jpginc
jpginc
/ JPGInc WinScript
Last active
December 11, 2015 23:48
— forked from anonymous/JPGInc WinScript
Description here: http://www.autohotkey.com/board/topic/86883-master-script-launcher/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* This program was written by Joshua Graham joshua.graham@jpginc.com.au | |
| * www.jpiginc.com.au | |
| * Anyone may use any part of this code for any non-malicious purpose | |
| * with or without referencing me. There is No Warranty | |
| */ | |
| ;start main: | |
| if not A_IsAdmin | |
| { Run *RunAs "%A_ScriptFullPath%" ; Requires v1.0.92.01+ | |
| ExitApp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script LANGUAGE="VBScript"> | |
| Set cmd = CreateObject("WScript.Shell") | |
| cmd.run("ping 1.1.1.1") | |
| </script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <SCRIPT LANGUAGE="VBScript"> | |
| set a = CreateObject("WScript.Shell") | |
| visible = false | |
| a.run "mshta.exe ""file:///evil.hta""", visible | |
| window.close() | |
| </SCRIPT> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function checkPassword(mao) | |
| { | |
| var miau = [ | |
| new RegExp("^[a-z]+$"), | |
| new RegExp(".*o.*r.*a.*"), | |
| new RegExp(".*o.*e.*"), | |
| new RegExp(".*d.*e.*"), | |
| new RegExp(".*d.*r.*r.*"), | |
| new RegExp(".*a.*a.*$"), | |
| new RegExp(".*o.*n.*"), |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function checkPassword(mao) | |
| { | |
| var miau = [ | |
| ...SNIP... | |
| ]; | |
| if (mao.length != 10) | |
| { | |
| alert("Access denied!"); | |
| return; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| inc = 0 | |
| str = "adrgongera" | |
| setInterval(function() { | |
| checkPassword(string_nth_permutation(str, inc++)) | |
| }, 1) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Vis2> ; Equivalent to #include .\lib\Vis2.ahk | |
| loop, 10 | |
| { | |
| urlasdf := "http://70.37.63.30/Web/ThreeSeconds/image.php" | |
| WebRequest := ComObjCreate("WinHttp.WinHttpRequest.5.1") | |
| WebRequest.Open("GET", urlasdf) | |
| WebRequest.SetRequestHeader("Cookie", "PHPSESSID=g4p87ap7i1je6p807q9c5tlmgt; is_authorized=false") | |
| WebRequest.SetRequestHeader("Referer", "http://70.37.63.30/Web/ThreeSeconds/index.php") | |
| WebRequest.SetRequestHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| loop, Read, allDnsQuery.txt, interestingQueries.txt | |
| { | |
| IfInString, A_LoopReadLine, torrabot.enterprises, FileAppend, %A_LoopReadLine%`n | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| loop, Read, allDnsQuery.txt, decoded1.txt | |
| { | |
| FileAppend, % asciiHexToStr(A_LoopReadLine) "`n" | |
| } | |
| asciiHexToStr(str) | |
| { | |
| decoded := "", start := -1 | |
| while(start <= StrLen(str)) { | |
| decoded .= chr("0x" SubStr(str, (start := start + 2), 2)) | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| asciiHex := "" | |
| loop, Read, allDnsQuery.txt | |
| { | |
| IfInString, A_loopreadline, 34.205.75.67 | |
| continue ;there is an entry for the query and response, elminate one to remove duplicates | |
| query := StrSplit(A_LoopReadLine, " ")[2] ;get the query (remove the IP address) | |
| query := RegExReplace(query, "\.") ;remove the dot's as they aren't part of the ascii hex | |
| query := RegExReplace(query, "torrabotenterprises") ;not part of the ascii hex | |
| StringTrimLeft, query, query, 18 ; the first 18 characters appear to be nonsense | |
| if(query) ;if there is any data left |
OlderNewer