Miroslav Stampar stamparm

## disable_wsh.reg
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script Host\Settings]
"Enabled"="0"

## gist:5335273
$ python panoptic.py -u "http://192.168.21.128/lfi.php?file=default" -a -w

 .-',--.`-.
<_ | () | _>
  `-`=='-'

Panoptic v0.1-93e0cf0 (https://github.com/lightos/Panoptic/)

[i] Starting scan at: 11:46:21

## sinkhole_emails.txt
botsmustdie@gmail.com
jgou.veia@gmail.com
malicious-domains@shadowserver.org
the.malware.cabal@gmail.com
bdomaincontrol@gmail.com
malsinkhole@gmail.com
cyd-dns@ic.fbi.gov
s1nkh0l3@yahoo.com
info@fitsec.com
ctu-sinkhole@secureworks.com

## output.txt
$ python sqlmap.py -u "http://192.168.21.128/sqlmap/mysql/get_int.php?id=1" -z "ign,flu,bat" --banner -f

    sqlmap/1.0-dev-7614c81 - automatic SQL injection and database takeover tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 10:30:49

[10:30:49] [INFO] testing connection to the target url

## mac-vendor.txt
000000	Xerox
000001	Xerox
000002	Xerox
000003	Xerox
000004	Xerox
000005	Xerox
000006	Xerox
000007	Xerox
000008	Xerox
000009	Xerox

## drupalgeddon2.rules
alert http $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Drupalgeddon2 (CVE-2018-7600)"; flow: to_server,established; content:"POST"; http_method; content:"markup"; fast_pattern; content: "/user/register"; http_uri; pcre:"/(access_callback|pre_render|lazy_builder|post_render)/i"; classtype:web-application-attack; sid:9000110; rev:1;)

## 2017-5638.rules
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"WEB_SERVER Apache Struts Remote Code Execution (2017-5638)"; flow:established,to_server; content:"opensymphony"; fast_pattern:only; content:"Content-Type|3a 20|"; http_header; pcre:"/Content-Type: [ ]*[%$]{[^\r\n]*#\w+/Hi"; reference:cve,2017-5638; classtype:web-application-attack; sid:9000101; rev:2;)

## zeus.osc
// Generic Zeus malware unpacker (ResumeThread)
// by Miroslav Stampar (@stamparm)
// http://about.me/stamparm

VAR ResumeThread
VAR msg
VAR xname
VAR xloc
VAR xsize

## sha256sum.txt
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b  ./installed.ete
0439628816cabe113315751e7113a9e9f720d7e499ffdd78acbac1ed8ba35887  ./bins/coli-0.dll
52e88433f2106cc9a3a961cd8c3d0a8939d8de28f2ef3ee8ea648534a8b036a4  ./bins/tibe-1.dll
d3db1e56360b25e7f36abb822e03c18d23a19a9b5f198e16c16e06785fc8c5fa  ./bins/cnli-0.dll
13ce3731db5b926f980855e923e1c754c4a15a5cdad47b7ef27e6dd54cf5293d  ./bins/Eternalsynergy-1.0.1.0.xml
96edea8d08ab10eee86776cfb9e32b4701096d21c39dbffeb49bd638f09d726a  ./bins/trfo.dll
8a5cce25f1bf60e716709c724b96630b95e55cc0e488d74d60ea50ffba7d6946  ./bins/etebCore-2.x64.dll
5f30aa2fe338191b972705412b8043b0a134cdb287d754771fc225f2309e82ee  ./bins/libeay32.dll
47e16f7db53d9adf24d193ff4d523b1bc7ae59ff8520cfa012365bdb947c96f9  ./bins/posh.dll
36107f74be98f15a45ff716e37dad70f1ff9515bc72a0a1ec583b803c220aa92  ./bins/tucl.dll

## creds.txt
666666:666666
888888:888888
admin:1111
admin:1111111
admin:1234
admin:12345
admin:123456
admin1:password
admin:4321
admin:7ujMko0admin
	Windows Registry Editor Version 5.00

	[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script Host\Settings]
	"Enabled"="0"
	$ python panoptic.py -u "http://192.168.21.128/lfi.php?file=default" -a -w

	.-',--.`-.
	<_ \| () \| _>
	`-`=='-'

	Panoptic v0.1-93e0cf0 (https://github.com/lightos/Panoptic/)

	[i] Starting scan at: 11:46:21
	botsmustdie@gmail.com
	jgou.veia@gmail.com
	malicious-domains@shadowserver.org
	the.malware.cabal@gmail.com
	bdomaincontrol@gmail.com
	malsinkhole@gmail.com
	cyd-dns@ic.fbi.gov
	s1nkh0l3@yahoo.com
	info@fitsec.com
	ctu-sinkhole@secureworks.com
	$ python sqlmap.py -u "http://192.168.21.128/sqlmap/mysql/get_int.php?id=1" -z "ign,flu,bat" --banner -f

	sqlmap/1.0-dev-7614c81 - automatic SQL injection and database takeover tool
	http://sqlmap.org

	[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

	[*] starting at 10:30:49

	[10:30:49] [INFO] testing connection to the target url
	000000 Xerox
	000001 Xerox
	000002 Xerox
	000003 Xerox
	000004 Xerox
	000005 Xerox
	000006 Xerox
	000007 Xerox
	000008 Xerox
	000009 Xerox
	// Generic Zeus malware unpacker (ResumeThread)
	// by Miroslav Stampar (@stamparm)
	// http://about.me/stamparm

	VAR ResumeThread
	VAR msg
	VAR xname
	VAR xloc
	VAR xsize
	b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b ./installed.ete
	0439628816cabe113315751e7113a9e9f720d7e499ffdd78acbac1ed8ba35887 ./bins/coli-0.dll
	52e88433f2106cc9a3a961cd8c3d0a8939d8de28f2ef3ee8ea648534a8b036a4 ./bins/tibe-1.dll
	d3db1e56360b25e7f36abb822e03c18d23a19a9b5f198e16c16e06785fc8c5fa ./bins/cnli-0.dll
	13ce3731db5b926f980855e923e1c754c4a15a5cdad47b7ef27e6dd54cf5293d ./bins/Eternalsynergy-1.0.1.0.xml
	96edea8d08ab10eee86776cfb9e32b4701096d21c39dbffeb49bd638f09d726a ./bins/trfo.dll
	8a5cce25f1bf60e716709c724b96630b95e55cc0e488d74d60ea50ffba7d6946 ./bins/etebCore-2.x64.dll
	5f30aa2fe338191b972705412b8043b0a134cdb287d754771fc225f2309e82ee ./bins/libeay32.dll
	47e16f7db53d9adf24d193ff4d523b1bc7ae59ff8520cfa012365bdb947c96f9 ./bins/posh.dll
	36107f74be98f15a45ff716e37dad70f1ff9515bc72a0a1ec583b803c220aa92 ./bins/tucl.dll
	666666:666666
	888888:888888
	admin:1111
	admin:1111111
	admin:1234
	admin:12345
	admin:123456
	admin1:password
	admin:4321
	admin:7ujMko0admin