This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
''''''',,,,,,,,,,,,,,:c:cccdc;;:lcl:;;;;;;;;;;:;;;;. .c,oodll. [37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m[37m [0m ..''',, | |
[37m:[0m[37m;[0m',,;,,,,,,,''',,,,,,,,,,;::;:;::cc;;coxkO0KK00Oxd:... .c,oodll. [37m [0m ...''',, | |
[37mk[0mx[37mo[0m[37mo[0m[37md[0mdo[37mo[0m[37mo[0mc:[37mc[0m[37ml[0m..;l:::colll;;:::;;;:lxOKKKXXK[37mX[0mXXXNNNNNXXKOxc,;c;dddll. ....................''',, | |
[37mk[0mxxxddxxxxxxxdxdddo[37ml[0m[37mc[0m[37ml[0moddo[37ml[0m[37mo[0m[37md[0m[37mx[0m[37mx[0m[37mk[0m[37mO[0m0KKXXXXXXX[37mX[0mX[37mX[0mNNNNNNNNNNNNXK0xkxdol. ............. ......'''',, | |
[37m,[0m;::;:ccdxxx[37mx[0mxdddddddxxxxxxxkO0KXXXXKKXXXXXXX[37mN[0mNNNNNNNNNNNNNXXK0kkdl. ........... .....'''',, | |
...... .[37ml[0m[37md[0m[37md[0m[37md[0m[37md[0m;'..',,,,:cokkdOKXXX[37mX[0mKKKK[37mX[0m[37mX[0mXXXXXXNNNNNNNNNNNN[37mN[0m[37mN[0mXX |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import time | |
import json | |
from datetime import datetime | |
slacl_server_url = 'https://slack.com/api/' | |
camera_server_url = 'http://127.0.0.1:8080' | |
token = 'slack api token' | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#coding:utf-8 | |
import time | |
import socket | |
from stem import Signal | |
from stem.control import Controller | |
password= 'password' | |
domain = 'torproject.org' | |
domain_dic = {domain:['138.201.14.197','154.35.132.71']} | |
correct = 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#coding:utf-8 | |
import time | |
import argparse | |
import subprocess | |
import commands | |
ip_addr = "10.0.0.2" | |
netmask = "255.255.255.0" | |
gateway = "10.0.0.1" | |
dns_addr = "10.0.0.1" |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
DRAKVUF v0.5-a642efc | |
Socketmon plugin requires the Rekall profile for tcpip.sys! | |
poolmon,0,0xed1b85e0,notepad.exe,1,usbp,unknown_pool_type,140 | |
poolmon,0,0xed1b85e0,notepad.exe,1,ExTm,unknown_pool_type,144 | |
poolmon,0,0xed1b85e0,notepad.exe,1,IoUs,unknown_pool_type,16,nt!io,I/O SubSystem completion Context Allocation | |
syscall,1 0xed1b81e0,svchost.exe,0,ntoskrnl.exe,NtQuerySystemInformation,4,IN,SYSTEM_INFORMATION_CLASS,SystemInformationClass,0x2,,,OUT,PVOID,SystemInformation,0x3c7fc18,,,IN,ULONG,SystemInformationLength,0x158,,,OUT,PULONG,ReturnLength,0x0,, | |
filetracer,1,0xed1b81e0,svchost.exe,0,NtCreateFile,\??\PhysicalDrive0 | |
syscall,1 0xed1b81e0,svchost.exe,0,ntoskrnl.exe,NtCreateFile,11,OUT,PHANDLE,FileHandle,0x3c7fa24,,,IN,ACCESS_MASK,DesiredAccess,0x100080,,,IN,POBJECT_ATTRIBUTES,ObjectAttributes,0x3c7fa58,,,OUT,PIO_STATUS_BLOCK,IoStatusBlock,0x3c7fa30,,,IN,PLARGE_INTEGER,AllocationSize,0x0,,,IN,ULONG,FileAttributes,0x0,,,IN,ULONG,ShareAccess,0x3,,,IN,ULONG,CreateDisposition,0x1,,,IN,ULONG,CreateOptions,0x60,, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
root@ubuntu:/usr/local/DRAKBUF/drakvuf# sudo find . \( -name "*.cpp" -o -name "*.h" -o -name "*.ac" -o -name "*.am" \) -print | xargs grep -i "msrmon" | |
./configure.ac:AC_ARG_ENABLE([plugin_msrmon], | |
./configure.ac: [AS_HELP_STRING([--disable-plugin-msrmon], | |
./configure.ac: [Enable the MSRMON example plugin @<:@yes@:>@])], | |
./configure.ac: [plugin_msrmon="$enableval"], | |
./configure.ac: [plugin_msrmon="yes"]) | |
./configure.ac:AM_CONDITIONAL([PLUGIN_MSRMON], [test x$plugin_msrmon = xyes]) | |
./configure.ac:if test x$plugin_msrmon = xyes; then | |
./configure.ac: AC_DEFINE_UNQUOTED(ENABLE_PLUGIN_MSRMON, 1, "") | |
./configure.ac:MSRmon: $plugin_msrmon |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include "stdafx.h" | |
#include <iostream> | |
#include <Windows.h> | |
using namespace std; | |
int main(int argc,char *argv[]) | |
{ | |
int pid; | |
char* dllpath = "C:\\users\\user\\documents\\visual studio 2015\\Projects\\injector\\x64\\Debug\\dllexample.dll"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include "stdafx.h" | |
#include "Windows.h" | |
BOOL APIENTRY DllMain( HMODULE hModule,DWORD ul_reason_for_call,LPVOID lpReserved){ | |
switch (ul_reason_for_call){ | |
case DLL_PROCESS_ATTACH: | |
MessageBox(NULL,"helloworld", "helloworld", NULL); | |
break; | |
case DLL_THREAD_ATTACH: | |
case DLL_THREAD_DETACH: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#coding:utf-8 | |
import random | |
from scapy.all import * | |
HOST = 'www.example.com' | |
PORT = 80 | |
if __name__=='__main__': |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ ./bin/exitmap dnspoison | |
2017-06-07 23:10:13,644 exitmap [INFO] Attempting to invoke Tor process in directory "/tmp/exitmap_tor_datadir". This might take a while. | |
2017-06-07 23:10:13,644 exitmap [INFO] No first hop given. Using randomly determined first hops for circuits. | |
2017-06-07 23:10:13,848 util [INFO] Tor Bootstrapped 0%: Starting | |
2017-06-07 23:10:15,837 util [INFO] Tor Bootstrapped 80%: Connecting to the Tor network | |
2017-06-07 23:10:15,837 exitmap [INFO] Successfully started Tor process (PID=30465). | |
2017-06-07 23:10:15,960 exitmap [INFO] Running module 'dnspoison'. | |
2017-06-07 23:10:17,148 modules.dnspoison [INFO] Domain whitelist: {'torrentfreak.com': [u'104.25.104.105', u'104.25.103.105'], 'www.youporn.com': [u'67.22.32.168'], 'blockchain.info': [u'104.16.55.3', u'104.16.54.3'], 'youporn.com': [u'67.22.32.168'], 'www.wikileaks.org': [u'95.211.113.154', u'141.105.69.239', u'95.211.113.131', u'195.35.109.53', u'141.105.65.113', u'195.35.109.44'], 'www.torproject.org': [u'89.45.235.21', u'138.201.14.1 |