taco-shellcode
taco-shellcode
/ windows-host-packet-capture.ps1
Created
October 4, 2017 13:13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Accepts hostname or IP | |
| #Runs Powershell netsh with and the ethernet types / IP addresses | |
| #Stops the trace after X time | |
| #Waits for the command to save the file and exit | |
| #Copies file back to analyst machine | |
| #removes all trace of the packet capture file | |
| $IpAddress = (Get-NetIPAddress | Where-Object {($_.PrefixOrigin -eq "Dhcp") -and ($_.InterfaceAlias -eq "Local Area Connection")}).IpAddress |
taco-shellcode
/ natas16_sql_bruteforce.ps1
Last active
June 14, 2018 06:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #natas16:WaIHEacj63wnNIBROHeqi3p9t0m5nhmh | |
| #http://natas15.natas.labs.overthewire.org/index.php?&debug&username=natas16" AND password LIKE BINARY "WaIHEacj63wnNIBROHeqi3p9t0m5nhmh% | |
| Function BruteForce-Password() { | |
| $credentials = Get-AuthorizedCredentials | |
| $bruteForceArray = Create-CharacterArray | |
| $password = '' | |
| $continueCracking = $true | |
| while($continueCracking) { |
taco-shellcode
/ libDiffieHellmanStringEncryption.psm1
Last active
March 21, 2020 19:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #TODO - Set the hidden attribute for the stored files | |
| #TODO - Set ACL permissions for Linux / Windows for stored files | |
| # Used to pad the files that store the PublicKey and EncryptedPassword Alternate Data Streams | |
| $base64Goose = @" | |
| JyxhZFBQWWIsZDggICxhZFBQWWJhLCAgICxhZFBQWWJhLCAgLGFkUFBZYmEsICAsYWRQUFliYSwNCmE4IiAgICBgWTg4IGE4IiAgICAgIjhhIGE4IiAgICAgI | |
| jhhIEk4WyAgICAiIiBhOFBfX19fXzg4ICANCjhiICAgICAgIDg4IDhiICAgICAgIGQ4IDhiICAgICAgIGQ4ICBgIlk4YmEsICA4UFAiIiIiIiIiICANCiI4YS | |
| wgICAsZDg4ICI4YSwgICAsYTgiICI4YSwgICAsYTgiIGFhICAgIF04SSAiOGIsICAgLGFhICANCiBgIlliYmRQIlk4ICBgIlliYmRQIicgICBgIlliYmRQIic | |
| gIGAiWWJiZFAiJyAgYCJZYmJkOCInICANCiBhYSwgICAgLDg4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCiAgIlk4 | |
| YmJkUCIgICAgICAgICAgIA0KDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXy4uLi0tLg0KICAgI |
taco-shellcode
/ MS17010-Nmap.ps1
Last active
April 25, 2022 17:37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #https://nmap.org/nsedoc/scripts/smb-vuln-ms17-010.html | |
| https://gallery.technet.microsoft.com/scriptcenter/List-the-IP-addresses-in-a-60c5bb6b | |
| function Get-IPrange { | |
| <# | |
| .SYNOPSIS | |
| Get the IP addresses in a range | |
| .EXAMPLE | |
| Get-IPrange -start 192.168.8.2 -end 192.168.8.20 | |
| .EXAMPLE |
taco-shellcode
/ emotet-eonytxw.js
Last active
June 14, 2018 06:50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Some work I did to deobfuscate part some emotet malware I discovered. | |
| *DISCLAIMER - THIS IS ONLY FOR RESEARCH PURPOSES* | |
| */ | |
| var heuc = [49,48,116,105,108,108,99,111,109,46,109,111,110,116,103,111,109,101,114,121,116,101,99,104,46,99,111,109,59,113,97,116,116,114,111,46,97,98,99,119,100,48,46,115,101,101,100,46,102,97,115,116,115,101,99,117,114,101,115,101,114,118,101,114,115,46,99,111,109,59,115,111,117,114,99,101,46,107,98,97,102,46,109,121,122,101,110,46,99,111,46,117,107,59,97,99,115,46,108,101,103,97,99,121,99,111,110,116,114,97,99,116,111,114,115,105,110,99,46,99,111,109]; | |
| /* | |
| https://www.branah.com/ascii-converter |
taco-shellcode
/ libMhtml.ps1
Created
February 27, 2018 15:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-RegexMatch { | |
| param($string, $pattern) | |
| return [System.Text.RegularExpressions.Regex]::Match($string, $pattern) | |
| } | |
| function Invoke-RegexReplace { | |
| param($string, $pattern, $replacement = '') | |
| return [System.Text.RegularExpressions.Regex]::Replace($string, $pattern, $replacement) | |
| } |
taco-shellcode
/ libMailer.ps1
Created
February 27, 2018 15:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function New-EmailTemplate { | |
| param( | |
| [Parameter(Mandatory=$true)] | |
| [Alias('To')] | |
| [String] $toField, | |
| [Alias('Subject')] | |
| [String] $subjectField, | |
| [Parameter(Mandatory=$true)] |
taco-shellcode
/ libStringFormatter.ps1
Created
February 27, 2018 15:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Resolve-DatabindObject { | |
| param( | |
| [parameter(Mandatory=$True)] | |
| [string]$bindpath, | |
| [parameter(Mandatory=$True)] | |
| [object]$obj | |
| ) | |
| #get token from path | |
| if ($bindpath -match '^[^.]*') { |
taco-shellcode
/ MyLittlePwndChecker.psm1
Last active
November 6, 2019 19:44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Get-PwnedAccount { | |
| Param ( | |
| [Parameter(Mandatory=$true)] | |
| [ValidatePattern('(\w+@[]a-zA-Z_]+?\.[a-zA-Z]{2,6})')] | |
| [string]$EmailAddress, | |
| [Parameter(Mandatory=$false)] | |
| [Boolean]$IncludeUnverified | |
| ) |
taco-shellcode
/ Fomosa.dat - malware deobfuscation
Last active
August 6, 2021 05:42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' Dobot, Bacefore nehate rurido muka fodotoli, Mafadego rupuro dehonafa memu babimabe hadoruh kifon cemop nasof | |
| ' Pano, Nototal pepi fahe dari rotab gapepace gogoril. Cuho kakigoga lemes gonal, Dedap ruset cenipi fuda cocin putecid | |
| ' Ponibar gepepida, Henapi doku, Fola hohelaha faduboli kemisore merolo popehuco perodo lesad leh. | |
| ' Medekege tefo cinol rogesa hohudin kafog mono, Raf tup cuk hofe famacu hadire lon pedefem gop fabegeho. | |
| ' | |
| ' Gerotono hemek lagec peluhimu nugubob dune bod takimonu maberogo husecuto rafabod hecer bab fus laciponom. | |
| ' Lekopa denefod mus, Bohu cok lilu dulemom bep legaba dabac canonagi kecicom peca pugatek pihenag ped takegi | |
| ' Dag nam biga peno lagiha ledaso, Negor behehof cofege daduh leki fibifig sohom deka depatepiho | |
| ' Rem lad heceme rufoku kah rokahe, Tole same, Behopaf roru kic fun racomaso cora lopupife mimogu kic cinicefo cen kesu | |
| ' Fakepi cebupopo cefo bafog koserono kor dofekef rabes cococ fanarin tapato lagotad gek fefapamu. |
OlderNewer