This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# This software is Copyright (c) 2012-2013 Dhiru Kholia <dhiru at openwall.com> | |
# and is licensed under the same license as used by the OleFileIO_PL library, | |
# which is included below. | |
# olefile (formerly OleFileIO_PL) version 0.41 2014-11-25 | |
# | |
# Module to read/write Microsoft OLE2 files (also called Structured Storage or | |
# Microsoft Compound Document File Format), such as Microsoft Office 97-2003 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# https://blogs.msdn.microsoft.com/benjaminperkins/2017/04/03/dumping-modules-from-a-memory-dump-for-decompilation/ | |
.load C:\Program Files\dotnet\shared\Microsoft.NETCore.App\2.0.5\sos.dll | |
!for_each_module .if ($spat ("${@#ImageName}","*.exe")) { !SaveModule ${@#Base} D:\MemoryDumps\anything\exes\${@#ModuleName}.exe } .else { !SaveModule ${@#Base} D:\MemoryDumps\anything\dlls\${@#ModuleName}.dll } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# @Fumik0_ | |
# Lazy batch deobfuscator | |
# https://twitter.com/fumik0_/status/1043407064188506112 | |
import re | |
def show_me(value,alph): | |
command = '' | |
tokens = re.findall('\d+,\d+',value) | |
for i in tokens: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alias stats='sort | uniq -c| sort -n | sed "s/^\s+//g"' | |
alias histo='while read n d; do (printf "%s\t%$((n/3))s\n" "$d" = | tr ' ' '=' ); done' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function checkIPrange(){ | |
START_IP=$(sipcalc $1 | grep "Usable range" | cut -f3 | tr "-" "\t" | cut -f2) | |
END_IP=$(sipcalc $1 | grep "Usable range" | cut -f3 | tr "-" "\t" | cut -f3) | |
echo "[+] Start: " $START_IP | |
echo "[+] End: " $END_IP | |
sudo systemctl start tor | |
proxychains -q curl -s https://check.torproject.org/ | grep "Congratulations. This browser is configured to use Tor" >/dev/null | |
if [ $? -ne 0 ]; then | |
echo "No Tor!" | |
return 1; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# coding: UTF-8 | |
# Adobe Flash versions 28.0.0.137 and below remote code execution proof of concept exploit. | |
# https://packetstormsecurity.com/files/147041/Adobe-Flash-28.0.0.137-Remote-Code-Execution.html | |
import BaseHTTPServer | |
import sys | |
from SimpleHTTPServer import SimpleHTTPRequestHandler | |
print "@Syfi2k" | |
print "[+] https://cxsecurity.com/issue/WLB-2018040041 " |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Author: Matt Graeber, SpecterOps | |
ls C:\* -Recurse -Include '*.exe', '*.dll' -ErrorAction SilentlyContinue | % { | |
try { | |
$Assembly = [Reflection.Assembly]::ReflectionOnlyLoadFrom($_.FullName) | |
if ($Assembly.GetReferencedAssemblies().Name -contains 'System.Management.Automation') { | |
$_.FullName | |
} | |
} catch {} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
## Credits: https://github.com/4shadoww | |
mkdir dump-cache | |
rm dump-cache/*.dump | |
grep rw-p /proc/$1/maps | sed -n 's/^\([0-9a-f]*\)-\([0-9a-f]*\) .*$/\1 \2/p' | while read start stop; do gdb --batch --pid $1 -ex "dump memory dump-cache/$1-$start-$stop.dump 0x$start 0x$stop"; done | |
cat dump-cache/*.dump > $1-dump |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
syntax match nonascii "[^\x00-\x7F]" | |
highlight nonascii guibg=Red ctermbg=2 termbg=2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Coded by Matt Nelson (@enigma0x3) | |
<# | |
.SYNOPSIS | |
Standalone Powershell script that will generate a malicious Microsoft Office document with a specified payload and persistence method | |
.DESCRIPTION | |
This script will generate malicious Microsoft Excel Documents that contain VBA macros. This script will prompt you for your attacking IP | |
(the one you will receive your shell at), the port you want your shell at, and the name of the document. From there, the script will then | |
display a menu of different attacks, all with different persistence methods. Once an attack is chosen, it will then prompt you for your payload type | |
(Only HTTP and HTTPS are supported). |