Skip to content

Instantly share code, notes, and snippets.

aaronott /
Created Oct 17, 2012
Fix D7 file permissions
if [ $# -ne 1 ] ; then
echo "USAGE $0 <d7 root dir>"
darkoperator /
Created Dec 8, 2013
sends using gmail an email to the ATT SMS gateway.
import subprocess
import smtplib
import socket
from email.mime.text import MIMEText
import datetime
# Change to your own account information
to = '<your number> '
gmail_user = ''
gmail_password = ''
smtpserver = smtplib.SMTP('', 587)
View Volume Shadow Copy
# Start the Volume Shadow Service
C:\bak>cscript vssown.vbs /start
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.
[*] Signal sent to start the VSS service.
# Create a Volument Shadow Copy, C is the drive where the files reside, this may not always be C
mattifestation / drop_binary.bat
Created Jul 12, 2015
Drop binary data from the command line w/o needing PowerShell
View drop_binary.bat
echo -----BEGIN CERTIFICATE----- > encoded.txt
echo Just Base64 encode your binary data
echo TVoAAA== >> encoded.txt
echo -----END CERTIFICATE----- >> encoded.txt
certutil -decode encoded.txt decoded.bin
MichaelPote / himawari.ps1
Created Feb 3, 2016
Windows Powershell Script to download the latest image from the Himawari-8 satelite, combine the tiles into a single image, convert to jpg and then set as the desktop background.
View himawari.ps1
# Himawari-8 Downloader
# This script will scrape the latest image from the Himawari-8 satellite, recombining the tiled image,
# converting it to a JPG which is saved in My Pictures\Himawari\ and then set as the desktop background.
# Attack created by Mubix. For more information see:
# Modified for Nethunter by Binkybear
# ================== #
# Check for root
# ================== #
jaredcatkinson / Get-InjectedThread.ps1
Last active Sep 1, 2021
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
View Get-InjectedThread.ps1
function Get-InjectedThread
Looks for threads that were created as a result of code injection.
leoloobeek / EventVwrBypass.cs
Last active Mar 6, 2021
Event Viewer UAC Bypass in CSharp for use with InstallUtil.exe
View EventVwrBypass.cs
using System;
using System.Linq;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
using Microsoft.Win32;
InstallUtil.exe C# version of Event Viewer UAC bypass

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

gfoss / Extract-WiFi-Creds.ps1
Last active Mar 29, 2021
Simple script to extract locally-stored Wi-Fi Credentials
View Extract-WiFi-Creds.ps1
# Extract Wi-Fi Credentials #
# greg . foss @ owasp . org #
# v0.1 -- July, 2017 #
# Licensed under the MIT License