi-camera-v21-reversed/log/52547-i2c-logic-analyzer-trace
# Secret key from VideoCore blob
# serial[8], serial[7:4], serial[3:0]
serial = bytes.fromhex("EE8C196D8301230B59")
# rPi -> camera random number
numIn = bytes.fromhex("5805F3C898C3133154498E082F2E703516F2DBD1")
@mehaase
mehaase / sshtranger_things.py
Last active August 26, 2024 10:28
SSHtranger Things Exploit POC
'''
Title: SSHtranger Things
Author: Mark E. Haase <mhaase@hyperiongray.com>
Homepage: https://www.hyperiongray.com
Date: 2019-01-17
CVE: CVE-2019-6111, CVE-2019-6110
Advisory: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
Tested on: Ubuntu 18.04.1 LTS, OpenSSH client 7.6p1
We have nicknamed this "SSHtranger Things" because the bug is so old it could be
@NotMedic
NotMedic / markvulnerable.py
Last active July 11, 2019 02:11
Script to mark hosts as vulnerable in Bloodhound.
#!/usr/bin/python
import sys, json, urllib, urllib2
#Define the Bloodhound Database
url = 'http://bloodhound-server:7474/db/data/cypher/'
#Define the Bloodhound Credentials
#echo neo4j:bloodhound | base64
base64auth = 'bmVvNGo6Ymxvb2Rob3VuZA=='
request = urllib2.Request(url)
import requests
import sys
from bs4 import BeautifulSoup
import json
import re
def sanitize_data(data):
return data.replace('\r\n', '').replace('\n', '').replace(' ', '').replace('&nbsp;', '')
if len(sys.argv) < 2:
@th3gundy
th3gundy / tomcat_bruteforce.py
Created November 2, 2017 13:31 — forked from itsecurityco/tomcat_bruteforce.py
Tomcat manager console bruteforce
"""
Tomcat bruteforce
Author: @itsecurityco
"""
import os
import sys
import getopt
import base64
import requests
@exorcyst
exorcyst / gist:df397c07ae6c338ac0ff58f9b9cea6e6
Created September 1, 2017 22:13
quick perl script to print accounts across multiple hashdumps with the same password hash
#!/usr/bin/perl -w
# iterate over each file
foreach $y (@ARGV)
{
open FH, $y;
while ($x = <FH>)

Notes on Shadow Brokers EQGRP-LiT

credit: @GossiTheDog: "If you want to setup FUZZBUNCH (the Equation exploit framework) you need Win7 VM + Python 2.6 + Pywin 2.6, then python fb.py for shell"
h/t @x0rz @DEYCrypt @hackerfantastic

HOW 2 SETUP + INSTALL FUZZBUNCH & DANDERSPRITZ

context: https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation
writeup: https://www.trustedsec.com/blog/equation-group-dump-analysis-full-rce-win7-fully-patched-cobalt-strike/
decrypted files: https://github.com/x0rz/EQGRP_Lost_in_Translation

first, create a bash script, put this in it.
#!/bin/bash
while IFS='' read -r line || [[ -n "$line" ]]; do
curl --user-agent "$line" <the url you want to troll>
done < "$1"
Name it something dumb. logshove.sh
Next create a file with no url-encodable chars. Make sure every line is the same length. don't use spaces. I used periods.
@Wack0
Wack0 / upwned247.php
Last active December 13, 2023 08:16
UCam247/Phylink/Titathink/YCam/Anbash/Trivision/Netvision/others IoT webcams : remote code exec: reverse shell PoC. (works only in qemu usermode)
<?php
/*
Updated version, 2016-12-02: fixed shellcode so it *actually* works on QEMU
usermode emulation (seems I pushed an old version), and removed debug output.
-------------------------
NB: THIS PoC ONLY WORKS IN QEMU USERMODE EMULATION!
If anyone wants to fix this, go ahead (no pun intended).
However, I don't have a vulnerable product and am unwilling to acquire one.