Skip to content

Instantly share code, notes, and snippets.

joenorton8014

Block or report user

Report or block joenorton8014

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View zipcracker.py
import zipfile
import random
import itertools
import time
"""
Solves a challenge on pentester academy's Labs. Inefficiently writes
passwords to the screen, only be cause it was used as a debugging method to
figure out how python3 was jacking up the string encoding. Might clean up
into a usable program someday, so that's why I am saving it here...
View logmonitor.py
#!/usr/bin/python3
import time
from datetime import datetime
import smtplib
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from pathlib import Path
'''
Not very user friendly at this point....
View common sections dict
# Dictionary of common PE file sections and descriptions.
# Taken from here: http://www.hexacorn.com/blog/2016/12/15/pe-section-names-re-visited/
common_sections_dict = {".00cfg":"Control Flow Guard CFG section added by newer versions of Visual Studio", \
".apiset":"a section present inside the apisetschema.dll", \
".arch":"Alpha-architecture section", \
".autoload_text":"cygwin/gcc; the Cygwin DLL uses a section to avoid copying certain data on fork.", \
".bindat":"Binary data also used by one of the downware installers based on LUA", \
".bootdat":"section that can be found inside Visual Studio files; contains palette entries", \
".bss":"Uninitialized Data Section", \
View packer dictionary
# Dictionary of packer sections and descriptions.
# Taken from here: http://www.hexacorn.com/blog/2016/12/15/pe-section-names-re-visited/
# Useful in python code :)
packer_dict = {".aspack":"Aspack packer", \
".adata":"Aspack packer/Armadillo packer", \
"ASPack":"Aspack packer", \
".ASPack":"ASPAck Protector", \
".boom":"The Boomerang List Builder (config+exe xored with a single byte key 0x77)", \
View messingwithpefile.py
import pefile
# Inspriation from here - https://malwology.com/2018/08/24/python-for-malware-analysis-getting-started/
# Dictionary of packer sections and descriptions.
# Taken from here: http://www.hexacorn.com/blog/2016/12/15/pe-section-names-re-visited/
packer_dict = {".aspack":"Aspack packer", \
View kill-calc.vbs
' Kill Calculator
procToKill = "Calculator.exe"
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery( _
"SELECT * FROM Win32_Process",,48)
For Each objItem in colItems
If objItem.Name = procToKill Then
Set objShare = objWMIService.Get("Win32_Process.Handle=" & objItem.ProcessID)
Wscript.Echo "-----------------------------------"
View all-pids-owned-by-SYSTEM.vbs
dim list
Set list = CreateObject("System.Collections.ArrayList")
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery( _
"SELECT * FROM Win32_Process",,48)
For Each objItem in colItems
list.Add objItem.ProcessId
Next
View all-pids-and-owners.vbs
dim list
Set list = CreateObject("System.Collections.ArrayList")
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery( _
"SELECT * FROM Win32_Process",,48)
For Each objItem in colItems
list.Add objItem.ProcessId
Next
View all-proc-to-csv.vbs
Dim fso, objShell, objShellEnv, strComputerName, objFso, dt
dt = now
timestamp = ((year(dt)*100 + month(dt))*100 + day(dt))*10000 + hour(dt)*100 + minute(dt)
Set objShell = WScript.CreateObject("WScript.Shell")
Set objShellEnv = objShell.Environment("Process")
strComputerName = objShellEnv("ComputerName")
Set objFso = WScript.CreateObject("Scripting.FileSystemObject")
Set outputFile = objFso.CreateTextFile("C:\tools\allproc-" & timestamp & ".csv", True)
strComputer = "."
View echo into wget.vbs.cmd
# From OSCP
echo strUrl = WScript.Arguments.Item(0) > wget.vbs
echo StrFile = WScript.Arguments.Item(1) >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs
echo Dim http, varByteArray, strData, strBuffer, lngCounter, fs, ts >> wget.vbs
echo Err.Clear >> wget.vbs
You can’t perform that action at this time.