This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dim list | |
Set list = CreateObject("System.Collections.ArrayList") | |
strComputer = "." | |
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2") | |
Set colItems = objWMIService.ExecQuery( _ | |
"SELECT * FROM Win32_Process",,48) | |
For Each objItem in colItems | |
list.Add objItem.ProcessId | |
Next |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Dim fso, objShell, objShellEnv, strComputerName, objFso, dt | |
dt = now | |
timestamp = ((year(dt)*100 + month(dt))*100 + day(dt))*10000 + hour(dt)*100 + minute(dt) | |
Set objShell = WScript.CreateObject("WScript.Shell") | |
Set objShellEnv = objShell.Environment("Process") | |
strComputerName = objShellEnv("ComputerName") | |
Set objFso = WScript.CreateObject("Scripting.FileSystemObject") | |
Set outputFile = objFso.CreateTextFile("C:\tools\allproc-" & timestamp & ".csv", True) | |
strComputer = "." |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# From OSCP | |
echo strUrl = WScript.Arguments.Item(0) > wget.vbs | |
echo StrFile = WScript.Arguments.Item(1) >> wget.vbs | |
echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs | |
echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs | |
echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs | |
echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs | |
echo Dim http, varByteArray, strData, strBuffer, lngCounter, fs, ts >> wget.vbs | |
echo Err.Clear >> wget.vbs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import socket | |
import random | |
import argparse | |
import ssl | |
import time | |
import sys | |
# Some customizations on a fuzzer from SANS660 | |
# Original SANS script is here - https://gist.github.com/joenorton8014/f6ac55d7f26023b8d5169edae6e8218a |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import socket | |
import random | |
import argparse | |
import ssl | |
import time | |
# Some customizations on a fuzzer from SANS660 | |
# Original SANS script is here - https://gist.github.com/joenorton8014/f6ac55d7f26023b8d5169edae6e8218a | |
def main(): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Not my work, from SANS660 | |
import socket | |
import random | |
def randstring(): | |
s = "" | |
for i in xrange(random.randint(1,64)): | |
s += chr(random.randint(0x30,0x7a)) | |
return s |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
echo "IP forwarding state:" | |
sysctl net.ipv4.ip_forward | |
echo 1 > /proc/sys/net/ipv4/ip_forward | |
echo "Current IP forwarding state is:" | |
sysctl net.ipv4.ip_forward | |
echo "Enabling nat: " | |
iptables -A FORWARD -o eth0 -i eth1 -s 192.168.56.0/24 -m conntrack --ctstate NEW -j ACCEPT | |
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT | |
iptables -t nat -F POSTROUTING |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$users = Get-ChildItem "c:\users" | Select-Object name | |
$users | ForEach-Object { | |
$user = $($_.Name) | |
$iocfile = "C:\Users\$($_.Name)\AppData\Roaming\somemalwarefile.tmp" | |
if (Test-Path $iocfile){ | |
$filehash = get-filehash $iocfile | Select-Object -ExpandProperty hash | |
$searchresults = "File found!" | |
} | |
else { | |
$filehash = "No file to hash" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import hashlib,binascii | |
print binascii.hexlify(hashlib.new("md4", "Strong,hardtocrackpassword1".encode("utf-16le")).digest()) | |
# python -c 'import hashlib,binascii; print binascii.hexlify(hashlib.new("md4", "Strong,hardtocrackpassword1".encode("utf-16le")).digest())' | |
# From - https://labs.mwrinfosecurity.com/blog/pth-attacks-against-ntlm-authenticated-web-applications/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
joe@DESKTOP-OSSID31:~/recordedfuture/final$ cat intel.log | |
#separator \x09 | |
#set_separator , | |
#empty_field (empty) | |
#unset_field - | |
#path intel | |
#open 2018-07-15-14-37-37 | |
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p seen.indicator seen.indicator_type seen.where seen.node matched sources fuid file_mime_type file_desc | |
#types time string addr port addr port string enum enum string set[enum] set[string] string string string | |
1531663865.844578 CVrPZ72bEBI5x8A5bl 10.0.0.38 34154 5.79.71.225 9999 5.79.71.225 Intel::ADDR Conn::IN_RESP bro Intel::ADDR rec-future - - - |