Sh1n0g1 Sh1n0g1
Sh1n0g1
/ Get-ActiveTime.ps1
Created
August 25, 2017 12:55
Get the active time from Eventlog, login event.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Initialize | |
| $Weekday=@("Monday","Tuesday","Wednesday","Thursday","Friday","Saturday","Sunday") | |
| $LoginData=@{} | |
| ForEach($w in $Weekday){ | |
| $LoginData[$w]=@{} | |
| 0..23 | % {$LoginData[$w][$_]=0} | |
| } | |
| #Get the data from Eventlog | |
| $i=0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| def rc4init(key): | |
| x=0 | |
| box = range(256) | |
| for i in range(256): | |
| x = (x + box[i] + ord(key[i % len(key)])) % 256 | |
| box[i], box[x] = box[x], box[i] | |
| return box |
Sh1n0g1
/ VTUploadCheck.sh
Created
June 27, 2017 00:33
Detect the malware upload on VT without API key
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| sha256="d868ef71f3489e9f9c0a17b9b3c704789aae7c362457cea5c8e1e17185437303" | |
| url="https://www.virustotal.com/en/file/$sha256/analysis/" | |
| while : | |
| do | |
| result=$(wget -qO- $url ); | |
| reslen=${#result} | |
| if [ "$reslen" -lt "1000" ] ; then | |
| echo "VirusTotal blocks us!"; | |
| break; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "__comment":"Thanks to WireShark + USBPcap!", | |
| "a":"00,00,04", | |
| "b":"00,00,05", | |
| "c":"00,00,06", | |
| "d":"00,00,07", | |
| "e":"00,00,08", | |
| "f":"00,00,09", | |
| "g":"00,00,0a", | |
| "h":"00,00,0b", |
Sh1n0g1
/ Play-Doremi.ps1
Last active
April 16, 2019 12:20
Note Scale for PowerShell [console]::beep
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $C=261.6 | |
| $Cs=277.2 | |
| $Db=$Cs | |
| $D=293 | |
| $Ds=311.1 | |
| $Eb=$Ds | |
| $E=329.6 | |
| $F=349.2 | |
| $Fs=370.0 | |
| $Gb=$Fs |
Sh1n0g1
/ Play-Mario.ps1
Created
April 20, 2017 12:47
— forked from davewilson/Play-Mario.ps1
Super Mario Theme in PowerShell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Play-Mario { | |
| [System.Console]::Beep(659, 125); | |
| [System.Console]::Beep(659, 125); | |
| [System.Threading.Thread]::Sleep(125); | |
| [System.Console]::Beep(659, 125); | |
| [System.Threading.Thread]::Sleep(167); | |
| [System.Console]::Beep(523, 125); | |
| [System.Console]::Beep(659, 125); | |
| [System.Threading.Thread]::Sleep(125); | |
| [System.Console]::Beep(784, 125); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $MemDef =@" | |
| [DllImport("winmm.dll", CharSet = CharSet.Ansi)] | |
| public static extern int mciSendStringA( | |
| string lpstrCommand, | |
| string lpstrReturnString, | |
| int uReturnLength, | |
| IntPtr hwndCallback | |
| ); | |
| "@ |
Sh1n0g1
/ Write-RegistryValue.ps1
Created
March 23, 2017 03:00
Write Registry Value (and Create key if needed)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .EXAMPLE | |
| Write-RegistryValue -Path "HKCU:\Software\Sysinternals\Strings" -Name "EulaAccepted | |
| #> | |
| function Write-RegistryValue{ | |
| param ( | |
| [parameter(Mandatory=$true)][ValidateNotNullOrEmpty()]$Path, | |
| [parameter(Mandatory=$true)][ValidateNotNullOrEmpty()]$Name, | |
| [parameter(Mandatory=$true)][ValidateNotNullOrEmpty()]$Value |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .EXAMPLE | |
| Test-RegistryName -Path "HKCU:\Software\Sysinternals\Strings" -Name "EulaAccepted" | |
| #> | |
| function Test-RegistryName { | |
| param ( | |
| [parameter(Mandatory=$true)][ValidateNotNullOrEmpty()]$Path, | |
| [parameter(Mandatory=$true)][ValidateNotNullOrEmpty()]$Name | |
| ) |
Sh1n0g1
/ pefile_peid.py
Created
January 25, 2017 11:32
Get the matching result of UserDB.txt(PEid) using pefile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import peutils | |
| import pefile | |
| try: | |
| pe = pefile.PE(sys.argv[1]) | |
| signatures = peutils.SignatureDatabase('./sig/userdb.txt') | |
| matches = signatures.match_all(pe, ep_only = True) | |
| if type(matches) is list: | |
| for m in matches: |