PeterG75
PeterG75
/ AdWindDecryptor.py
Created
March 26, 2018 19:38
— forked from herrcore/AdWindDecryptor.py
Python decryptor for newer AdWind config file - replicated from this Java version https://github.com/mhelwig/adwind-decryptor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/local/bin/env python | |
| ######################################################################################################## | |
| ## | |
| ## Decrypts the AdWind configiration files! | |
| ## ** May also work for other files ** | |
| ## | |
| ## | |
| ## All credit to Michael Helwig for the original Java implementation: | |
| ## https://github.com/mhelwig/adwind-decryptor |
PeterG75
/ SharpPick.cs
Created
March 21, 2018 17:35
— forked from kilogirl/SharpPick.cs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * SharpPick aka InexorablePoSH | |
| * Description: Application to load and run powershell code via the .NET assemblies | |
| * License: 3-Clause BSD License. See Veil PowerTools Project | |
| * | |
| * This application is part of Veil PowerTools, a collection of offensive PowerShell | |
| * capabilities. Hope they help! | |
| * | |
| * This is part of a sub-repo of PowerPick, a toolkit used to run PowerShell code without the use of Powershell.exe | |
| */ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| using System.Text; | |
| public class TestClass | |
| { | |
| public TestClass() | |
| {} |
PeterG75
/ gootkit_packer_string_decrypt.py
Created
March 5, 2018 06:12
— forked from herrcore/gootkit_packer_string_decrypt.py
Simple string decryptor for Gootkit packer (IDAPython script)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idautils | |
| import idaapi | |
| import idc | |
| def string_decrypt(data_ea, data_len): | |
| data = idc.GetManyBytes(data_ea, data_len) | |
| key = '89798798798g79er$' | |
| out = 'str_' | |
| for i in range(0 , len(data)): |
NewerOlder