Steve Borosh rvrsh3ll

## BigQuery_ETH.txt
#standardSQL
with double_entry_book as (
    -- debits
    select to_address as address, value as value
    from `bigquery-public-data.crypto_ethereum.traces`
    where to_address is not null
    and status = 1
    and (call_type not in ('delegatecall', 'callcode', 'staticcall') or call_type is null)
    union all
    -- credits

## BigQuery_BTC.txt
WITH double_entry_book AS (
    -- debits
    SELECT
     array_to_string(inputs.addresses, ",") as address
    , -inputs.value as value
    , block_timestamp
    FROM `bigquery-public-data.crypto_bitcoin.inputs` as inputs

    UNION ALL


## tmux.conf
#############################################
## DEFAULT GENERAL SETTINGS (tmux show -g) ##
#############################################

set-option -g activity-action other
set-option -g assume-paste-time 1
set-option -g base-index 0
set-option -g bell-action any
set-option -g default-command ""
set-option -g default-shell "/bin/bash"

## devicecodephish.ps1
function Parse-JWTtoken {

    [cmdletbinding()]
    param([Parameter(Mandatory=$true)][string]$token)

    if (!$token.Contains(".") -or !$token.StartsWith("eyJ")) { Write-Error "Invalid token" -ErrorAction Stop }

    $tokenheader = $token.Split(".")[0].Replace('-', '+').Replace('_', '/')

    while ($tokenheader.Length % 4) {

## brute_mysqlx.py
import mysqlx
import argparse

# pip3 install mysql-connector-python

def main(target,targetport,user,passwordfile,verbose):

    with open(passwordfile, "r") as f:
        passwords = f.readlines()
        for password in passwords:

## phish.ps1
function Parse-JWTtoken {

    [cmdletbinding()]
    param([Parameter(Mandatory=$true)][string]$token)

    if (!$token.Contains(".") -or !$token.StartsWith("eyJ")) { Write-Error "Invalid token" -ErrorAction Stop }

    $tokenheader = $token.Split(".")[0].Replace('-', '+').Replace('_', '/')

    while ($tokenheader.Length % 4) {

## binToUUIDs.py
from uuid import UUID
import os
import sys

# Usage: python3 binToUUIDs.py shellcode.bin [--print]

print("""
  ____  _    _______    _    _ _    _ _____ _____
 |  _ \(_)  |__   __|  | |  | | |  | |_   _|  __ \
 | |_) |_ _ __ | | ___ | |  | | |  | | | | | |  | |___

## Various-Macro-Based-RCEs.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              0 stars
            
          
                rvrsh3ll
                / Various-Macro-Based-RCEs.md
            
            
              Created
              December 27, 2020 17:28
                — forked from mgeeky/Various-Macro-Based-RCEs.md
            
              
                Various Visual Basic Macros-based Remote Code Execution techniques to get your meterpreter invoked on the infected machine.
              
          
    This is a note for myself describing various Visual Basic macros construction strategies that could be used for remote code execution via malicious Document vector.
Nothing new or fancy here, just a list of techniques, tools and scripts collected in one place for a quick glimpse of an eye before setting a payload.
All of the below examples had been generated for using as a remote address: 192.168.56.101.
List:

Page substiution macro for luring user to click Enable Content
The Unicorn Powershell based payload


## DInjectQueuerAPC.cs
using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;

namespace DinjectorWithQUserAPC
{


    public class Program

## APCInject.cpp
// dllmain.cpp : Defines the entry point for the DLL application.
#include "pch.h"
#include <Windows.h>
#include <TlHelp32.h>

int PpidInject()
{
	HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	PROCESSENTRY32 process = { 0 };
	process.dwSize = sizeof(process);
	#standardSQL
	with double_entry_book as (
	-- debits
	select to_address as address, value as value
	from `bigquery-public-data.crypto_ethereum.traces`
	where to_address is not null
	and status = 1
	and (call_type not in ('delegatecall', 'callcode', 'staticcall') or call_type is null)
	union all
	-- credits
	WITH double_entry_book AS (
	-- debits
	SELECT
	array_to_string(inputs.addresses, ",") as address
	, -inputs.value as value
	, block_timestamp
	FROM `bigquery-public-data.crypto_bitcoin.inputs` as inputs

	UNION ALL
	#############################################
	## DEFAULT GENERAL SETTINGS (tmux show -g) ##
	#############################################

	set-option -g activity-action other
	set-option -g assume-paste-time 1
	set-option -g base-index 0
	set-option -g bell-action any
	set-option -g default-command ""
	set-option -g default-shell "/bin/bash"
	function Parse-JWTtoken {

	[cmdletbinding()]
	param([Parameter(Mandatory=$true)][string]$token)

	if (!$token.Contains(".") -or !$token.StartsWith("eyJ")) { Write-Error "Invalid token" -ErrorAction Stop }

	$tokenheader = $token.Split(".")[0].Replace('-', '+').Replace('_', '/')

	while ($tokenheader.Length % 4) {
	import mysqlx
	import argparse

	# pip3 install mysql-connector-python

	def main(target,targetport,user,passwordfile,verbose):

	with open(passwordfile, "r") as f:
	passwords = f.readlines()
	for password in passwords:
	from uuid import UUID
	import os
	import sys

	# Usage: python3 binToUUIDs.py shellcode.bin [--print]

	print("""
	____ _ _______ _ _ _ _ _____ _____
	\| _ \(_) \|__ __\| \| \| \| \| \| \| \|_ _\| __ \
	\| \|_) \|_ _ __ \| \| ___ \| \| \| \| \| \| \| \| \| \| \| \| \|___
	using System;
	using System.Diagnostics;
	using System.IO;
	using System.Runtime.InteropServices;

	namespace DinjectorWithQUserAPC
	{


	public class Program
	// dllmain.cpp : Defines the entry point for the DLL application.
	#include "pch.h"
	#include <Windows.h>
	#include <TlHelp32.h>

	int PpidInject()
	{
	HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	PROCESSENTRY32 process = { 0 };
	process.dwSize = sizeof(process);