James Hovious JamesHovious

## hancitor_extractor.go
package hancitor

// References:
// https://hub.gke2.mybinder.org/user/oalabs-lab-notes-4vubrm7f/notebooks/Hancitor/hancitor.ipynb
// https://www.youtube.com/watch?v=OQuRwpUTBpQ
// https://www.binarydefense.com/analysis-of-hancitor-when-boring-begets-beacon/
// https://github.com/kevoreilly/CAPEv2/blob/master/modules/processing/parsers/mwcp/Hancitor.py

import (
	"bytes"

## error_example_syntax.go
if val, ok := data[“key”]; ok {
  // the key/value in the map exists
}

if gz, err := zlib.NewReader(base64decoder); err != nil {
  return err
}

if err := decoder.Decode(&t); err != nil {
  return err

## prt_to_bytes.go
size := unsafe.Sizeof(ptr)
eip := make([]byte, size)
switch size {
	case 4: binary.LittleEndian.PutUint32(eip, uint32(ptr))
	case 8: binary.LittleEndian.PutUint64(eip, uint64(ptr))
	default: panic(fmt.Sprintf(“unknown uintptr size: %v”, size))
}

## aws_parse.py
#/bin/python3
import urllib.request
import json

aws_url = "https://ip-ranges.amazonaws.com/ip-ranges.json"
aws_ips = []
with urllib.request.urlopen(aws_url) as response:
    obj = json.loads(response.readall().decode('utf-8'))
    for k, v in obj.items(): #  type dictionary
        if isinstance(v, list): # filtering on 'prefixes' which is type list

## Pentest-Tools-Install.sh
#/bin/bash

# This script sets up two directories. One in ~/tools/ which contains tools that I often use on pentests.
# The other directory is in /var/www/html/ that contains tools/scripts that I often pull down from
# and run on victim machines.

toollist=(
'https://github.com/ilneill/Py-CiscoT7.git'
'https://github.com/rsmudge/cortana-scripts.git'
'https://github.com/CoreSecurity/impacket.git'

## Brython Rest API.py
<table class="table table-striped table-bordered">
    <thead>
    <tr>
        <th>First Name</th>
        <th>Last Name</th>
        <th>Date</th>
    </tr>
    </thead>
    <tbody>
    <tr>

## settings.py
# Running in development, so use a local MySQL database.
DATABASES = {
    'default': {
        'ENGINE': 'google.appengine.ext.django.backends.rdbms',
        'INSTANCE': 'gaeapp-001:blog',
        'NAME': 'mysql',
        'USER': 'root',
    },
    'app-backend': {
        'ENGINE': 'google.appengine.ext.django.backends.rdbms',

## django_api_code.py
import json
from django.http import HttpResponse
from project.libs.pybcrypt import bcrypt

class ClassName:
    def test(self):
        json_response = json.dumps({"success": 1, "errors": 0, "msg": "test_successfully_sent"})
        return HttpResponse(json_response, mimetype="application/json")

    def register(self, c, json_data):

## django_api_view.py
"""
Here is the JSON structure the api is expecting

{
"tag":"test", // or whatever the tag should be
"data":
  {"
  first_name":"firstname",
  "last_name":"lastname",
  "email":"email@email.com",

## Brython Ajax.py
from browser import document, ajax
#Ajax arguments
qs = ''
url = 'http://headers.jsontest.com/'

def post_data(url, qs):
    req = ajax.ajax()
    # Bind the complete State to the on_post_complete function
    req.bind('complete',on_post_complete)
    # send a POST request to the url
	package hancitor

	// References:
	// https://hub.gke2.mybinder.org/user/oalabs-lab-notes-4vubrm7f/notebooks/Hancitor/hancitor.ipynb
	// https://www.youtube.com/watch?v=OQuRwpUTBpQ
	// https://www.binarydefense.com/analysis-of-hancitor-when-boring-begets-beacon/
	// https://github.com/kevoreilly/CAPEv2/blob/master/modules/processing/parsers/mwcp/Hancitor.py

	import (
	"bytes"
	if val, ok := data[“key”]; ok {
	// the key/value in the map exists
	}

	if gz, err := zlib.NewReader(base64decoder); err != nil {
	return err
	}

	if err := decoder.Decode(&t); err != nil {
	return err
	size := unsafe.Sizeof(ptr)
	eip := make([]byte, size)
	switch size {
	case 4: binary.LittleEndian.PutUint32(eip, uint32(ptr))
	case 8: binary.LittleEndian.PutUint64(eip, uint64(ptr))
	default: panic(fmt.Sprintf(“unknown uintptr size: %v”, size))
	}
	#/bin/python3
	import urllib.request
	import json

	aws_url = "https://ip-ranges.amazonaws.com/ip-ranges.json"
	aws_ips = []
	with urllib.request.urlopen(aws_url) as response:
	obj = json.loads(response.readall().decode('utf-8'))
	for k, v in obj.items(): # type dictionary
	if isinstance(v, list): # filtering on 'prefixes' which is type list
	#/bin/bash

	# This script sets up two directories. One in ~/tools/ which contains tools that I often use on pentests.
	# The other directory is in /var/www/html/ that contains tools/scripts that I often pull down from
	# and run on victim machines.

	toollist=(
	'https://github.com/ilneill/Py-CiscoT7.git'
	'https://github.com/rsmudge/cortana-scripts.git'
	'https://github.com/CoreSecurity/impacket.git'
	<table class="table table-striped table-bordered">
	<thead>
	<tr>
	<th>First Name</th>
	<th>Last Name</th>
	<th>Date</th>
	</tr>
	</thead>
	<tbody>
	<tr>
	# Running in development, so use a local MySQL database.
	DATABASES = {
	'default': {
	'ENGINE': 'google.appengine.ext.django.backends.rdbms',
	'INSTANCE': 'gaeapp-001:blog',
	'NAME': 'mysql',
	'USER': 'root',
	},
	'app-backend': {
	'ENGINE': 'google.appengine.ext.django.backends.rdbms',
	import json
	from django.http import HttpResponse
	from project.libs.pybcrypt import bcrypt

	class ClassName:
	def test(self):
	json_response = json.dumps({"success": 1, "errors": 0, "msg": "test_successfully_sent"})
	return HttpResponse(json_response, mimetype="application/json")

	def register(self, c, json_data):
	"""
	Here is the JSON structure the api is expecting

	{
	"tag":"test", // or whatever the tag should be
	"data":
	{"
	first_name":"firstname",
	"last_name":"lastname",
	"email":"email@email.com",
	from browser import document, ajax
	#Ajax arguments
	qs = ''
	url = 'http://headers.jsontest.com/'

	def post_data(url, qs):
	req = ajax.ajax()
	# Bind the complete State to the on_post_complete function
	req.bind('complete',on_post_complete)
	# send a POST request to the url