This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys | |
import random, string | |
import os | |
import time | |
import crypt | |
import traceback | |
import subprocess | |
path = ''.join(random.choices(string.ascii_letters + string.digits, k=8)) | |
session = {"user": "", "authenticated": 0} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'etc' | |
TCP_STATES = { # /usr/src/linux/include/net/tcp_states.h | |
'00': 'UNKNOWN', | |
'FF': 'UNKNOWN', | |
'01': 'ESTABLISHED', | |
'02': 'SYN_SENT', | |
'03': 'SYN_RECV', | |
'04': 'FIN_WAIT1', | |
'05': 'FIN_WAIT2', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[SC] QueryServiceConfig SUCCESS | |
SERVICE_NAME: applockerfltr | |
TYPE : 1 KERNEL_DRIVER | |
START_TYPE : 3 DEMAND_START | |
ERROR_CONTROL : 1 NORMAL | |
BINARY_PATH_NAME : system32\drivers\applockerfltr.sys | |
LOAD_ORDER_GROUP : | |
TAG : 0 | |
DISPLAY_NAME : Smartlocker Filter Driver |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PSChildName : .NET CLR Data | |
Owner : NT AUTHORITY\SYSTEM | |
Group : NT AUTHORITY\SYSTEM | |
AccessToString : APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadKey | |
NT AUTHORITY\SYSTEM Allow FullControl | |
CREATOR OWNER Allow FullControl | |
NT AUTHORITY\Authenticated Users Allow ReadKey | |
NT AUTHORITY\SYSTEM Allow FullControl |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SERVICE_NAME: applockerfltr | |
SERVICE_NAME: AppMgmt | |
SERVICE_NAME: AppVClient | |
SERVICE_NAME: BFE | |
SERVICE_NAME: BrokerInfrastructure | |
SERVICE_NAME: CLFS | |
SERVICE_NAME: ConsentUxUserSvc | |
SERVICE_NAME: ConsentUxUserSvc_484da | |
SERVICE_NAME: DcomLaunch | |
SERVICE_NAME: DevicePickerUserSvc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1394ohci | |
3ware | |
ACPI | |
AcpiDev | |
acpiex | |
acpipagr | |
AcpiPmi | |
acpitime | |
ADOVMPPackage | |
ADP80XX |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\.NET CLR Data | |
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\.NET CLR Networking | |
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\.NET CLR Networking 4.0.0.0 | |
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\.NET Data Provider for Oracle | |
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\.NET Data Provider for SqlServer | |
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\.NET Memory Cache 4.0 | |
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\.NETFramework | |
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\1394ohci | |
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\3ware |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\1394ohci | |
ImagePath REG_EXPAND_SZ \SystemRoot\System32\drivers\1394ohci.sys | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\3ware | |
ImagePath REG_EXPAND_SZ System32\drivers\3ware.sys | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ACPI | |
ImagePath REG_EXPAND_SZ System32\drivers\ACPI.sys |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Keybase proof | |
I hereby claim: | |
* I am s4ch on github. | |
* I am cy5un (https://keybase.io/cy5un) on keybase. | |
* I have a public key ASAIJpwqGQVyDHzre_B6Ba51iaSl4NMJ_YBF9oAosJjNHwo | |
To claim this, I am signing this object: |